U.S. government agencies are supposed to have patched the "Zerologon" vulnerability by now, about six weeks after Microsoft issued a patch. But CISA warns that too many agencies' systems remain unpatched.
The U.S. Commerce Department is banning the downloading and hosting of China-based social media apps TikTok and WeChat effective on Sunday, citing national security concerns. The announcement comes as Oracle continues to negotiate a deal for partnering on TikTok's U.S. operations.
Independent bug hunters who find flaws in products and services often struggle to hand off their vulnerability report to someone in a position to get it fixed, says longtime security researcher Daniel Cuthbert. He describes steps organizations must take to be able to receive - and act on - bug reports.
In the three years since Equifax suffered a massive data breach, the consumer credit reporting firm says it has worked tirelessly to overhaul the security shortcomings that allowed the breach to happen. Equifax CISO Jamil Farshchi and other security experts weigh in on important lessons learned.
Pike13, a tech company that delivers cloud-based client management software, gives gyms and yoga studios a simple interface to handle daily administrative tasks. The all-in-one platform enables fitness providers to manage staff and clients, including payroll, scheduling and communications.
Pike13 is one of the...
Organizations are increasingly turning to containers and Kubernetes to improve the efficiency and scalability of software development efforts. Containers introduce new security issues, highlighting the need for container specific security tools.
Download this whitepaper to learn why organizations must balance the...
Contact-tracing apps are continuing to take shape around the world as the COVID-19 pandemic continues. Using privacy-by-design principles is critical to building trust in these apps, says privacy expert Ann Cavoukian.
Gartner has recognized Splunk as a Visionary in the Magic Quadrant for Application Performance Monitoring (APM). We believe this first-time placement in the research reflects the market-leading APM capabilities from Splunk, the Data-to-Everything Platform, including Splunk Enterprise, and Splunk IT Service...
Based on a survey of cybersecurity and application-development professionals, this e-book examines the dynamics between development teams and cybersecurity teams regarding the deployment and management of application security solutions. Many industry verticals are represented, including manufacturing, financial...
An advertising software development kit called Mintegral that's embedded in 1,200 iOS apps misattributes ad clicks and logs potentially sensitive app data, security firm Snyk alleges. But Apple says there's no evidence the SDK is harming users.
Freepik Co. says an SQL injection attack led to the leak of 8.3 million email addresses and 3.7 million hashed passwords for users of its Freepik graphic resources app and Flaticon icon database platform.
To build a successful vulnerability disclosure program, avoid thinking of it as quick-fix "bug bounty Botox," and instead focus on building positive relationships with the security community, hiring top-notch talent and "building a sustainable ecosystem," says Luta Security's Katie Moussouris.
Never store hardcoded credentials in code uploaded to public-facing GitHub repositories, and make sure none of your business associates are doing that. Those are just two takeaways from a new report that describes how nine organizations were inadvertently exposing health records for at least 150,000 patients.
Applications support some of the most strategic business processes and access an organization's most sensitive data.
They also contain 92% of reported security vulnerabilities, not networks. Yet application security continues to receive less budget and attention than network security.
This means security-aware...
The IcedID banking Trojan has been updated with additional evasion techniques, including a password-protected attachment, keyword obfuscation and a DLL file that acts as a second-stage downloader, according to Juniper Threat Labs.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.in, you agree to our use of cookies.
