Application Security
Several OpenJDK Vulnerabilities Fixed
Rohan Timalsina | | CVE, Debian Linux Security, Denial-of-Service (DoS), Java Secure Chain, java vulnerabilities, KernelCare Enterprise, Linux & Open Source News, linux live patching, linux systems, open source, OpenJDK vulnerabilities, OpenJDK Vulnerability Advisory, Oracle Java SE, SecureChain, security patches, security vulnerabilites
Recently, several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking of sensitive data to log files, denial of service, or bypass of sandbox ...
The xSPM Trend: Security Posture Management for Everything
Gilad David Maayan | | ASPM, Cloud Security, cspm, Data Security, identity, Kubernetes Security, Software Security
The xSPM trend represents a holistic approach to managing and enhancing the security posture of diverse IT assets ...
Security Boulevard
Report: Cyberattacks Against Software Supply Chains Become More Targeted
Phylum found an increase in the discovery of malicious packages targeting the software supply chains of specific organizations ...
Security Boulevard
Latest Research Reveals Rise in API Attacks in 2023, Putting Businesses at Risk in 2024
The State of API Security in 2024 Report highlights how APIs and their increased usage are significantly changing the threat landscape. In 2023, the number of API-targeted attacks rose significantly. Attacks targeting ...
What is PCI DSS Compliance? Top Requirements to adhere to get PCI DSS
Vishaka Sethia | | Compliance and Auditing, PCI DSS, pci dss compliance, pci dss requirements, Penetration Testing
What is PCI DSS? The Payment Card Industry Data Security Standard (PCI DSS) was created in 2006 by Visa, MasterCard Discover Financial Services, JCB International, and American Express. The goal of this ...
ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
Uncover critical security flaws in ConnectWise ScreenConnect (CVE-2024-1709 & CVE-2024-1708) posing remote code execution risks. Actively exploited in the wild. The post ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708) appeared first on Indusface ...
Avast Hit With $16.5 Million Fine for Selling Customer Data
Avast Software will pay a $16.5 million fine to settle a federal complaint accusing the antivirus vendor of collecting users’ browsing data over six years and selling it to advertising companies without ...
Security Boulevard
Continuously fuzzing Python C extensions
By Matt Schwager Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in high-assurance software developed in ...
PRC State Hacking: ‘Chinese Edward Snowden’ Spills I‑Soon Secrets in Huge Dump of TTPs
Richi Jennings | | APT41, Auxun, Chengdu 404, china, china espionage, Chinese, Chinese Communists, Chinese devices, chinese government, chinese hacker, Chinese hackers, Chinese Threat Actors, Data Stolen By China, Great Firewall of China, hong kong, i-soon, Insider, insider breach, insider risk, iSoon, Peoples Republic of China, SB Blogwatch, Tibet, Uyghur
Underpaid, overworked and angry: Whistleblower in hacker contractor firm for Chinese government blows lid off tactics, techniques and procedures ...
Security Boulevard
A Comprehensive Guide on GraphQL Testing
Subrath Kumar Sahoo | | API security, Application Security, GraphQL testing, Web Services & API Security
GraphQL has taken the API world by storm, offering flexibility and efficiency like never before. But with great power comes great responsibility, and ensuring your GraphQL API functions flawlessly is crucial. This ...