The latest security technology and best practices to secure software applications, vulnerabilities and code.

  • Log4j Vulnerability Puts Enterprise Data Lakes and AI at Risk

    The Apache Log4j Log4Shell bug is one of the most critical vulnerabilities in the history of cybersecurity. Hundreds of millions of devices use the Log4j component for various online services, among them government organizations, critical infrastructure, companies and individuals. Actually, pretty much all software uses this library written in Java, so it’s a very widespread… Read more

  • Software Supply Chain: A Risky Time for Dependencies

    The software supply chain is a critical element in the lifecycle of applications and websites. The interdependencies and components common in modern software development can increase the attack surface and sometimes allow hackers to bypass robust security layers you’ve added to your infrastructure. Indeed, only one flaw in the code base can be enough to… Read more

  • Palo Alto Unveils Zero Trust 2.0, Says Current Solutions Inadequate

    Palo Alto Networks says current zero trust solutions don’t go far enough, so today the cybersecurity leader urged the industry to transition to what it’s calling Zero Trust Network Access 2.0 (ZTNA 2.0), an approach that involves continuously reassessing user trust and network traffic. The massive shift to remote work brought on by the pandemic… Read more

  • Getting Started with the Burp Suite: A Pentesting Tutorial

    Burp is one of the top-rated security suites for pentesting and ethical hacking. While there are paid professional and enterprise editions, you can install the community edition for free and even use it directly from Kali Linux. The Burp suite is widely used by security professionals to perform advanced scans and various traffic interceptions (e.g.,… Read more

  • Security Researchers Find Nearly 400,000 Exposed Databases

    Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues. Researchers at Singapore-based cybersecurity company Group-IB recently discovered thousands of databases exposed to the internet that could have been exploited when they were left unprotected. The Attack Surface Management team at Group-IB said it constantly scans the IPv4… Read more

  • MFA Advantages and Weaknesses

    Not everyone adopts multi-factor authentication (MFA) to secure their accounts. Many stick with simple username and password combinations despite the weaknesses of this authentication method. Yet if someone wanted to enable MFA, which option should they use? Each MFA option suffers vulnerabilities and creates user friction, so IT managers need to select the MFA option… Read more

  • Protecting Against the Spring4Shell Vulnerability

    Spring4Shell (CVE-2022-22965) is a remote code execution (RCE) vulnerability that affects Spring Core, a comprehensive framework for Java-based enterprise applications. Spring4Shell gets its name from the Log4Shell vulnerability, one of the most critical zero-day threats ever, which affected a Java software component called Log4j and allowed hackers to take control of web servers and networks.… Read more

  • SAML: Still Going Strong After Two Decades

    SAML is an open standard facilitating the communication and verification of credentials between identity providers and service providers for users everywhere. In 2005, the open standard consortium OASIS released SAML 2.0 to broad appeal. As smart mobile devices boomed, so did the number of web applications and the need to address never-ending logins. SAML was… Read more

  • Addressing Remote Desktop Attacks and Security

    The Remote Desktop Protocol (RDP) has long been essential for IT service management and remote access. Still, in the wrong hands, RDP attacks and vulnerabilities related to remote desktop software are a severe threat. Recent years presented a torrent of research showing how vulnerable RDP systems are for organizations not taking additional cybersecurity precautions. Because… Read more

  • Russia, China May Be Coordinating Cyber Attacks: SaaS Security Firm

    A SaaS security company says a spike in cyber attacks from Russia and China in recent weeks suggests the two countries may be coordinating their cyber efforts. SaaS Alerts, which helps managed service providers (MSPs) manage and protect customers’ SaaS apps, mentioned the finding in conjunction with the release of its annual SaaS Application Security… Read more

Top Cybersecurity Companies

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis