With any business venture, all organizations aim to minimize downside risks and maximize upside opportunities at some basic level. With the rapid transition to digital-first technologies, organizations are offering new products to improve customer experiences by delivering the value proposition of any time, any place.
Microsoft has warned the security community that the Log4j vulnerabilities still represent a complex and high risk for companies across the globe, as this open-source component is widely used across many suppliers' software and services.
NTT Security AppSec Solutions Inc. today announced a solution that enables enterprises to conduct dynamic application security testing at each phase of the development cycle and prevent exploitable vulnerabilities from reaching production.
In the one month since news broke of a critical remote code execution vulnerability in the Log4j logging framework, there have been no major intrusions tied to the flaw in the US, officials from the Cybersecurity and Infrastructure Security Agency (CISA) said Monday.
Security researchers from JFrog said on Thursday that they discovered a critical JNDI-based vulnerability in the H2 database console exploiting a root cause similar to Log4Shell.
Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.
The Office of Inspector General (OIG) for the Department of Veterans Affairs last week issued a report that claimed that a division in the VA’s Office of Information Technology (OIT) used SaaS applications and application programming interfaces (APIs) that did not meet federal security requirements.
Software demand has skyrocketed for nearly a decade now, but COVID-19 further accelerated the trend by pushing businesses to rapidly develop and adopt technologies for remote work and customer interaction.
Online shopping safety with Craig Hinkley, NTT Application Security
A new report from NTT Application Security has found that 94% of consumers understand the risks of online shopping.
Only 25% of consumers surveyed by NTT Application Security said they'd take their online business elsewhere following a data breach.
Decipher’s new behind the scenes look at the weekly news with input from our sources. Topping the headlines this week are two key cybersecurity-related moves by the U.S. government.
The running list of prioritized vulnerabilities will evolve based on CISA's understanding of adversary activity, the agency said.
Under a new binding operational directive (BOD), CISA has developed a catalog of known, exploited vulnerabilities that federal agencies must address.
Application security (AppSec) in general — and application security testing (AST) specifically — are over as we know them.
In September 2020, security researchers discovered a document with names, social security numbers, addresses and grades in an underground forum.
Businesses and agencies today are spending an average of about 250 days to remediate high-severity risks, NTT Application Security found.
The education sector sees an improving window of exposure despite lower remediation rates and higher than average time to fix, according to an NTT report
The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say.
A new report from IBM Security X-Force has found that two-thirds of cloud breaches can be traced to misconfigured application programming interfaces.
Users of HAProxy 2.0 and later versions are being urged to push through updates after a vulnerability was found that could allow "an attacker to bypass the check for a duplicate HTTP
Nowadays, much of the business world operates digitally. This has prompted many companies to invest in new digital offerings to better serve their customer base.
The average time taken to fix high severity application security flaws has increased by ten days in just a month, according to the latest data from NTT Application Security.
The threat landscape surrounding web, mobile and API-based applications is evolving rapidly.
Almost three-quarters of Web applications for businesses that handle accounting, auditing, finances, and operations have critical vulnerabilities every day of the year.
The scope of a cyberattack at T-Mobile US keeps growing, as the operator today confirmed personal data on at least 54 million people were exposed and stolen.
A newly disclosed flaw in software from BlackBerry Ltd. has resulted in warnings from U.S. government authorities due to its serious nature.
Zero-trust architecture is being adopted across all assets within network infrastructure—data, cloud, applications. And now, more frequently, developers are seeing zero-trust as a useful security approach for APIs.
A new Android Trojan has been identified by cybersecurity firm Zimperium, which released a report on Monday explaining how the malware has been able to hit more than 10,000 victims in 144 co
A new Android Trojan has been identified by cybersecurity firm Zimperium, which released a report on Monday explaining how the malware has been able to hit more than 10,000 victims in 144 countries.
Threats to web, mobile and API-based apps are developing rapidly and the average time taken to fix them isn't improving, with critical vulnerabilities remaining open on average for 202 days.