Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Today's AppSec News: NY Times hit with malvertising, XSS in some VMware products

eseymour's picture
By Eric Seymour March 16, 2016  | Security News

Major News Websites Hit by Malvertising Attacks Major websites including the BBC, Newsweek, The New York Times and MSN ran malicious online advertisements on Sunday that attacked users’ computers, a campaign that one expert said was the largest seen in two years. "Researchers at Trend Micro, Malwarebytes, and Trustwave each reported a spike in malicious traffic over the... READ MORE

AppSec News Roundup: March 15, 2016

eseymour's picture
By Eric Seymour March 15, 2016  | Security News

Bangladesh Central Bank Chief Resigns After Funds Stolen by Hackers In the latest development on the Bangladesh hack, Atiur Rahman, governor of the bank, resigned Tuesday after more than $100 million was stolen from the bank's account at the Federal Reserve Bank of New York last month. The WSJ reports, "Finance Minister Abul Maal Abdul Muhith said Tuesday... READ MORE

RSAC 2016 Final Reflections

jlavery's picture
By Jessica Lavery March 4, 2016  | Security News

I am thrilled I was able to attend so many sessions at RSA this year. I learned a lot about the state of the industry, and the things people outside of CA Veracode are talking about. The expo hall was bustling as usual, and the sheer number of vendors vying for attention tells me this problem isn’t going away anytime soon. Below are my overall impressions from the conference. I am... READ MORE

RSA: Cybersecurity by the Numbers

jlavery's picture
By Jessica Lavery March 3, 2016  | Security News 4

RSA conducted a survey with the assistance of ISACA to help determine the current state of cybersecurity and what the implications for the future will be. First, Jennifer Lawinski from RSA provided information on the top topics for this year’s conference. There were 10 common phrases used in RSA speaking submissions for 2016: Internet of Things Industrial controls Encryption AI and machine... READ MORE

RSA: … But Now I See - A Vulnerability Disclosure Maturity Model

jlavery's picture
By Jessica Lavery March 3, 2016  | Security News

In the application security world, we are all familiar with the BSIMM Maturity Model for determining what areas you need to invest in for application security.  Katie Moussouris, Chief Policy Officer at HackerOne, has created a maturity model for vulnerability disclosures. We aren’t talking about a model to determine your preparedness for a public vulnerability disclosure, like... READ MORE

RSA: Myth Busting the Security Landscape and Development Cycle

jlavery's picture
By Jessica Lavery March 3, 2016  | Security News

This RSA session was actually two separate presentations dealing with the misconceptions in the security industry. The first, by Richard Stiennon, chief research analyst at IT-Harvest, focused on some of the misconceptions in the industry and used data from his analyst research to demonstrate why these beliefs are not true. The second part was given by Gary McGraw, CTO Citigal, and dealt with the... READ MORE

RSA: Attacks on Critical Infrastructure: Insights from the “Big Board”

jlavery's picture
By Jessica Lavery March 3, 2016  | Security News

Despite the fact that this was yet another cyberwar-related talk, and I had just finished speaking with Fred Kaplan about the history of cyberwar, I was really excited about this RSA session – mostly due to the Dr. Strangelove reference. Cyberwar and attacks on critical infrastructure are a major theme at this year’s conference. What was different about this session was that it wasn... READ MORE

RSA: Reflections on Intelligent Application Security

jlavery's picture
By Jessica Lavery March 3, 2016  | Security News

This morning at RSA, I attended a session focused on doing application security in a more intelligent way. The presentation, given by Julian Cohen of Flatiron Health, focused on the inadequacies of manual penetration testing. He listed issues such as human error and bias as well as the tendency to scope projects incorrectly, which leaves much of the application untested. The comment that most... READ MORE

RSA: John Dickson - Does Breach Fixation Distort Reality?

jlavery's picture
By Jessica Lavery March 3, 2016  | Security News

John Dickson, Principal at the Denim Group, talked at RSA about the noise we see in the security market today around breaches, zero-day exploits and other catchy topics in the media. It’s the nature of the media to find the most sensational stories because they sell papers/get clicks. To be fair, if something isn’t sensational, it isn’t news, but this noise can take... READ MORE

RSA DevOps Throw Down – Keeping it Real With Chris, Caleb, Gary, and Shannon

jlavery's picture
By Jessica Lavery March 2, 2016  | Security News

On Monday, I attended portions of the DevOps seminar at the RSA Conference. Today (Tuesday), the conference featured another DevOps-related session, but this time, it was a panel “throw down,” which turned out to be a bit more (to use the moderator’s words) controversial and lively. Shannon Lietz of Intuit moderated the discussion between Chris Wysopal, co-founder and CTO of CA Veracode; Caleb... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu