Greater diplomacy and faster vulnerability identification and remediation, backed by more bug bounty programs, are needed to combat the ongoing rise of advanced surveillance tools now being offered by at least 40 commercial spyware vendors, said Google's Threat Analysis Group.
Mobile apps are an indispensable part of digital business, but organizations often underestimate the security threats they pose. AppSealing Managing Director Govindraj Basatwar shared best practices for effective app shielding and factors to consider when selecting a mobile app security vendor.
Compromised mobile apps can be an open door to critical
enterprise app servers and other back-end systems,
and this survey aims to shine a light on a potential hole in
most enterprise security walls – exposing potential gaps in
Compromised mobile apps can be an open door to critical enterprise app servers and other back-end systems, and this survey aims to shine a light on a potential hole in most enterprise security walls – exposing potential gaps in CISO awareness.
In Q2 & Q3 2023, ISMG surveyed over 100 senior cybersecurity...
Application journeys are fluid in practice because applications can live anywhere. Complex deployments with too many tools to configure and manage and overwhelmed IT teams lead to mistakes, so organizations should take a cybersecurity mesh platform approach to securing their application journeys.
Attackers are increasingly using carefully crafted business logic exploits in which attackers effectively social engineer an API to do something it wasn’t intended to do, according to Stephanie Best, director of product marketing for API security at Salt Security.
Traditional licensing models that lock organizations into fixed solutions or time periods are no longer ideal. Organizations need to consider usage-based licensing approaches that offer flexibility to deploy whatever solutions are required, wherever they are needed, for whatever length of time.
Offensive security is transitioning from traditional penetration testing to a more continuous, technology-led approach, says Aaron Shilts, president and CEO at NetSPI. The security posture of organizations is constantly changing, making a point-in-time pen test less effective.
Essential reading for network defenders: CircleCI's report into its recent breach, which began when malware infected an engineer's laptop. After stealing "a valid, 2FA-backed" single sign-on session cookie, attackers stole customers' secrets and gained unauthorized access to third-party systems.
Hack The Box has completed a Series B funding round to add more cloud security and a gamification approach to its cybersecurity training platform. The Kent, England-based startup was founded in 2017 to provide pen testers and red teamers with a way to test their offensive security skills.
Managed security services player Cerberus Sentinel plans to capitalize on cloud migration and strict privacy regulations in South America through its proposed purchase of RAN Security. The deal will bolster Cerberus Sentinel's penetration testing, gap analysis and infrastructure management services.
Rising offensive security star NetSPI has bought boutique penetration testing firm nVisium to help customers assess their cloud defenses. NetSPI says nVisium's deep understanding of specific cloud platforms will come in handy since Azure penetration testing differs from AWS pen testing.
APIs increasingly drive everything from web and mobile application development to IoT devices since they streamline communication among disparate systems, says Synack CEO Jay Kaplan. But testing the efficacy and security of APIs remains challenging given the size of API endpoints.
Staying one step ahead of both threat actors and competitors is a tall task for Palo Alto Networks given the breadth of its cybersecurity portfolio. Palo Alto Networks has committed to having best of breed features and functionality in each of the technology categories where it chooses to play.