Hackers hit the e-commerce industry with 14 billion attacks in 15 months, pushing it to the top of the list of targets for web application and API exploits. A new Akamai report blames digitalization and the wide range of vulnerabilities hackers can exploit in web applications.
With the federal government's software bill of materials regulations looming, many organizations are not ready to respond, warned CISO Sean Atkinson of the Center for Internet Security. He provided tips for ensuring transparency in the software supply chain and preparing for SBOM regulations.
Snyk plans to purchase an Israeli startup founded by members of Wix's application security team and backed by CyberArk to help organizations govern developer security. The developer security vendor said its proposed buy of Enso Security will give clients a view of their application security posture.
Manual API discovery is impossible due to the sheer number of APIs available, their constant changes, poor documentation, different formats and protocols, and different authentication and security requirements. Given these challenges, the solution is to use automated API discovery tools.
Cisco took its first major step toward realizing its secure cloud vision in April with the debut of a new extended detection and response platform. The next set of enhancements around generative AI, secure access and defending applications across multiple clouds debuted Tuesday at Cisco Live 2023.
Change management is a critical part of a robust API management program, said Shaam Farooq, vice president of technology at Atlas Energy Solutions and a CyberEdBoard member. Team members must review and approve changes as they happen and communicates those changes across IT and OT security teams.
Attackers adapted their email-based techniques throughout 2022, cycling through tactics in the hopes of evading human and cybersecurity measures. The 2023 OpenText Cybersecurity Threat Report confirms that building a multilayered approach to defense is core to cybersecurity and cyber resilience.
Synopsys stands head and shoulders above the competition in Gartner's application security testing rankings, with Snyk rising and HCL Software falling from the leaders category. Longtime app security players Veracode, Checkmarx and OpenText joined Synopsys and Snyk atop the Gartner Magic Quadrant.
A new OAuth-related vulnerability in an open-source application development framework could expose Facebook, Google, Apple and Twitter users to account takeover, personal data leakage, identity theft, financial fraud and unauthorized actions on other online platforms, security researchers said.
Researchers have identified two legitimate-looking malicious npm packages that concealed an open-source info stealer for two months before being detected and removed. Developers downloaded the TurkoRat malware about 1,200 times from open-source repositories.
The "shift left" movement puts "unrealistic" expectations on developers, said Gayatri Prakash, vice president and general manager of compliance at CloudBees. She said installing new tools to manage various parts of the SDLC is not necessarily "going to solve our problem for security."
Akamai will shrink its workforce by 3% as its shifts resources from its shrinking content delivery business to growth areas in cloud computing and security. The company will shrink its 9,960-person staff by 299 positions as it looks to sustain its profitability levels despite economic headwinds.
Researchers found Android malware masquerading as a legitimate application available and downloaded over 620,000 times from the Google Play store. The apps have been active since 2022, posing as legitimate photo-editing apps, camera editors and smartphone wallpaper packs.
The trend of bring your own device has boosted global businesses, but as new smartphones, tablets and portable storage devices emerge, the challenge of securing these devices intensifies. With organizations increasingly adopting BYOD, the question remains: How can we secure these devices?
A key problem in organizations is that security and development are treated as two disparate processes instead of part of the same system. Executives deal with security issues after the fact and don't make it part of the development pipeline, said Nick Durkin, field CTO at Harness.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.