In a credential stuffing attack, this Fortune 50 company saw bots use millions of username and password combinations in an attempt to hijack the accounts of real customers. These attacks brought with them the potential for sales losses, brand damage, and being out of compliance. The limited deployment options and high...
Despite a Thursday deadline that would have forced China-based ByteDance to shut down its TikTok video-sharing app in the U.S., the Commerce Department will allow the company to continue its American operations for now as various court cases continue.
The purpose of the Application Security in the DevOps Environment study, sponsored by HCL Software, was to better understand the state of organizations' ability to quickly prioritize and repair vulnerabilities in their applications.
Download the results drawn from 626 IT security, quality assurance and development...
Apple issued an update for iOS and iPadOS on Thursday that fixes three zero-day flaws found by Google's Project Zero bug-hunting team and a range of other security-related flaws. Google says the bugs are being exploited by attackers but haven't been used in election-related cyber activity.
When software is everywhere, everything becomes an attack surface. The root cause of many successful cyberattacks lies primarily in vulnerable software itself. The real question that needs to be asked is, "Can the industry do a better job of writing more-secure code, making software applications nearly impenetrable to...
A recently identified hacking group dubbed UNC1945 used a never-before-seen zero-day vulnerability in the Oracle Solaris operating system to target corporate networks and plant malware, according to FireEye Mandiant. This threat actor is known to focus on telecom, financial and consulting firm targets.
The FBI has issued a flash alert warning that unidentified threat actors are actively targeting vulnerable SonarQube instances to access source code repositories of U.S. government agencies and private businesses.
CISA and Oracle are urging users to apply an emergency patch for a vulnerability in the software giant's WebLogic Server product. This "severe" bug is already under active exploitation and could allow an attacker to run malicious code, security experts say.
As our workforce becomes increasingly disparate and fluid, privileged access is emerging as a key cyber security concern for many organisations.
Gartner cited privileged access management as the number one project for CISOs for the past two years. But, according to Thycotic research, 66% of CISOs struggle to get...
Security has never been easy. In today's dynamic environment of users, applications, endpoints and networks, security solutions have become more complex and siloed.
And while investments in security increase, vulnerabilities and breaches continue to grow exponentially.
Download whitepaper to learn more.
Banking institutions are seeing a significant spike in multi-channel financial crimes. But Duncan Ash and Julio Gomez of Splunk say data and analytics can be key differentiators in the effort to protect sensitive financial data.
A majority of mobile finance apps lack the security controls and code hardening necessary to prevent applications from being compromised, according to recent analyst research. And relying on legacy methods - like network or perimeter protection that is incapable of detecting these kinds of attacks - can have dire...
2019 saw the biggest attack ever recorded but, overall, attacks were
smaller, shorter, and more persistent.
For some time now, carrying out a DDoS attack has no longer required any technical skills.
With a myriad of "stressing" or DDoS-for-Hire services available to carry out both network
and application layer...
CISA is warning that sophisticated hacking groups are chaining together vulnerabilities, such as the recent Zerologon bug and other flaws, to target state and local government networks. In some cases, attackers gained access to election support systems.