The desire for digital acceleration has compelled organizations to deliver faster and better application experiences. In the process, they have realized that this transformation is extremely fluid and complex because applications can reside anywhere—from data centers to hybrid and multi-clouds to edge compute....
The desire for digital acceleration has led organizations to drive toward delivering faster and better applications experiences and to bring applications and data closer to users and devices. Many organizations have come to realize that application journeys are much more fluid in that applications can live anywhere...
The Securities and Exchange Commission accused SolarWinds CFO Bart Kalsu and CISO Tim Brown of violating securities laws in their response to the 2020 cyberattack. Kalsu and Brown are among "certain current and former executive officers and employees" targeted by the SEC for alleged violations.
Millions of GitHub repositories are vulnerable to a repository renaming flaw that could enable supply chain attacks, a new report by security firm Aqua said. It found 36,983 GitHub repositories vulnerable to repo jacking attacks, including Google and Lyft.
Innovations in generative AI have accelerated, with applications across large language models, image and video generation, and audio/voice. Organizations want to know how these developments change the cyber threat landscape. In this discussion, we will talk about the risks generative AI poses and how to prepare for...
A surging Sonatype and Snyk joined stalwart Synopsys atop Forrester's software composition analysis rankings, while Mend.io tumbled from the leaders category. SCA historically didn't get as much attention as application security testing but that’s changing, said Forrester's Janet Worthington.
Hackers hit the e-commerce industry with 14 billion attacks in 15 months, pushing it to the top of the list of targets for web application and API exploits. A new Akamai report blames digitalization and the wide range of vulnerabilities hackers can exploit in web applications.
With the federal government's software bill of materials regulations looming, many organizations are not ready to respond, warned CISO Sean Atkinson of the Center for Internet Security. He provided tips for ensuring transparency in the software supply chain and preparing for SBOM regulations.
Snyk plans to purchase an Israeli startup founded by members of Wix's application security team and backed by CyberArk to help organizations govern developer security. The developer security vendor said its proposed buy of Enso Security will give clients a view of their application security posture.
Cisco took its first major step toward realizing its secure cloud vision in April with the debut of a new extended detection and response platform. The next set of enhancements around generative AI, secure access and defending applications across multiple clouds debuted Tuesday at Cisco Live 2023.
As the world of customer-business interaction continues to shift toward mobile apps, the challenge of keeping these apps secure is becoming more and more critical. With cyberthreats lurking around every corner, businesses that rely on mobile apps need to ask themselves a fundamental question: What's the best way to...
Change management is a critical part of a robust API management program, said Shaam Farooq, vice president of technology at Atlas Energy Solutions and a CyberEdBoard member. Team members must review and approve changes as they happen and communicates those changes across IT and OT security teams.
Synopsys stands head and shoulders above the competition in Gartner's application security testing rankings, with Snyk rising and HCL Software falling from the leaders category. Longtime app security players Veracode, Checkmarx and OpenText joined Synopsys and Snyk atop the Gartner Magic Quadrant.
A new OAuth-related vulnerability in an open-source application development framework could expose Facebook, Google, Apple and Twitter users to account takeover, personal data leakage, identity theft, financial fraud and unauthorized actions on other online platforms, security researchers said.
Researchers have identified two legitimate-looking malicious npm packages that concealed an open-source info stealer for two months before being detected and removed. Developers downloaded the TurkoRat malware about 1,200 times from open-source repositories.