Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

WannaCry Ransomware Attack Is a Symptom of a Much Bigger Problem

WannaCry Ransomware

In the wake of one of the largest-ever cyberattacks – the fast-spreading WannaCry ransomware, which hit over 300,000 computers in 150 countries – it’s important to look at what went wrong and how to prevent it from happening again. Yet as we look for lessons from this devastating attack, it would be a mistake to see WannaCry as just a really destructive form of ransomware – it is a sign of latent... READ MORE

Podcast: How Development is Changing

lpaine's picture
By Laura Paine May 3, 2017  | Security News

As much as world economies depend on software, its creation is subject to the different developer approaches and tactics. Besides their own code, almost all developers use open source as a key component. Security is a top priority for almost none of them. Functionality and delivery speed far too often outweigh everything else. In this edition of the Cyber Second podcast, Pete Chestna, Veracode... READ MORE

HipChat Breach Shows Dangers of Slacking on Security of Third-Party Components

HipChat Breached

This week, HipChat advised customers that one of its databases was breached by attackers who exploited a vulnerable third-party library used on HipChat.com. HipChat, owned by Atlassian, said that the compromised database stored customer usernames, email addresses, hashed passwords, and room metadata such as room name and topic. HipChat’s fast action to force a reset of all HipChat passwords... READ MORE

Podcast: Cyber Geneva Convention Proposed at RSA: Is It Feasible?

sciccone's picture
By Suzanne Ciccone April 20, 2017  | Security News

AppSec in Review Podcast, Episode 4: Cyber Geneva Convention Proposed at RSA: Is It Feasible? At the most recent RSA Conference this past winter, Microsoft President Brad Smith proposed a Cyber Geneva Convention. We’ve had four Geneva Conventions in modern history. In each convention, the world’s nations came together to agree upon a set of guidelines on how war would be conducted,... READ MORE

Magento Zero-Day Leaves 200,000 Online Retailers Vulnerable to Attack

jzorabedian's picture
By John Zorabedian April 19, 2017  | Security News 4
Magento zero-day vulnerability

Security researchers are warning of a high-risk vulnerability in Magento Community Edition, another reminder of systemic risk in our digital economy, which is built upon software and applications that need continuous monitoring. The Magento vulnerability could allow attackers to execute arbitrary code to access sensitive customer data, including credit card information and other payment data.... READ MORE

Women in Technology: Don’t Worry, It’s Worse Than You Think

anielsen's picture
By Anne Nielsen April 14, 2017  | Security News

Veracode recently hosted a movie night to watch CODE: Debugging the Gender Gap, followed by a group discussion. Two things struck me at this event: Gender diversity in technology is getting worse, not better. This problem won’t fix itself. In our group discussion after the movie – lead by Rosa Carson from Wayfair Labs – we dove into the question of “why is this getting... READ MORE

Podcast: How the Role of Technologists has Evolved with the Rise of the Digital Economy

jlavery's picture
By Jessica Lavery April 9, 2017  | Security News

The rise of the digital economy has created professional opportunities for those entering technology careers, but is has also changed the core responsibilities of technologists. Our dependence on software to fuel the digital economy and as a result business objectives means it is no longer enough for CTOs and CISOS to be focused on technology and security; they must also speak the language of... READ MORE

New Research: In 2017, Women Still Only Make Up 11 Percent of the Cybersecurity Workforce

lpaine's picture
By Laura Paine March 23, 2017  | Security News
Women in cybersecurity.

As March comes to a close, so too does Women’s History Month. Unfortunately, it doesn’t seem that we’ll be putting an end to the ongoing battle for gender equality in the workplace any time soon – and we’re finding that this is especially true in cybersecurity. So true, in fact, that new research shows women make up only 11 percent of the information security... READ MORE

Striking the Right Balance Between Security and Functionality

eschuman's picture
By Evan Schuman March 23, 2017  | Security News

Doing security well is hard work, but it should never block useful functionality for your customers. If security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. And yet two instances from this month suggest that is exactly what is happening. Let's start with election... READ MORE

WikiLeaks, Vault 7, and Vulnerability Disclosure: Is It Blackmail?

jzorabedian's picture
By John Zorabedian March 22, 2017  | Security News
WikiLeaks vulnerability disclosure

If you're hit by ransomware, you're presented with a difficult choice. Do you pay the ransom and hope the crooks follow through and return your ransomed data and files? Or do you refuse to pay, and say goodbye to that data forever? Tech companies including Microsoft, Google, Apple and Samsung are facing a similar dilemma, after WikiLeaks published information allegedly showing that the... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu