Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Veracode Survey Research Shows Shift to DevOps and DevSecOps

jzorabedian's picture
By John Zorabedian June 14, 2017  | Security News
DevOps and AppSec Survey

With the proliferation of attacks and breaches at the application layer, it's clear that application security testing is a growing necessity. What's less clear is how organizations can hope to bridge the gap between the priorities of development, operations, and security teams. To understand how organizations are handling these challenges, Veracode partnered with ESG to conduct a survey of IT... READ MORE

Podcast: Components, Increasing Speed and Risk

lpaine's picture
By Laura Paine June 7, 2017  | Security News
Software Components, Increasing Speed and Risk

There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know. -Donald Rumsfeld Just as there are known knowns, known unknowns and unknown unknowns in National Security, the same can be said for application security. The very... READ MORE

Un-patched for months, could Cisco 0-day lead to another round of WannaCry? - SourceClear

mang's picture
By Ming Yi Ang May 24, 2017

For the last few weeks, we all got our ears torn out by story after story of WannaCry this, WannaCry that. Yet, not long ago, there was a similar exploit - Cisco 0-Day, CVE-2017-3881 - whose impact could have caused a similar outcry had it been more successful. We highlight the initial similarities between Cisco 0-Day and EternalBlue - the exploit that fueled WannaCry - but note the differences... READ MORE

Podcast: Our Take on the WannaCry Ransomware Attack

sciccone's picture
By Suzanne Ciccone May 23, 2017  | Security News
WannaCry Podcast Veracode

On Friday, May 12, an unprecedented cyberattack affected approximately 200,000 computers across 150 countries. By exploiting a vulnerability in Microsoft Windows, a combined worm/ransomware attack called WannaCry shut down hundreds of thousands of computers and demanded payment in order to regain access. In episode 5 of our AppSec in Review podcast, Evan Schuman and Veracode's Brian Fitzgerald... READ MORE

WannaCry Ransomware Attack Is a Symptom of a Much Bigger Problem

WannaCry Ransomware

In the wake of one of the largest-ever cyberattacks – the fast-spreading WannaCry ransomware, which hit over 300,000 computers in 150 countries – it’s important to look at what went wrong and how to prevent it from happening again. Yet as we look for lessons from this devastating attack, it would be a mistake to see WannaCry as just a really destructive form of ransomware – it is a sign of latent... READ MORE

When Will WannaCry Style Ransomware Hit Enterprise Java Web Apps?

asharma's picture
By Asankhaya Sharma May 14, 2017

Unless you have been living under a rock you have heard all about the WannaCry ransomware. At SourceClear, we believe this week's attacks were a preview of what could happen when (not if) ransomware moves from small-value targets (consumer desktops) to large-value targets (enterprise web applications). It's where the big money is. This blog post demonstrates the technical feasibility with a... READ MORE

Podcast: How Development is Changing

lpaine's picture
By Laura Paine May 3, 2017  | Security News

As much as world economies depend on software, its creation is subject to the different developer approaches and tactics. Besides their own code, almost all developers use open source as a key component. Security is a top priority for almost none of them. Functionality and delivery speed far too often outweigh everything else. In this edition of the Cyber Second podcast, Pete Chestna, Veracode’s... READ MORE

HipChat Breach Shows Dangers of Slacking on Security of Third-Party Components

HipChat Breached

This week, HipChat advised customers that one of its databases was breached by attackers who exploited a vulnerable third-party library used on HipChat.com. HipChat, owned by Atlassian, said that the compromised database stored customer usernames, email addresses, hashed passwords, and room metadata such as room name and topic. HipChat’s fast action to force a reset of all HipChat passwords... READ MORE

Podcast: Cyber Geneva Convention Proposed at RSA: Is It Feasible?

sciccone's picture
By Suzanne Ciccone April 20, 2017  | Security News

AppSec in Review Podcast, Episode 4: Cyber Geneva Convention Proposed at RSA: Is It Feasible? At the most recent RSA Conference this past winter, Microsoft President Brad Smith proposed a Cyber Geneva Convention. We’ve had four Geneva Conventions in modern history. In each convention, the world’s nations came together to agree upon a set of guidelines on how war would be conducted,... READ MORE

Magento Zero-Day Leaves 200,000 Online Retailers Vulnerable to Attack

jzorabedian's picture
By John Zorabedian April 19, 2017  | Security News 4
Magento zero-day vulnerability

Security researchers are warning of a high-risk vulnerability in Magento Community Edition, another reminder of systemic risk in our digital economy, which is built upon software and applications that need continuous monitoring. The Magento vulnerability could allow attackers to execute arbitrary code to access sensitive customer data, including credit card information and other payment data.... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu