Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with accounts, on Cisco Smart Software Manager On-Prem devices. The Cisco Smart Software Manager…
Category: Software Security Archives – Software Curated
Cybersecurity strategies for protecting data against ransomware and other threats
Data volumes continue to expand at an exponential rate, with no sign of slowing down. For instance, IDC predicts that the amount of commercial data in storage will grow to 12.8 ZB by 2026. To watch 12.8 ZB worth of…
Biden administration bans Kaspersky software sales in US over national security concerns
Commerce Secretary Gina Raimondo didn’t mince words when explaining the rationale behind this step during a press briefing. “Russia has shown it has the capacity and the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal…
1Password unveils new sign-in experience and recovery codes feature
With Apple releasing its own Passwords app with iOS 18, 1Password wants to ensure it’s still the go-to option for everyone’s passwords, two-step verification codes, and other sensitive information stored with end-to-end cryptography. This is why the company is unveiling…
Bridging the gap between legacy tools and modern threats: Securing the cloud today
The cloud will become a cornerstone of enterprise operations as IDC estimates that by 2025, there will be over 750 million cloud-native applications globally. Additionally, over 90% of organizations anticipate employing a multi-cloud approach over the next few years. Considering…
Hackers exploited “Free VPN” to build massive fraud botnet, hit with US sanctions
The Treasury’s Office of Foreign Assets Control (OFAC) designated three individuals – Yunhe Wang, Jingping Liu, and Yanni Zheng – as the ringleaders of the 911 S5 botnet scheme. They also blacklisted three Thailand-based companies owned by Wang that were…
Delivering Software Securely: Techniques for Building a Resilient and Secure Code Pipeline
Data protection is a key component of cloud services, and code pipelines running on public clouds are no exception. Data protection is based on several basic principles designed to protect information from misuse, disclosure, alteration, and destruction. These principles are…
Apple updates its Platform Security Guide
It’s essential reading for IT admins, security researchers and anyone with an interest in Apple security, now updated for 2024. Apple’s head of security engineering and architecture, Ivan Krstić, this week announced the publication of what should be essential reading…
Microsoft Will Hold Executives Accountable for Cybersecurity
Microsoft will make organizational changes and hold senior leadership directly accountable for cybersecurity as part of an expanded initiative to bolster security across its products and services. Microsoft’s executive vice president of security, Charlie Bell, announced the plans in a…
Cisco Launches A New AI-Focused Security Solution
According to a corporate news release, the software, named HyperShield, employs artificial intelligence (AI) to safeguard apps, devices, and data across public and private data centres, clouds, and physical locations. HyperShield is the company’s second acquisition after purchasing cybersecurity startup…
Application Security Optimised for Engineering Productivity
Laura Bell Main, author of Agile Application Security and founder of SafeStack, recently presented a webinar titled Decoding Dev Culture 2024, in which she provided a “from the ground view” of security in 2024. Drawing from her experience, and a…
Apple Warns Users in 92 Countries About Mercenary Spyware Attacks
Apple on Wednesday sent threat notifications to users in 92 countries warning that they may have been targeted by mercenary spyware attacks, likely because of who they are or what they do. According to TechCrunch, Apple sent the alerts to…
Feds say Microsoft security ‘requires an overhaul’ — but will it listen?
Microsoft AI-Driven Security Tool Copilot for Security is Now GA
Microsoft recently announced the general availability of Copilot for Security, a generative Artificial Intelligence (AI) security product designed to help security and IT teams with the capabilities to protect their digital assets. Copilot for Security’s general availability introduces several new…
Microsoft reveals how much Windows 10 Extended Security Updates will cost
In an official blog post, Microsoft announced that organizations will have three options to extend update support for Windows 10: the traditional 5-by-5 activation, Windows 365 subscription-based activation, and cloud-based activation. The first option will be available for $61 per device…
Microsoft unveils safety and security tools for generative AI
Microsoft is adding safety and security tools to Azure AI Studio, the company’s cloud-based toolkit for building generative AI applications. The new tools include protection against prompt injection attacks, detection of hallucinations in model output, system messages to steer models…
Robust remote access security for the utilities sector advances with Zero Trust
Infrastructure, specifically the utilities sector, must adopt a Zero Trust approach as ongoing cyberattacks by remote actors become more and more prevalent—threatening to disrupt everyday life. Cyberattacks on utilities more than doubled from 2020 to 2022. It’s likely the case…
Google Cloud Launches Security Command Center Enterprise
Google Cloud has launched Security Command Center (SSC) Enterprise, a cloud risk management solution that offers proactive cloud security with enterprise security operations. The solution helps customers manage and mitigate risk across multi-cloud environments and is enhanced by Mandiant expertise.…
Best Practices for AI Training Data Protection
With the rise of AI, data protection challenges are evolving in parallel with the emerging technologies to both threaten and protect an enterprise’s data assets. When training AI, the massive quantities of data utilized for AI models pose new and…
Enterprise Security Gets Personal: Enter the Human Firewall
