Category: Software Security

December 21, 2022

The Guardian reported on Wednesday that it suffered a “significant IT incident,” which is suspected to be a ransomware attack. The publication hasn’t revealed the details of the breach, but it appears to have mainly affected internal systems not visible […]

December 5, 2022

Facepalm: Like any other modern operating system, Android’s design employs a “privilege” based model. Such model is enforced by digital certificates, and it can become quite troublesome when the certificates are compromised somehow. An undefined number of Platform digital certificates […]

December 1, 2022

From the survey, we could see that nearly all companies have experienced API security incidents. However, only 11% of companies have an API security policy that includes dedicated API testing and protection. So, what kinds of protection should a company […]

November 16, 2022

TikTok could be a national security threat, as claimed by FBI Director Christopher Wray. He shared his concerns regarding the social media platform during the House Homeland Security Committee hearing on Tuesday, Nov. 15. The conference’s discussions focused on worldwide […]

November 15, 2022

According to the 2022 Global Threat Report from Elastic Security Labs (via 9to5Mac), just 6.2% of malware ends up on macOS devices compared to 54.4% on Windows. This is not especially surprising, given how much of an emphasis Apple puts […]

November 3, 2022

Introduced in OpenSSL 3.0 in September 2021 and affecting all successive versions up to and including OpenSSL 3.0.6, the two recently patched vulnerabilities are caused by buffer overruns in X.509 certificate verification. Both CVE-2022-3786 and CVE-2022-3602 describe two buffer overflow […]

October 27, 2022

Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It’s also what is used to lock down […]

October 21, 2022

We’ve made a point of shoring up security for infrastructure-as-a-service clouds since they are so complex and have so many moving parts. Unfortunately, the many software-as-a-service systems in use for more than 20 years now have fallen down the cloud […]

October 21, 2022

Have you ever put a DAST (Dynamic Application Security Testing) in your CI/CD pipeline, turned it on, and suddenly your pipeline processes jump from taking minutes to hours? Are you suddenly finding thousands of issues that are completely unreasonable for […]

October 6, 2022

Telegram founder Pavel Durov warned people to “stay away” from messaging freeware Whatsapp if they do not want their devices to be infiltrated by hackers. As per the Independent, Pavel Durov referenced a security flaw revealed by WhatsApp last week […]

October 3, 2022

Red Hat is the Linux distro security leader. And with its latest Red Hat Enterprise Linux (RHEL) beta releases, RHEL 8.7 and 9.1, the Linux powerhouse company is continuing to stake out its security claims. Red Hat is releasing both […]

September 29, 2022

Recent high-profile hacks at Rockstar Games and Uber might not stem from DevSecOps issues, but discussions of this aspect of security may be worth having now. One of the goals of applying a DevSecOps approach to software development is to […]

September 27, 2022

Google and Apple have removed hundreds of apps from their app stores at the request of governments around the world, creating regional disparities in access to mobile apps at a time when many economies are becoming increasingly dependent on them. […]

September 2, 2022

US security agency, the National Security Agency (NSA), has released new software supply chain guidance to help developers avoid cyberattacks targeting proprietary and open-source software. The new guidance is meant to help US private and public sector organizations defend themselves […]

August 25, 2022

Zero trust is a powerful security model that’s at the forefront of modern security practices. It’s also a term that is prone to buzz and hype, making it hard to cut through the noise. So what is zero trust, exactly, […]

August 17, 2022

Microsoft recently announced two security products: Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management. These new products are driven by their acquisition of RiskIQ just over one year ago. Microsoft acquired RiskIQ, a global threat intelligence and […]

August 5, 2022

Apple has removed an app that it was unknowingly hosting on the App Store that scammed Facebook advertisers and led hackers to use advertisers’ ad budgets to run possibly malicious ads on Facebook’s platforms, Business Insider reports. The app previously […]

July 25, 2022

Amid the Great Resignation, security professionals can be hard to come by. The labor shortage impacts organizations overall; it also has a unique effect on developers. This is because, when security and engineering aren’t in tune, organizations don’t operate efficiently. […]

July 5, 2022

There are some scary reports popping up that various major financial institutions no longer credit back all fraudulent transactions, even when victims file a police report. If true, it’s a disastrous move that will painfully hurt the institutions. “Under a […]

June 20, 2022

Windows 11 has a new privacy feature currently testing method that allows you to check which programs you have installed that have recently accessed sensitive hardware on your computers, such as your microphone and camera. Windows 11 New Privacy Feature […]