The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates…
World IP Day 2023: Defending Against the On-Going Threat to Intellectual Property
World IP Day 2023: Defending Against the On-Going Threat to Intellectual Property madhav Wed, 04/26/2023 – 05:48 World Intellectual Property Day, celebrated each year on April 26th, is a day to recognize and raise awareness of intellectual property (IP) rights…
New SLP Vulnerability Could Enable Massive DDoS Attacks
Bug has potential to facilitate 2200x amplification attacks This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: New SLP Vulnerability Could Enable Massive DDoS Attacks
New Type of Side-Channel Attack Impacts Intel CPUs and Allows Data Leakage
Researchers discovered a new kind of side-channel attack that affects several versions of Intel CPUs and enables data exfiltration. Attackers could leak the data through the EFLAGS register. The discovery was made by researchers at Tsinghua University, the University of…
What is a WAF? (Web Application Firewall)
This piece was originally published on Fortra’s AlertLogic.com Blog. A Comprehensive Guide to Understanding WAFs: How it Works, Types, and Security Models Web applications drive digital transformation, remote work, employee productivity, and consumer interactions. The ability to connect to critical…
Explaining the PCI DSS Evolution & Transition Phase
The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business…
Quad Countries Prepare For Info Sharing on Critical Infrastructure
US, Australia, India and Japan deepen cyber ties This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Quad Countries Prepare For Info Sharing on Critical Infrastructure
Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline
Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline, the critical infrastructure sector is on alert. A Canadian gas pipeline suffered a cyber security incident, Canada’s top cyber official and Pro-Russia hacking group Zarya claimed the…
The good, the bad and the generative AI
ChatGPT is just the beginning: CISOs need to prepare for the next wave of AI-powered attacks Sponsored Feature Change in the tech industry is usually evolutionary, but perhaps more interesting are the exceptions to this rule – the microprocessor in…
Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals. This article has been…
UK Cyber Pros Burnt Out and Overwhelmed
Alert fatigue is a major issue, says Expel This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: UK Cyber Pros Burnt Out and Overwhelmed
Why performing security testing on your products and systems is a good idea
VMware Releases Critical Patches for Workstation and Fusion Software
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as…
Quad nations unite to fight Cyber Attacks on Critical Public Infrastructure
The Quad nations comprising India, Japan, Australia, and the United States will reach an agreement on how to create a collective approach to blocking cyber attacks on critical public infrastructure, such as the power and communication sectors. The Quad countries…
Is the fear of AI being overblown
Artificial intelligence (AI) is a buzzword that has gained significant traction over the past decade. Many experts predict that AI will transform industries and change the way we live and work. However, there is also a growing fear that AI…
Overcoming industry obstacles for decentralized digital identities
In this Help Net Security interview, Eve Maler, CTO at ForgeRock, talks about how digital identities continue to play a critical role in how we access online services securely. Maler also highlights the challenges encountered by various industries in implementing…
Google Authenticator Major Update Brings Cloud Backup Feature
Google Authenticator was launched in 2010, which provides additional security for various applications by providing authentication codes for every sign-in. This prevents attackers from account takeover on any application linked with Google Authenticator. Google has launched various authentication mechanisms like…
New coercive tactics used to extort ransomware payments
The increase in reported ransomware victims across Q1 2023 reflects the continued prevalence of ransomware as a worldwide, industry agnostic threat, according to GuidePoint Security. The report is based on data obtained from publicly available resources, including threat groups themselves,…
Are you ready for PCI DSS 4.0?
In just under a year’s time, organizations will have had to comply with several new requirements under version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS). About PCI DSS PCI DSS comprises 12 requirements to protect payment…
CISOs: unsupported, unheard, and invisible
A study conducted among CISOs worldwide from various industries sheds light on their strategies amid a challenging threat environment, identifies obstacles from business functions, and highlights their requirements for achieving success. “Our research shows CISOs are motivated by a mission…
Guidance on network and data flow diagrams for PCI DSS compliance
This is the third blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when…
Halo Security detects exposed secrets and API keys in JavaScript
Web properties are increasingly relying on third-party JavaScript to increase functionality, but this can also bring inherent risks. A report from Source Defense, which scanned the 4,300 highest-trafficked websites globally, found an average of four third-party scripts per page. Often,…
Immuta releases new data security features to help users accelerate remediation efforts
Immuta announced new vulnerability risk assessment and dynamic query classification capabilities for the Immuta Data Security Platform. These new features enable customers to promptly identify and prioritize security gaps, protecting sensitive data based on the context and sensitivity levels. When…
Seclore puts risk into focus with new data classification and risk insights capabilities
Seclore has released new Digital Asset Classification and Risk Insights capabilities delivering security risk visibility and insights for the most sensitive digital assets within the enterprise, such as intellectual property, and customer and employee personally identifiable information. “In today’s digital…
Akamai Prolexic Network Cloud Firewall defends organizations against DDoS attacks
Akamai launched Prolexic Network Cloud Firewall, allowing customers to define and manage their own access control lists (ACLs) while enabling greater flexibility to secure their own network edge. Prolexic is Akamai’s cloud-based DDoS protection platform that stops attacks before they…
Corporate boards pressure CISOs to step up risk mitigation efforts
While those working in InfoSec and GRC have high levels of confidence in their cyber/IT risk management systems, persistent problems may be making them less effective than perceived, according to RiskOptics. The top challenges when implementing an effective cyber/IT risk…
US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt
Iranian hackers broke into to a system used by a local government to support its election night operations but were kicked out before any attack could be launched, according to U.S. military and cybersecurity officials. The post US Cyberwarriors Thwarted…