NTT Application Security Specialist

Businesses and agencies today are spending an average of about 250 days to remediate high-severity risks, NTT Application Security found.

The education sector sees an improving window of exposure despite lower remediation rates and higher than average time to fix, according to an NTT report

The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say.

A new report from IBM Security X-Force has found that two-thirds of cloud breaches can be traced to misconfigured application programming interfaces.

Users of HAProxy 2.0 and later versions are being urged to push through updates after a vulnerability was found that could allow "an attacker to bypass the check for a duplicate HTTP

Nowadays, much of the business world operates digitally. This has prompted many companies to invest in new digital offerings to better serve their customer base.

The average time taken to fix high severity application security flaws has increased by ten days in just a month, according to the latest data from NTT Application Security.

The threat landscape surrounding web, mobile and API-based applications is evolving rapidly.

Almost three-quarters of Web applications for businesses that handle accounting, auditing, finances, and operations have critical vulnerabilities every day of the year.

The scope of a cyberattack at T-Mobile US keeps growing, as the operator today confirmed personal data on at least 54 million people were exposed and stolen.

A newly disclosed flaw in software from BlackBerry Ltd. has resulted in warnings from U.S. government authorities due to its serious nature.

Zero-trust architecture is being adopted across all assets within network infrastructure—data, cloud, applications. And now, more frequently, developers are seeing zero-trust as a useful security approach for APIs.

A new Android Trojan has been identified by cybersecurity firm Zimperium, which released a report on Monday explaining how the malware has been able to hit more than 10,000 victims in 144 co

A new Android Trojan has been identified by cybersecurity firm Zimperium, which released a report on Monday explaining how the malware has been able to hit more than 10,000 victims in 144 countries.

Threats to web, mobile and API-based apps are developing rapidly and the average time taken to fix them isn't improving, with critical vulnerabilities remaining open on average for 202 days.

A new report from NTT Application Security found that the window of exposure for many companies' vulnerabilities is growing.

Each month in 2021, NTT Application Security has been tracking the state of application security and the threat landscape, paying particular attention to the window of exposure (WoE), vulnerability by class and time to fix.

Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others.

Verizon will be working with Google to bring the Rich Communications Service (RCS) standard to Android users in the US starting next year, joining T-Mobile and AT&T which both announced the switch earlier this year.

The revelation that Israeli company NSO Group’s spy software Pegasus was targeting the smartphones of activists, journalists and business executives sent a shockwave through the international press.

Microsoft has now released patches to protect all versions of Windows against the critical PrintNightmare flaw. On Tuesday, the company had deployed fixes to cover most but not all editions of Windows.

The latest zero-day entails an attack chain that allows an unauthenticated intruder to execute code as root and install a permanent backdoor on the vendor’s network-attached storage (NAS) devices. It’s found in all Western Digital NAS devices running the old, no-longer-supported My Cloud 3 operating system.

The cryptocurrency brokerage of Robinhood Markets Inc. expects to pay New York regulators a penalty of at least $10 million for allegedly violating state rules on cybersecurity and anti-money-laundering practices, the company said in filings last week.