More than 40 billion records exposed in 2021
Security Brief Asia is reporting on new research showing more than 40 billion records were exposed by data breaches in 2021. According to the research from Tenable's Security Response Teams, they found a considerable increase in breach incidents, with 1,825 breach data incidents publicly disclosed between November 2020 and October ... Read More
A Quick Look at the New OWASP Top 10 for 2021
Back in September of 2021 we wrote that the OWASP working group had a draft of latest Top 10 Web Application Security Risks, their first update since the 2017 revision. The working group finalized their list and published a final version a month later in October of 2021. With the ... Read More
The Final Count: Vulnerabilities Up Almost 10% in 2021
ow that 2021 has ended, we can see the final tally of vulnerabilities recorded for 2021. The year ended with a total of 20,061 vulnerabilities recorded, 9.3% over the prior year and the most ever recorded of any year since the database began. The post The Final Count: Vulnerabilities Up ... Read More
93% of Tested Networks Vulnerable to Breach
Nearly every organization can be infiltrated by cyber attackers, based on data from dozens of penetration tests and security assessments. The vast majority of businesses can be compromised within a month by a motivated attacker using common techniques, such as compromising credential, exploiting known vulnerabilities in software and Web applications, ... Read More
Fifth Record Year in a Row for Vulnerabilities
On December 8, 2021 we just hit another milestone with the number of vulnerabilities recorded in the US CERT Vulnerability Database (so far in 2021) exceeding the total count in 2020, marking a fifth record year of vulnerabilities discovered in production code. The post Fifth Record Year in a Row ... Read More
Cyber Security Predictions for 2022
As we approach the end of 2021, we’d like to present our predictions for 2022 for the application security community. It would be easy to just predict that cyber attacks will continue to increase, that we’ll find more vulnerabilities in production code (after four record years and probably a fifth), ... Read More
Shadow Code is a Major Risk for Web Applications
A new report written by Osterman Research notes that most websites use third-party libraries to simplify common functions, but these same libraries often have application security risks. Organizations also typically lack visibility into third party code, making it difficult to determine if websites and web applications have been compromised. The ... Read More
Attacks On Retail Websites Up Heading Into Holiday Season
A new article in Help Net Security is reporting that attacks on retail industry websites from Q4 2020 through the first half of 2021 were notably higher than all other industries, and were characterized by more sporadic peaks in attacks. With attacks up on retail sites, and the continued global ... Read More
70% of Dev Teams Admit to Skipping Security Steps
A new article in Venture Beat is reporting that 70% of development teams always or frequently skip security steps due to time pressures when completing projects. The article concludes that the result of skipping security steps, is that 33% of security issues in remediation at any given time come from ... Read More
The Security Implications of Application Proliferation
The proliferation of applications in the wake of COVID and more employees than ever working from home should not be a surprise to anyone. The worry though, is whether organizations have taken security for those newly released applications seriously enough. Security professionals face growing challenges as their organizations increase both ... Read More