news analysisPython GitHub token leak shows binary files can burn developers tooScrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub.By Lucian ConstantinJul 11, 20245 minsDevSecOpsApplication SecuritySoftware Development feature The CSO guide to top security conferencesBy CSO StaffJun 28, 202410 minsTechnology IndustryIT SkillsEventsfeature Whitelisting explained: How it works and where it fits in a security programBy Josh Fruhlinger and CSO StaffJun 07, 202410 minsEmail SecurityApplication SecurityData and Information Security newsOver half of government applications have unpatched flaws older than a yearBy Lucian Constantin May 30, 20246 minsGovernment ITApplication SecurityVulnerabilities newsCycode rolls out ASPM connector marketplace, analysts see it as bare minimumBy Evan Schuman May 16, 20244 minsApplication Security newsEquipped with AI tools, hackers make apps riskier than everBy Shweta Sharma May 14, 20244 minsApplication Security newsGoogle, Meta, Spotify accused of flouting Apple’s device fingerprinting rulesBy Gyana Swain May 08, 20247 minsMobile SecurityApplication Security news analysisKinsing crypto mining campaign targets 75 cloud-native applicationsBy Lucian Constantin May 08, 20246 minsCryptocurrencyMalwareApplication Security newsSAP users are at high risk as hackers exploit application vulnerabilitiesBy Shweta Sharma Apr 17, 20244 minsApplication SecurityVulnerabilities ArticlesfeatureWhere in the world is your AI? Identify and secure AI across a hybrid environmentAs AI becomes integral to systems brought into the enterprise ecosystem it is increasingly critical for security teams to know where it is and reduce its risks. By Deb Radcliff Apr 17, 2024 9 minsApplication SecurityCloud SecurityNetwork SecurityfeatureWhat is identity fabric immunity? Abstracting identity for better securityCISOs struggling to manage a diverse and complex identity access management infrastructure should start thinking about identity fabric immunity.By Matthew Tyson Apr 03, 2024 11 minsCSO and CISOApplication SecurityIdentity and Access Managementnews analysisSoftware supply chain attack impacts repo of large Discord bot communityThe incident shows the snowball effect a single malicious package can have on the open-source development ecosystem.By Lucian Constantin Mar 27, 2024 6 minsDevSecOpsMalwareSupply ChainfeatureTeams, Slack, and GitHub, oh my! – How collaborative tools can create a security nightmareSome of today’s most popular and useful information-sharing platforms can leave a lot to be desired from a security standpoint. Here are some of the issues and how to mitigate them.By Susan Bradley Mar 19, 2024 7 minsWindows SecurityApplication SecurityCloud Securitynews analysisNew Kubernetes vulnerability allows privilege escalation in WindowsAttackers can abuse YAML configuration files to execute malicious commands in Windows hosts.By Lucian Constantin Mar 13, 2024 6 minsDevSecOpsApplication SecurityVulnerabilitiesnewsTool sprawl is hurting application security, US CSOs saySecurity teams are managing many independent security tools and are able to fully review only half of major code changes, a new survey has found.By Shweta Sharma Feb 13, 2024 5 minsApplication SecurityfeatureHow to strengthen your Kubernetes defensesKubernetes-focused attacks are on the rise. Here is an overview of the current threats and best practices for securing your clusters.By David Strom Feb 13, 2024 8 minsDevSecOpsApplication SecurityIdentity and Access Managementnews analysisDeprecated npm packages that appear active present open-source riskA significant percentage of the 50,000 most-downloaded npm packages are deprecated or have a deprecated dependency but provide no warning.By Lucian Constantin Jan 19, 2024 5 minsDevSecOpsApplication SecurityOpen SourcefeatureThe OWASP AI Exchange: an open-source cybersecurity guide to AI componentsThis open-source collaborative effort to share global AI security standards, regulations, and knowledge aims to mitigate risk and boost AI cybersecurity for all.By Chris Hughes Jan 16, 2024 9 minsDevSecOpsApplication SecuritySecurity PracticesfeatureUnderstanding the NSA’s latest guidance on managing OSS and SBOMsOpen-source software is ever vulnerable to malicious actors, but software bills of material can help mitigate the threat. NSA guidance sets a solid foundation for managing the ecosystem.By Chris Hughes Dec 25, 2023 9 minsApplication SecurityOpen SourceSecurity Practicesnews analysisAtlassian patches critical remote code execution vulnerabilities in multiple productsThe company also releases advisories for high-severity data leaks and denial-of-service issues across multiple products, including Jira and Confluence.By Lucian Constantin Dec 12, 2023 6 minsDDoSApplication SecurityVulnerabilitiesnewsSnyk unveils new ASPM offering to help DevSecOps manage cloud application risksSnyk AppRisk provides an ASPM workbench for the developers and security teams to discover assets, and analyze business and security context to quantify risks.By Shweta Sharma Dec 12, 2023 3 minsApplication Security Show more Show less View all Resources whitepaper 2023 Comcast Business Cybersecurity Threat Report The 2023 Comcast Business Cybersecurity Threat Report was developed to help IT leaders glean a deeper understanding of trends in cybersecurity threats—and the steps they can take to help protect their organizations from an evolving set of threats. The post 2023 Comcast Business Cybersecurity Threat Report appeared first on Whitepaper Repository –. By Comcast Business 08 Jul 2024Application SecurityBusiness OperationsData and Information Security whitepaper 2023 Comcast Business Cybersecurity Threat Report By Comcast Business 24 Jun 2024Application SecurityBusiness OperationsData and Information Security whitepaper 2023 Comcast Business Cybersecurity Threat Report By Comcast Business 24 Jun 2024Application SecurityBusiness OperationsData and Information Security View all Podcasts podcastsSponsored by VeracodeA Hard Look at Software SecurityIn Season 2 of our podcast series, we’ll discuss the implications and mandates generated by Veracode’s most recent State of Software Security report. Our industry experts will pick up from Season 1’s highlights to take a closer look at application security today. Listeners will learn more about: The impact security debt is having across industries The changing attitudes and priorities put around application security How the average number of days to fix software flaws has almost tripled since the last report The case for scanning early and often 0 episodeApplication Security Ep. 12 Frequency matters: the case for scanning early and often, part 2 Jan 15, 202014 mins Application SecurityData and Information SecuritySecurity Ep. 08 Unresolved flaws: security debt grows deeper Jan 15, 202011 mins Application SecurityData and Information SecuritySecurity Video on demand videoWhat’s ahead for cybersecurity in 2019: TECH(talk)J.M. Porup, senior writer at CSO online, joins Juliet on this week’s episode of TECH(talk) to discuss trends in ransomware, IoT security and enterprise cybersecurity roles. Feb 01, 2019 25 minsRansomwareTechnology IndustryCyberattacks 6 security reasons to upgrade to Windows 10 Jul 25, 2018 1 minsApplication SecurityPrivacyWindows Don’t ignore application security | Salted Hash Ep 35 Jul 23, 2018 18 minsApplication SecurityVulnerabilitiesSecurity The difference between red team engagements and vulnerability assessments | Salted Hash Ep 34 Jul 03, 2018 16 minsData BreachApplication SecurityCybercrime See all videos Explore a topic Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management View all topics All topics Close Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Generative AI Show me morePopularArticlesPodcastsVideos news AT&T confirms arrest in data breach of more than 110 million customers By Evan Schuman Jul 12, 20246 mins Data BreachCyberattacksPrivacy news Mobile surveillance software firm mSpy suffers data breach By John Leyden Jul 12, 20244 mins Data BreachPrivacy news Known SSH-Snake bites more victims with multiple OSS exploitation By Shweta Sharma Jul 12, 20243 mins MalwareOpen Source podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO podcast CSO Executive Sessions: Data protection in Malaysia Jul 02, 202415 mins CSO and CISO podcast CSO Executive Session India with Mrinal Kanti Roy, CISO, Cairn Oil and Gas Jul 01, 202416 mins CSO and CISO video Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience Jul 10, 202424 mins CSO and CISO video CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO video CSO Executive Sessions: Data protection in Malaysia Jul 02, 202415 mins CSO and CISO