Categories
Uncategorized

Cracking the Code to a Successful Remediation Plan

Creating a remediation plan can be tricky. In fact, customers often tell us that it???s much easier to create a plan to help developers scan applications quickly and easily than it is to establish remediation goals. But if vulnerabilities aren???t remediated right away, there???s a higher chance that they will never be remediated. Our recent […]

Categories
Uncategorized

Frequency, Speed, and Accuracy Are a Match Made in AppSec Heaven

???Make it work, make it right, make it fast.??? These words from renowned software engineer Kent Beck will always ring true for developers, especially with the pace of development picking up, not slowing down. A GitLab survey from last year showed nearly half (43 percent) of respondents deploy software on-demand or multiple times per day […]

Categories
Uncategorized

Cyberthreats During the Pandemic Are on the Rise

With the sudden shift to digital that many businesses are facing in response to the pandemic, preventing cyberattacks is more important than ever. According to the FBI, attacks related to COVID-19 have increased 400 percent in recent months. And with data from Gartner showing that 74 percent of companies expect to maintain some level of […]

Categories
Uncategorized

Verizon Data Breach Investigations Report Finds an Increase in Web Application Breaches

Verizon recently published its 2020 Data Breach Investigations Report (DBIR), which analyzed 32,002 security incidents in 16 different industries and four different world regions. Similar to last year???s findings, the majority of breaches ??? 86 percent ??? are financially motivated, and most ??? 70 percent ??? are caused by outsiders. Credential theft, social attacks (i.e., […]

Categories
Uncategorized

Realigning Priorities and Building a Bridge Between Security and Development

It???s a common conundrum for application security (AppSec) teams??ヲhow can developers and security professionals work together to release software faster? It takes a working relationship, good communication, and the right tools, which most teams don???t have. Even more discouraging, stigmas follow both teams around the office; developers often worry that security is there to slow […]

Categories
Uncategorized

Announcing Our State of Software Security: Open Source Edition Report

Today, we published a special supplement to our annual State of Software Security report that focuses exclusively on the security posture of the open source libraries found in applications. Prominent in almost every application today, open source libraries allow developers to move faster by quickly adding basic functionality. In fact, it would be nearly impossible […]

Categories
A Little Sunshine Colette Davies Igor Gubskyi Ihor Hubskyi Inside Knowledge Iryna Davies John Bernard John Clifton Davies john888@myswissmail.ch National Crime Agency Ne'er-Do-Well News The Private Office of John Bernard

Who is Tech Investor John Bernard?

John Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months […]

Categories
CVE-2020-1472 Microsoft Other Scott Caveza Tenable Windows Server ZeroLogon

Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw

Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to […]

Categories
Ransomware Tyler Technologies tylertech.com

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook […]

Categories
anvisoft APT41 Barium Chengdu 404 Cisco Citrix D-Link Ne'er-Do-Well News Pulse SonarX Tan Dailin Techcrunch Wicked Panda Wicked Rose Wicked Spider Winnti Withered Rose Zack Whittaker

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here […]