Security professionals frequently use the “weakest link in a chain” adage as the basis for their approach to safeguarding their networks, corporate data, and enterprise IT resources. And in many cases, the weakest link that concerns them the most is…
5 tips for securing your remote workspace
Read our top tips on how employees can play a key role securing the enterprise when working remotely. Hybrid and remote working have become a permanent feature for the majority of businesses, as shown by multiple studies. However, for IT…
Antivirus Software: A Comprehensive Guide
There are several parallels between real viruses and computer viruses. Antivirus software, which offers comprehensive protection throughout the year, is essential for keeping your data and PCs safe from viruses and other dangers. Antivirus software may check for and eliminate…
Cisco Places Bet on AI Cloud Security with Isovalent Purchase
Network equipment giant Cisco on Thursday announced its next big cloud play with a plan to purchase open-source cloud networking and security firm Isovalent to boost its secure networking capabilities across public clouds. Cisco says its acquisition, expected to close…
Avira security software is causing Windows PCs to freeze up, and there’s no fix in sight
Over the past few days, many users have been pouring onto social media platforms and online message boards, complaining that their PC is freezing up randomly if they are running Avira as their AV software of choice. One affected user…
Meta releases open-source tools for AI safety
Meta has introduced Purple Llama, a project dedicated to creating open-source tools for developers to evaluate and boost the trustworthiness and safety of generative AI models before they are used publicly. Meta emphasized the need for collaborative efforts in ensuring…
Hackers stole ancestry data of 6.9 million users, 23andMe finally confirmed
It has now been confirmed that an additional 6.9 million 23andMe users had ancestry data stolen after hackers accessed thousands of accounts by likely reusing previously leaked passwords. 23andMe previously disclosed in a Securities and Exchange Commission filing that 0.1…
6 security best practices for cloud-native applications
The emergence of cloud-native architectures has dramatically changed the ways applications are developed, deployed, and managed. While cloud-native architectures offer significant benefits in terms of scalability, elasticity, and flexibility, they also introduce unique security challenges. These challenges often diverge from…
eBPF Kubernetes Security Tool Tetragon Improves Performance and Stability
Isovalent has announced the 1.0 release of Cilium Tetragon, their eBPF-based Kubernetes security observability and runtime enforcement tool. Policies and filters can be applied directly via eBPF to monitor process execution, privilege escalations, and file and network activity. Tetragon can…
Scaling security: How to build security into the entire development pipeline
When an application is finally ready for deployment, the last thing the development team wants to hear is: “Stop! There’s a security issue.” And then, after months of painstaking work, their application launch is delayed even further. That’s why Discover®…
Android will now scan sideloaded apps for malware at install time
The Google Play Store might not be perfect for stopping Android malware, but its collection of scanning, app reviews, and developer requirements makes it a lot safer than the wider, unfiltered Internet. The world outside Google’s walled garden has no…
Chrome Supports Key Pinning on Android to Improve Security
Key pinning, a technique used to prevent an attacker from tricking a vulnerable certificate authority (CA) into issuing an apparently valid certificate for a server, is now used in Chrome for Android, version 106. This helps preventing man-in-the-middle attacks against…
What’s the state of Zero Trust security?
Zero Trust adoption is accelerating, with over half of organizations reporting they have adopted Zero Trust Security, according to research independently conducted by leading security research firm Ponemon Institute, sponsored by Hewlett Packard Enterprise. In the report, The 2023 Global…
From details to big picture: how to improve security effectiveness
Benjamin Franklin once wrote: “For the want of a nail, the shoe was lost; for the want of a shoe the horse was lost; and for the want of a horse the rider was lost, being overtaken and slain by…
Getting ahead of cyberattacks with a DevSecOps approach to web application security
Web applications are foundational to a company’s business and brand identity yet are highly vulnerable to digital attacks and cybercriminals. As such, it’s vital to have a robust and forward-leaning approach to web application security. With an estimated market size…
Hackers Threaten to Release Reddit Data Unless API Changes Are Rolled Back
A ransomware group that hacked into Reddit’s servers back in February is threatening to release stolen data if Reddit does not walk back its planned API changes, reports Bleeping Computer (via The Verge). At the time of the hack, no…
Need To Know Data Redaction Software
In today’s Finance world, the protection of sensitive information has become paramount. With data breaches and privacy concerns on the rise, individuals and organizations alike are seeking effective solutions to safeguard their confidential data. One such solution is data redaction…
A Security Culture: Top Priorities for CISOs and their Teams
Cybercrime is increasing in efficiency, efficacy, and scale. Although organizations are frantically trying to prevent attacks from reaching their environments, there’s also an understanding that breaches are inevitable. According to IBM’s 2022 Cost of a Data Breach report, 83% of…
Microsoft is finally making Edge a much more secure place to surf the web
Keeping safe online is about to get a lot easier for Edge users thanks to a major security update from Microsoft. The software giant has revealed it is working on an upgrade for its web browser that will bring “enhanced…
API security: key to interoperability or key to an organization?
