Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Some Surprises in the New New York Cybersecurity Regulations

eschuman's picture
By Evan Schuman February 2, 2017  | Security News

In the US, there exist no meaningful national cybersecurity rules, but, as a practical matter, that is likely to change this year. But it's not coming from Congress. The catalyst is new rules slated to start in March from the New York State Department of Financial Services. In financial areas, that New York department is typically mimicked by a wide range of other state regulators, along with... READ MORE

Podcast: Making Sense of the New York DFS Cybersecurity Regulations

sciccone's picture
By Suzanne Ciccone January 28, 2017  | Security News

View our new guide for continued learning: Navigating the New York Department of Financial Services' Cybersecurity Regulations The New York Department of Financial Services recently issued proposed regulations for cybersecurity that seek to standardize the way that financial services institutions protect information systems and the business and personal information they manage. Organizations... READ MORE

Podcast: Challenges of the Digital Economy

sciccone's picture
By Suzanne Ciccone January 26, 2017  | Security News

The digital innovations used by companies are making it easier for companies to improve their productivity. They also remove barriers for startups to enter new markets and make our everyday lives easier. However, the digital economy comes with challenges and risks. During this installment of Veracode’s AppSec in Review Podcast, Brian Fitzgerald, CMO at Veracode discusses the challenges... READ MORE

Apple's Abandonment Of Its Own App Security Deadline Is Bad For So Many Reasons

eschuman's picture
By Evan Schuman January 16, 2017  | Security News

Have a great idea for the most effective way to make life easier for cyberthieves, especially those who are focused on ineffective app security. All you have to do is get one of the most powerful brands in computing to publicly declare a security deadline and then have it quietly withdraw that deadline on the eve of it being effective. For a terrific example of well this can undermine app... READ MORE

Millions of program builds vulnerable to Man-in-the-Middle attacks

mang's picture
By Ming Yi Ang January 16, 2017

According to a blog post made on 18f, it is a standard to ensure all federal websites and web services to serve only via secured connections (HTTPS). Yet in its recent study, about 6.1% of the domains do not have HTTPS enabled. Package managers have, in the past, deprecate certain commands/features that defaults to HTTP. RubyGems has deprecated source :rubygems in Gemfile due to the insecurity of... READ MORE

FAQs About the New York DFS Cybersecurity Regulations

jzorabedian's picture
By John Zorabedian January 3, 2017
New York DFS Cybersecurity Regulations

New York State has passed strict new cybersecurity requirements for financial services companies doing business in New York, and affected organizations will need to prove compliance with the regulations beginning in February 2018. New York Governor Andrew Cuomo said the "first-in-the-nation" cybersecurity regulations are necessary to "guarantee the financial services industry upholds its... READ MORE

Rails_admin Vulnerability Disclosure

jyeo's picture
By Jason Yeo December 25, 2016

A few days ago, I found a CSRF vulnerability in rails_admin. rails_admin is a Ruby gem that generates administrative interfaces for your models automatically. Interestingly, this vulnerability is similar in nature to the one I found in administrate, a similar gem. Additionally, past Ruby gems affected in a similar fashion can be explored at this link. Teardown After a change introduced by this... READ MORE

App Security Deserves Far More IT Respect

eschuman's picture
By Evan Schuman December 15, 2016  | Security News

App Security today is the Rodney Dangerfield of IT security. Everyone knows about it, but it gets no respect. Isn't it obvious that because apps are granted greater data-sharing with other apps and the ability to update itself—directly to the mothership—without IT signoff, that perhaps this should soar to the top of the danger list? Apparently not. Consider just a few examples... READ MORE

Holiday Short-Duration Sites Deliver Long-Duration Headaches

eschuman's picture
By Evan Schuman December 12, 2016  | Security News
Seasonal marketing websites are long term security risks if not properly inventoried!

The holiday season is now upon us, which means retail pop-up stores and seasonal sites. Those are all good for merchants, good for gift-seeking shoppers and potentially very good news for cyberthieves hoping for vulnerable sites that can fuel fraud. Why, you might ask, would a retailer with robust anti-fraud and other security measures forego those efforts for a seasonal site? First, they do and... READ MORE

Podcast: Critical Infrastructure with Dick Clarke

Neil's picture
By Neil DuPaul November 22, 2016  | Security News
Critical infrastructure cybersecurity measures.

How do you convince companies and nation states to protect against attacks that haven't happened yet? That's the sort of question we ponder today in our latest podcast with Richard Clarke, Veracode Board Member and former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States. Richard walks us through how he thinks about convincing... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu