CISA and the FBI warn in a new alert that unidentified nation-state actors are scanning for three vulnerabilities in Fortinet's operating system, FortiOS, to potentially target government agencies and companies for cyberespionage.
New York state officials are warning insurance and financial firms that fraudsters continue to probe for security weaknesses in websites offering instant quotes, as a way to target consumers' data. Attackers are now using credential stuffing techniques and targeting unprotected data in transition.
Webinar will go live on Wednesday 5 May at 11 am AEDT.
With more and more companies moving to DevOps, that statistic is likely to grow due to the increased demand for more applications faster meaning more chance for error. The good news is that these application vulnerabilities are extremely preventable through...
A malvertising campaign that purports to offer Telegram's desktop app for Windows is persisting. A security researcher based in Switzerland, who nearly fell for the ruse, takes a deep dive into the campaign.
With millions of sports fans to cater to, DAZN
has secure applications high on its agenda. Security comes from the top (their
c-suite) and rolls down to their software developers who understand the value of
a secure application. Application Security Testing (AST) solutions are imperative to
DAZN, so they deliver...
In financial services, there is a stark difference between defending against authorized versus unauthorized fraud incidents. James Hunt of Bottomline Technologies discusses the schemes and how to respond with a more dynamic prevention strategy.
Gone are the days when an organization’s applications ran behind a firewall protected by a secure network perimeter. Today, web and mobile applications are the perimeter. But at many organizations, this change has not been supported by increased investment in application security. Instead, the emphasis remains on...
PerimeterX was named a leader in The Forrester New Wave™: Bot Management, Q1 2020. According to the report, PerimeterX “leads the pack with robust machine learning and attack response capabilities” and includes a customer quote stating that PerimeterX Bot Defender “was extremely easy to deploy in production...
When evaluating application security vendors, you have a great deal to consider. Understanding your goals will help.
If your goal is vendor consolidation then selecting those offering multiple security capabilities over single products may make more sense. If your goal is out-of-the-box functionality then...
Joker's Stash, the notorious underground marketplace that has specialized in the sale of stolen payment card data, is reportedly shutting down in February with its administrator claiming he will "retire" at that time, according to Gemini Advisory. Researchers say fraudsters will quickly move to other sites.
Why Start With Identity?
As more government organizations move their citizen services to mobile and cloud-based platforms, ensuring the validity of those benefits claims is more important than ever. Many are adopting an identity centric security model as a framework for prevention of risk and fraud.
A recently uncovered remote access Trojan, dubbed ElectroRAT, has been stealing cryptocurrency from digital wallets over the past year, according to researchers at Intezer Labs. The malware, written in Golang, can target Windows, Linux and macOS platforms.
Facebook's relaunch and rebrand of its Libra digital payment initiative as Diem is seen by some as a shadow of its former self. Financial services commentator Chris Skinner explains why state governments and AML concerns are to blame.
Identity management will be at the forefront of securing remote work in the coming year. Jason Bohrer, new leader of the Secure Technology Alliance and the U.S. Payments Forum, describes key initiatives as he steps into this role.
A recently uncovered payment card skimmer is targeting several large content management systems that support the online checkout pages of dozens of e-commerce sites, according to researchers with Sansec. The malware works by using a keylogger to harvest payment and personal data.