Hot Topics

Application Security

Satya Nadella and President Xi Jinping

‘China’ Azure Breach: MUCH Worse Than Microsoft Said

| | Active Directory, Authentication, azure, Azure Active Directory, Azure AD, Entra ID, Exchange, Microsoft, Microsoft Azure, Microsoft Azure Active Directory, Microsoft Azure Security, OpenID, Outlook.com, SB Blogwatch, Storm-0558, Wiz
Storm-0558 Breaks: Satya and Pooh, sitting in a tree, K.I.S.S.I.N.G ...
Security Boulevard

2023 OWASP Top-10 Series: Introduction

| | owasp, OWASP Top 10
In early June 2023, OWASP released the final version of the OWASP API Security Top-10 list update. At that time we published a “hot take” on this final version and followed that ...
Wallarm
GitHub satellite cyberattack Strontium cyberwarfare counter-drone The Legality of Waging War in Cyberspace

GitHub Developers Targeted by North Korea’s Lazarus Group

| | Cybersecurity, GitHub, Lazarus Group, npm, supply chain
The Lazarus Group is behind a social engineering campaign that uses repository invitations and malicious npm packages to target developers on GitHub ...
Security Boulevard
Kevin Mitnick

R.I.P. Kevin Mitnick, 1963–2023

| | Kevin Mitnick, SB Blogwatch
Kevin is Free: Hackers’ hacker dies, aged 59 ...
Security Boulevard
Cyber Resilience Act: The Future of Software in the European Union

Cyber Resilience Act: The Future of Software in the European Union

| | EU Cyber Resilience Act, News and Views, open source, Open source governances, secure software supply chain
Representatives of member states of the European Union (EU) reached a common agreement yesterday regarding the proposed Cyber Resilience Act (CRA) ...
Sonatype Blog
API Skyhawk Security modeling threat CosmicStrand insider threats Threat Modeling - Secure Coding - Cybersecurity - Security

Why Generative AI is a Threat to API Security

| | API security, Application Security, AppSec, generative AI, web app security
Generative AI can be used to amplify cybercriminals' nefarious deeds against web applications, especially those that rely heavily on APIs ...
Security Boulevard
Biden Admin. Adds ‘Mercenary Spyware’ Firms to Ban List

Biden Admin. Adds ‘Mercenary Spyware’ Firms to Ban List

| | android spyware, Biden administration, Commerce Department, Cytrox, Department of Commerce, Entity List, eu, Europe, European Union, European Union (EU), Intellexa, iOS spyware, Malware Spyware, Predator spyware, SB Blogwatch, spyware
European cousins Intellexa and Cytrox essentially banned by Commerce Dept. — Predator/ALIEN not welcome in U.S ...
Security Boulevard
Safe programming languages: A solid first step

Safe programming languages: A solid first step

| | Application Security, Dev & DevSecOps
...
ReversingLabs Blog
ChatGPT Spyderbat Lacework Zerologon Malware Complacency

ChatGPT Provides Limited Help Identifying Malware

| | Artificial Intelligence, ChatGPT, Endor Labs, Malware, software supply chain
Current LLM-based tech like ChatGPT can accurately classify malware risk in only 5% of cases—and they may never be able to recognize novel approaches used to create malware ...
Security Boulevard

Open Source Security Incidents and How Organizations Can Respond

| | open source, open source risk, Open Source Security, open source vulnerabilities, Uncategorized
Attacks that leverage vulnerabilities in open source software are on the rise. How security teams respond to these incidents is key to what impact they will ultimately have. Oftentimes the attacks stemming ...
Rezilion
Load more