Most applications built today leverage Application Programming Interfaces (APIs), code that makes it possible for digital devices, applications, and servers to communicate and share data. This code, or collection of communication protocols and subroutines, simplifies that communication, or data sharing.…
Cloud-based IT operations are on the rise
The people who maintain traditional data center systems have always objected to having IT assets managed by systems outside their firewalls. Years ago, when I predicted that this would happen, people would often laugh and not believe me. The signs…
Hackers publish MSI private keys, enabling signed malware
Security researchers have confirmed that private keys for MSI products and Intel Boot Guard are loose in the wild. Hackers could use the keys to sign malware under the guise of official MSI firmware. Intel Boot Guard is a critical…
Microsoft adopts Rust to boost Windows security and performance
Although Rust is still a relatively recent programming language, Microsoft has already embraced the technology as one of the most promising upgrades for Windows core programming. Redmond’s software engineers have been diligently rewriting crucial parts of the operating system in…
Infamous ransomware gang is now trying to target Mac users
It’s no secret that malware tends to be more of a significant issue for PC users than Mac users. And while Apple’s advertising materials might suggest otherwise, this isn’t due to the fact that Macs are impervious to malware and…
Spotify’s new Niche Mixes are tailor-made for me
One of the many reasons that Spotify has always been my music streaming app of choice is the strength of its personalized recommendations. I’m always on the hunt for new music, and having spent years contributing to the algorithm, Spotify…
Microsoft’s Security Copilot brings AI to security, and it’s making me nervous
Microsoft is bringing AI to security, and suddenly Skynet doesn’t seem so farfetched. In a blog post, the company announced Security Copilot, a new tool that is purpose-built for security professionals. Microsoft says that this is the “first security product…
Still using authenticators for MFA? Software for sale can hack you anyway
Microsoft on Tuesday profiled software for sale in online forums that makes it easy for criminals to deploy phishing campaigns that successfully compromise accounts, even when they’re protected by the most common form of multi-factor authentication. The phishing kit is…
Apple quietly fixed a serious iPhone security exploit in iOS 16.3.1
Last week, Apple released iOS 16.3.1 to all users. While this version brought several features and bug fixes, Twitter user Aaron discovered that Apple recently updated the security notes for this release as well as iOS 16.3. According to the…
GitHub Copilot update includes security vulnerability filtering
GitHub Copilot, the controversial tool that provides AI-assisted coding to developers, has been enhanced with algorithms to improve the quality and security of its coding suggestions. Enhancements unveiled February 14 include an update to the underlying OpenAI Codex AI model…
Successfully Integrating Dynamic Security Testing into Your CI/CD Pipeline
Have you ever put a DAST (Dynamic Application Security Testing) in your CI/CD pipeline, turned it on, and suddenly your pipeline processes jump from taking minutes to hours? Are you suddenly finding thousands of issues that are completely unreasonable for…
It’s time to prioritize SaaS security
We’ve made a point of shoring up security for infrastructure-as-a-service clouds since they are so complex and have so many moving parts. Unfortunately, the many software-as-a-service systems in use for more than 20 years now have fallen down the cloud…
Telegram Founder Alerts Public of WhatsApp Security Threats
Telegram founder Pavel Durov warned people to “stay away” from messaging freeware Whatsapp if they do not want their devices to be infiltrated by hackers. As per the Independent, Pavel Durov referenced a security flaw revealed by WhatsApp last week…
Telegram Founder Alerts Public of WhatsApp Security Threats
Telegram founder Pavel Durov warned people to “stay away” from messaging freeware Whatsapp if they do not want their devices to be infiltrated by hackers. As per the Independent, Pavel Durov referenced a security flaw revealed by WhatsApp last week…
Here come the new Red Hat Enterprise Linux distros
Red Hat is the Linux distro security leader. And with its latest Red Hat Enterprise Linux (RHEL) beta releases, RHEL 8.7 and 9.1, the Linux powerhouse company is continuing to stake out its security claims. Red Hat is releasing both…
Is It Time to Rethink DevSecOps After Major Security Breaches?
Recent high-profile hacks at Rockstar Games and Uber might not stem from DevSecOps issues, but discussions of this aspect of security may be worth having now. One of the goals of applying a DevSecOps approach to software development is to…
Is It Time to Rethink DevSecOps After Major Security Breaches?
Recent high-profile hacks at Rockstar Games and Uber might not stem from DevSecOps issues, but discussions of this aspect of security may be worth having now. One of the goals of applying a DevSecOps approach to software development is to…
Apps can pose bigger security, privacy threat based on where you download them
Google and Apple have removed hundreds of apps from their app stores at the request of governments around the world, creating regional disparities in access to mobile apps at a time when many economies are becoming increasingly dependent on them.…
Apps can pose bigger security, privacy threat based on where you download them
Google and Apple have removed hundreds of apps from their app stores at the request of governments around the world, creating regional disparities in access to mobile apps at a time when many economies are becoming increasingly dependent on them.…