The fundamentals of protecting against application-based malware attacks are no different from infrastructure-based attacks, and it is all about having threat intelligence, context and the capability to really understand these applications, said Mariano Nunez, co-founder and CEO at Onapsis.
Organizations are faced with the security challenges presented by the combination of custom and open-source code. Sandeep Johri, CEO of Checkmarx, suggests treating all open-source code as an unknown source and conducting security checks using software composition analysis to identify vulnerabilities.
The U.S. national cybersecurity strategy released by the Biden Administration is part of a larger effort to draw attention to the pervasive issue of cybersecurity liability on the part of vendors. The strategy also calls for ramping up the adoption of software bill of materials, or SBOMs.
APIs are delivering huge business value, but people don’t know how many APIs they have in their organization, what they do or who controls them. And that causes massive security vulnerabilities, according to CyberEdBoard panelists Chase Cunningham and Richard Bird.
A startup cybersecurity strategy should be akin to a Russian doll: It should be built to preserve core elements of business. In most cases, this is a product offering, which needs to be secure, said Venkat Ranga, vice president of business information systems and head of IT at Aryaka Networks.
Cybersecurity professionals are stressed out, overworked, underpaid and working on short-staffed teams, said Candy Alexander, president of the ISSA International Board. She advised organizations to look for the right indicators of a good cybersecurity culture.
As you undergo changes in your environment, including expanding to the cloud even more, your attack surface gets wider. And you still need to know what’s happening – everywhere, all the time.
Whether you’re new to the cloud or deep into your migration, the cloud is, well, cloudy. The fact is, keeping up with...
With cloud adoption accelerating and the emergence of permanent hybrid workforces, traditional network security constructs are pushed to their breaking point. As remote work has become the new normal, users, applications and data are now everywhere, challenging traditional notions of security and performance. CISOs...
How do we manage the risk of global supply chain attacks? Will a shift in cybersecurity liability to software providers help improve the problems of software vulnerabilities? Adam Isles, principal of The Chertoff Group, said mandating software bill of materials measures has its own challenges.
Application security and delivery vendor F5 will shrink its workforce by 9% due to customers delaying purchasing decisions amid macroeconomic uncertainty. The Seattle-based firm will lay off 623 of its 7,100 employees as part of a cost-cutting effort that includes reducing F5's facilities footprint.
Akamai Technologies has agreed to purchase a finalist in last year's RSA Conference Innovation Sandbox Contest to get more visibility into the API threat landscape. Silicon Valley-based Neosec will help customers discover all their APIs, assess their risk and respond to vulnerabilities and attacks.
Snyk has executed its third round of layoffs since June 2022, axing 128 workers amid projections of challenging market conditions persisting into early 2024. The Boston-based application security vendor revealed Thursday plans to reduce its more than 1,200-person staff by an estimated 11%.
Microsoft has issued fixes for 114 vulnerabilities, including patching a zero-day flaw being actively exploited by a ransomware group and updating guidance to block a vulnerability from 2013 that was recently exploited for the software supply chain attack on 3CX users, attributed to North Korea.
Days after Google suspended the popular budget e-commerce application Pinduoduo from its Play Store, researchers are alleging that the Chinese app can bypass phones' security and monitor activities of other apps, including accessing private messages and changing settings.
Recent high-profile breaches resulting from API attacks are "just the tip of the iceberg," said Gartner analyst Dionisio Zumerle. "What we have is a new way of exchanging information which is increasingly popular, and almost no organization has the recipe to secure that new way of communicating."