Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Introducing the New Veracode Software Composition Analysis

jperez's picture
By Javier Perez August 19, 2019

Open source technology empowers developers to make software better, faster, and more efficiently as they push the envelope and delight users with desired features and functionality. This is a trend that is unlikely to fade – at least not in the foreseeable future – and has further fueled our passion for securing the world’s software. This is also why Veracode acquired SourceClear – we had a... READ MORE

As Cyberattacks Increase, So Does the Price of Cybersecurity Professionals

vlattell's picture
By Valerie Lattell August 14, 2019

Cyberattacks are on the rise, and companies are noticing. Everyone is in a scramble to avoid being the next corporation sweeping news headlines with the words “data breach” following. As a result, the demand for cybersecurity experts is skyrocketing, but there are a couple of problems. Not only are there not enough cybersecurity experts to fill those roles, but for the cybersecurity experts that... READ MORE

New Research: Apache Solr Parameter Injection

lpaine's picture
By Laura Paine August 14, 2019

Apache Solr is an open source enterprise search platform, written in Java, from the Apache Lucene project. Its major features include full-text search, hit highlighting, faceted search, dynamic clustering, and document parsing. You treat it like a database: you run the server, create a collection, and send different types of data to it (such as text, XML documents, PDF documents, etc.). Solr... READ MORE

Live From Black Hat USA: Making Big Things Better the Dead Cow Way

lpaine's picture
By Laura Paine August 9, 2019
Panel discussion on Cult of the Dead Cow at Black Hat 2019

When Reuters’ investigative reporter Joseph Menn confirmed that presidential candidate Beto O’Rourke was an early member of The Cult of the Dead Cow (cDc), it seemed as though folks had two viewpoints on it. They either had more respect for him because they understood what cDc was trying to accomplish, or they were relatively horrified because “hackers are bad.” It’s easy to fear what we don’t... READ MORE

Live From Black Hat USA: The Inevitable Marriage of DevOps & Security

lpaine's picture
By Laura Paine August 8, 2019
Talking DevOps and security at Black Hat 2019

During her briefing with Kelly Shortridge, vice president of product strategy at Capsule8, Dr. Nicole Forsgren, research and strategy at Google, did a beautiful job of adding imagery to the story she told of the attendee reactions during the now-famous talk Paul Hammond and John Allspaw gave at Velocity in 2009. If you're not familiar, the title of said talk was, "10 Deploys Per Day: Dev &... READ MORE

Live From Black Hat USA: Four Key Takeaways from Dino Dai Zovi's Keynote

lpaine's picture
By Laura Paine August 7, 2019
Key takeaways from the Black Hat 2019 keynote

"Did you know that your 20th Black Hat is when you get to give the keynote at Black Hat?" Dino Dai Zovi, head of security for Cash App at Square, joked to the packed ballroom. While it may have been Dai Zovi's 20th conference, the topic of his keynote has never been more fitting for where we are in security and the ways in which it mirrors what we experience in our day-to-day life. He gave us an... READ MORE

Live From Black Hat USA: Communication's Key Role in Security

lpaine's picture
By Laura Paine August 7, 2019
Key points from the Black Hat Keynote

The kick-off keynote for the 23rd Black Hat USA Conference in Las Vegas set the stage for the conversations that will undoubtedly be discussed in great detail over the next two days - and likely the next two years - if Black Hat founder Jeff Moss’ opening remarks are indicative of a trend. Moss pointed out that security had been asking for the spotlight, both in legislative and more corporate... READ MORE

Grasshoppers, Dead Cow, and Controlled Chaos: What We’re Looking Forward to at Black Hat USA

lpaine's picture
By Laura Paine August 2, 2019

Usually, Black Hat USA is all the rage this time of year when it comes to Las Vegas; however, it seems the excitement about the show has been eclipsed by a grasshopper invasion. I admit, I was puzzled when my colleagues informed me of the news and proceeded to show me the horrifying photographic and video evidence. I joked that I would need to wear a Veracode-branded beekeeper suit, and wondered... READ MORE

Capital One Benefits From Responsible Disclosure Program Following Massive Data Breach

lpaine's picture
By Laura Paine July 31, 2019

This blog post was updated on August 1, 2019 to include additional details uncovered as a result of the ongoing investigation associated with the Capital One data breach. Capital One’s data breach may be one for the record books, impacting as many as 106 million U.S. and Canadian credit applicants dating back to as early as 2005. While it’s natural to want to draw parallels to the 2017 Equifax... READ MORE

State of Louisiana Declares State of Emergency Following Malware Attacks

lpaine's picture
By Laura Paine July 26, 2019

On Wednesday, Louisiana Governor John Bel Edwards declared a state of emergency following a series of cyberattacks impacting the computer and phone systems of several of the state’s school districts. The declaration, which will remain in place for the entire state until Aug. 21, is out of concern that the attacks could spread to affect other organizations in local and state government. According... READ MORE

 

 

contact menu