Software Vulnerabilities February 20, 2019 Calling Into Question the CVSS 6 min read - X-Force Red believes vulnerabilities should be ranked based on the importance of the exposed asset and whether the vulnerability is being weaponized by criminals, not necessarily its CVSS score.
Application Security February 14, 2019 Take Your Relationship With DevSecOps to the Next Level 4 min read - Like any relationship, DevSecOps works best when there is a solid commitment, open communication and strong resolve in the face of challenges.
January 15, 2019 New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks 2 min read - A new reverse proxy tool called Modlishka can easily automate phishing attacks and bypass two-factor authentication (2FA) — and it's available for download on GitHub.
January 14, 2019 The Dark Overlord Claims to Have Stolen Secrets of 9/11 Attacks in Law Firm Data Breach 2 min read - The threat group known as The Dark Overlord has claimed responsibility for a law firm data breach involving files allegedly related to the 9/11 terrorist attacks.
January 8, 2019 Malvertising Campaign Delivers Vidar Information Stealer and GandCrab Ransomware 2 min read - Researchers have spotted a malvertising campaign that is delivering two payloads to victims: the Vidar information stealer and GandCrab ransomware.
Application Security January 7, 2019 The System Development Life Cycle: A Phased Approach to Application Security 7 min read - By completing the phases of the system development life cycle (SDLC), security teams can integrate processes and technologies into the development process and improve application security.
January 4, 2019 Ursnif, Emotet, Dridex and BitPaymer Malware Families Team Up to Wreak Havoc 2 min read - Researchers discovered a link between four malware families — Ursnif, Emotet, Dridex and BitPaymer — that suggests threat actors may be combining efforts to develop more sophisticated attack vectors.
Application Security January 4, 2019 New Year, New Risks: 3 Application Security Resolutions You Should Adopt in 2019 5 min read - To ring in the new year, application security teams should resolve to implement more security into the development process, prioritize consumer trust and pay more attention to false negatives.
CISO January 4, 2019 Your Security Strategy Is Only as Strong as Your Cyber Hygiene 3 min read - Without full network visibility and regular utilization of cyber hygiene best practices, your enterprise could face very real, but entirely preventable, security risks.
Artificial Intelligence December 18, 2018 Machine Learning Will Transform How We Detect Software Vulnerabilities 3 min read - When used as part of the software development process, machine learning can help identify vulnerabilities before threat actors have a chance to exploit them.