How often when you use an ATM, payment terminal, or gas pump do you wonder “Is my card information safe?” I know I ask myself that every time I swipe or insert my card. Research by FICO shows that mor

BlogannouncementsWhy We Hack Purple and I are joining Semgrep announcements Why I'm choosing Semgrep, and what the future will hold for the AppSec Community. Subscribe to our blog Share When I started

By Jay Jacobs“Infosec twitter” has been used to describe the vibrant, active and often enthusiastic community of security practitioners working in and around the industry. It’s been a source of insigh

Photo: Suzanne Cordeiro/Getty Images More than three years after Russian hackers compromised SolarWinds and embedded a backdoor in its premier software product, the Securities and Exchange Commission

By Florian Noeding, Principal Security Architect Published inAdobe Tech Blog · 6 min read· Jun 22, 2023 -- In order to remediate security vulnerabilities efficiently, they should be identified and mit

The catch-phrase "shift left" has reached peak assimilation in the application security ethos as security pundits, DevOps strategists, app sec pros, and plenty of promoters of the concept have grabbed

This article is cross posted to LinkedIn here for comments and discussions. With my newfound passion to root out security myths and look for facts based on data, lots of things are catching my eye. Th

We run a newsletter that is sent roughly once a week, with additional commentary, news about our upcoming open-source projects, and things happening at the company. You can signup at www.crashoverride

This article is cross posted on LinkedIn for comments and discussion . The vast majority of developers don’t care about security. That’s a fact in my opinion, and it has been the same since I started

The developer used information it had gathered about a prevelant third-party cheating software to catch and punish players using it red-handed. Image: Valve Over 40,000 Dota 2 accounts have been perma

It is frustrating for cybersecurity vendors when conferences attain the status of “must attend.” They are extremely expensive to exhibit at and the ROI is often difficult to measure. In my experience

The University of Zurich, Switzerland’s largest university, announced on Friday it was the target of a “serious cyberattack,” which comes amid a wave of hacks targeting German-speaking institutions. T

This article is cross posted here on LinkedIn for discussion and comments. In the CSO interviews , I explained that we heard from CSO’s that they want less tools not more. I also explained that we hea

In the old days, security teams were all about protecting the code, written ‘in house’, that powered the features of their software. The dawn of SAST. We called it appsec. Along came open source, and

Published 26 January Share page About sharing Image source, DoJ Image caption, Deputy Attorney General Lisa O Monaco described the operation as a 21st Century cyber stakeout By Joe Tidy Cyber reporter

This article is crossposted to LinkedIn here for comments and discussions. Ever since I started OWASP and it suddenly took off, I have been fascinated by what makes some things rise up. In recent year

Edit Article 03/03/2023 In this article The original immutable laws of security (v2 updated below) identified key technical truths that busted prevalent security myths of those times. In that spirit,

Canada’s aviation system was briefly hit with a computer outage just hours after issues with the same system forced the United States’ Federal Aviation Administration to bring air traffic to a standst

Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at w

I don’t think I can resist making the analogy. It’s just too obvious, and the chance for witty humor and snarky commentary is just too great of a draw for my reptilian brain. If you haven’t seen the m

A critical vulnerability in the Ghost CMS newsletter subscription system could allow external users to create newsletters or modify existing ones so that they contain malicious JavaScript. Such an act

Password manager giant LastPass has confirmed that cybercriminals stole its customers’ encrypted password vaults, which store its customers’ passwords and other secrets, in a data breach earlier this

​Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other service

Image Credit: hareluya/Shutterstock Cybersecurity is a high-stakes game. With the average data breach costing $4.35 million, security analysts are under constant pressure to protect critical data asse

Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub repositories were hacked this month. According to a 'confidential'

U.S. World Russia-Ukraine War Latin America Europe Africa Middle East Asia Pacific U.S. News Australia China Politics Joe Biden Election 2024 Congress Video Spotlight Entertainment Movie reviews Book

Your weekly dose of Seriously Risky Business news is written by Tom Uren , edited by Patrick Gray with help from Catalin Cimpanu . It's supported by the Cyber Initiative at the Hewlett Foundation and

A few weeks ago, it seemed like everyone in the tech industry was glued to Mudge’s congressional testimony. Not only is he one of the most irreproachable people in the security space, the drama around

I had to split this article into two parts. Part one describes what I think is wrong and part two, which is coming next week, is a proposed architecture to improve it. Discussions and comments for thi

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcast s or PodcastOne . The Army is exploring how to use Software Bills of Mat

How Security Leaders Draw The Line Published in The Gray Area · 5 min read · Nov 11, 2022 -- Recently there have been reports of security leaders abruptly leaving public organizations. Departures like

San Diego’s MedCrypt, which provides cybersecurity technology for medical devices, snagged $25 million in a second round of venture funding despite today’s tough environment for young firms seeking to

The Federal Trade Commission plans to take the rare step of bringing individual sanctions against the CEO of alcohol delivery company Drizly for data privacy abuses, following allegations that the com

A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. The rogue worker had contacted about hal

Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet. See More → A technologist and maintainer of a popular piece of open source s

Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet. See More → Crypto.com, one of the largest cryptocurrency exchanges in the wo

Application Security The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow