Application Security
Apple Announces New Security Features
TheCISO -
Apple has announced the introduction of three new advanced security features focused on protecting against threats to user data in the cloud.
“At Apple, we...
Half of Twitter’s Workers Have Access to Its Code And User Confidential Data
TheCISO -
Twitter's former head of security accused the social media company and its executives of “extensive legal violations.”
Peiter Zatko, Twitter’s head of security who was...
Three New Web Application Security Risks Climb Up The OWASP Top 10
OWASP Top 10 is a standard awareness document which represent a consensus about the most critical security risks to web applications.
For the year 2021,...
How to Secure Your Microservices
Compared to monolithic applications, which house all code in a single system, microservices are small, autonomous units that address individual functions and work with...
Google Cloud Gets Virtual Machine Threat Detection to Help Detect Crypto Mining
Google announced the public preview of a tool which helps identify threats within virtual machines running on its Google Cloud infrastructure.
VMTD to Help Identify...
13 Known Exploited Vulnerabilities Added to CISA Catalog
CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed...
What are Dependency Confusion Attacks?
TheCISO -
A dependency confusion attack (or supply chain attack) occurs when a software installer script is tricked into pulling malicious code file from a public...
Huge Increase of WordPress Vulnerabilities in 2021
Riskbased Security researchers revealed a huge increase of WordPress vulnerabilities in 2021 in their latest research.
10,359 vulnerabilities were reported to affect third-party WordPress...
Patch Microsoft Critical Flaw Now
TheCISO -
Latest Microsoft security updates address a new critical flaw CVE-2022-21907 in the HTTP protocol stack which could potentially lead to remote code execution. Microsoft...
A 19 Year Old Hacker Received $4,500 Bug Bounty for an Easy-To-Exploit Vulnerability
TheCISO -
A high impact privacy bug was found in Facebook's Android application by a young bug bounty hunter. The 19 year old hacker received a...
A List of Tools to Help you Detect the Log4j Vulnerability
How can you detect the Log4j zero day vulnerability (known as Log4shell)? Here’s a list of FREE Log4j vulnerability scanner tools.
Amazon Inspector and AWS
The Amazon...
Massive Internet Scans and Log4j Exploit Attempts
TheCISO -
It is clear that the Log4j vulnerability is one of the most serious vulnerabilities in recent years. Many organizations have noticed a surge in...