The latest security technology and best practices to secure software applications, vulnerabilities and code.
Researchers have outlined a method that could be used by bad actors to push vulnerabilities into source code that are invisible to human code reviewers. In a paper released this week, two researchers at the University of Cambridge in the UK wrote that the method – which they dub “Trojan Source” – essentially can be… Read more
Microsoft Exchange is a frequent target of hackers, and often the attack vector is a well known vulnerability that a company just hasn’t gotten around to patching. To try to deal with that problem, Microsoft is doing what a lot of other software vendors may start doing: making applying fixes a lot less optional. In… Read more
OWASP security researchers have updated the organization’s list of the ten most dangerous vulnerabilities – and the list has a new number one threat for the first time since 2007. The last update was in November 2017, and the latest draft is available for peer review until the end of the year. The Open Web… Read more
Microsoft for the past few years has been among the loudest vendors calling for a security future that doesn’t include passwords. In 2018, the software giant took the step of doing away with passwords for people signing into its Edge web browser, saying instead they could use a number of alternatives. Since then, the company… Read more
There’s a lot of code in the world, and a lot more is created every day. The browser you’re reading this article on is likely supported by millions of lines of code. And as even a casual reader would know from the headlines, not all of that code is flawless. In fact, there are more… Read more
Software vulnerabilities are a grave threat to the security of computer systems. They often go undetected for years until it is too late and the consequences are irreversible. In order to find these weaknesses, software security testers and developers often have to manually test the entire codebase and determine if any vulnerabilities exist. However, this… Read more
Two of the largest government security agencies are laying out the key cyberthreats to Kubernetes, the popular platform for orchestrating and managing containers, and ways to harden the open-source tool against attacks. In a 52-page report released this week, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) noted the advantages to… Read more
It seems that no matter how many security technologies, network perimeters, and intrusion prevention safeguards are erected, the bad guys somehow find a means of entry. Enter microsegmentation as a way to minimize the damage from successful perimeter breaches. The basic idea is to segment off parts of the network, especially the most sensitive parts,… Read more
Blockchain is best known as the database technology facilitating and securing cryptocurrency transactions, but its application to broader cybersecurity issues is just beginning. The brilliance of blockchain technology lies in its ability to validate transactions between parties, and, in turn, store a permanent record of those transactions on a decentralized network. This functionality makes forging… Read more