Creepy data collection and sharing remain common on popular apps
In a recent Mozilla review of the privacy features of 21 popular video call apps, only two were singled out for outstanding features (Signal and Threema). Meanwhile, three …
application security
Organizations struggling to develop cloud applications that meet security requirements
According to a Security Compass research, in mid-sized to large enterprises, 50% of the software applications being developed are cloud based, and another 30% are expected to …
Checking for misconfigurations isn’t enough
Misconfiguration errors are often the main focus of security for cloud-native applications, and for good reason. Earlier this year, Hobby Lobby accidentally exposed 136 GB of …
40% of SaaS assets are unmanaged, putting companies at risk for data leaks
DoControl announced a report which provides data-driven insights into the growing number of external and insider threats due to vast amounts of unmanageable data in today’s …
Houdini malware returns, enterprise risk assessment compromised by Amazon Sidewalk
Cato Networks announced the results of its analysis of 263 billion enterprise network flows between April and June 2021. Researchers showed a novel use of Houdini malware to …
How to harden Kubernetes systems and minimize risk
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a report which details threats to Kubernetes environments and …
Increasing speed of vulnerability scans ultimately increases security fixes overall
Next-generation static application security testing (SAST) and intelligent software composition analysis (SCA) can increase the speed of vulnerability scans and narrow their …
The destructive power of supply chain attacks and how to secure your code
In this Help Net Security podcast, Tomislav Peričin, Chief Software Architect at ReversingLabs, explains the latest and most destructive supply chain attacks, their techniques …
What is DataSecOps and why it matters
In this Help Net Security podcast, Ben Herzberg, Chief Scientist at Satori, explains what DataSecOps is, and illustrates its significance. Here’s a transcript of the podcast …
SAP applications more vulnerable than users might think
Many application owners are unaware of how vulnerable their SAP applications may be, significantly increasing the risks to their core enterprise systems. This is the overall …
Consumers neglecting mobile security despite growing number of threats
Over the past year, consumers have adapted to many changes, including the rapid shift towards a digital-first lifestyle. This has led to an emphasis on consumers dependence on …
Most third-party libraries are never updated after being included in a codebase
79% percent of the time, third-party libraries are never updated by developers after being included in a codebase – despite the fact that more than two thirds of fixes …
