| | Monthly, curated DevSecOps news and more. | | | Welcome to the first edition of our monthly application security newsletter for developers! New for 2023, this month's newsletter features curated industry news and developer focused content from our blog. Happy reading! | | | IoT, connected devices biggest contributors to expanding application attack surface | A new report shines light on application security challenges impacting global businesses and no surprise, the growth of the internet of things (IoT) and connected devices are the biggest contributing factors to organizations' expanding attack surfaces. Read more at csoonline.com -> | | | Why Developers Should Move to Memory Safe Code
| In October 2022, Consumer Reports hosted an online convening to discuss ways to encourage widespread adoption of code written in memory-safe languages. Read more at consumerreports.org -> | | | The New Frontiers of Cybersecurity – Attack Surface Explosion | As technology evolves, the number of attack targets grows exponentially at each major developmental stage. We also see a corresponding growth in attack vectors. This expansion in both attack targets and vectors combines into an explosion of the attack surface and presents a complex challenge for cybersecurity teams. Read more at securityboulevard.com -> | | | 2023 identity security trends and solutions from Microsoft | Great summary from Microsoft on lessons learned from 2023 and advice going forward on identity security. Also a good reminder that ransomware attacks are second stage attacks and usually the result of Read more at infosecurity-magazine.com-> | | | Researchers Quietly Cracked Zeppelin Ransomware Keys | | | Hospitals Hit by DDoS Attacks as Killnet Group Targets the Healthcare Sector | The increase in DDoS attacks on healthcare organizations in the US in early February by the Pro-Russian hacktivist group Killnet has become a serious concern. Read more at securityboulevard.com -> | | | FBI says it 'hacked the hackers' to shut down major ransomware group | The Department of Justice announced the destruction of the Russian-linked Hive ransomware group after a global law enforcement operation that ran for months.. Read more at npr.org -> | | | Cyberattacks On U.S. Airport Websites Signal Growing Threat To Critical Infrastructure | The transportation industry appears to be waking up to a renewed specter of threats following a series of distributed denial-of-service (DDoS) attacks that temporarily took down several U.S. airport websites. Read more at forbes.com -> | | | Containerization is becoming increasingly common due to portability, ability to isolate application dependencies, scalability, cost effectiveness, and ease of use. Here's what you need to know about the security risks of vulnerable containers. | | | During one of our consultations, a set of similar Cross-site Scripting (XSS) flaws was discovered by Veracode Static Analysis in what turned out to be 3rd party JavaScript files belonging to Apache Spark. After some manual investigation, we confirmed that these flaws indeed constitute a vulnerability and reported a summary of our research to the Security Team of Apache Spark. We also provided concrete remediation guidance. | | | Running a Software Composition Analysis (SCA) scan will help highlight dependencies and any issues in the OSS libraries being used. Here's six reasons why scanning OSS dependencies while you code helps in the long run. . | | | | | Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams' productivity. | | Sales : +1.888.937.0329
Support : +1.877.837.2203
EMEA : +44-(0)-20-3761-5501 Contact Us Unsubscribe | | | |
This email was sent to dasmith1973.blog@blogger.com. If you no longer wish to receive these emails you may unsubscribe at any time.
Posts
No comments:
Post a Comment