New York State AG Letitia James served cease and desist letters to two cryptocurrency lending platforms that her office says engage in "unregistered and unlawful activities." Three other platforms were told by the OAG to "immediately provide information about their activities and products."
How many ways do U.S. businesses need to be told to lock down their systems to safeguard themselves from ransomware? That's the focus of a new, joint cybersecurity advisory from the U.S. government pertaining to BlackMatter, following an advisory issued last month about Conti.
Social media platform Twitter has suspended two accounts that were being used by members of the DPRK, a North Korean government-backed threat group, according to Adam Weidemann, an analyst with the Google Threat Analysis Group. The accounts allegedly targeted security researchers around the globe.
The U.S. Department of the Treasury unveiled additional steps to curb the illicit use of cryptocurrencies on Friday, warning enterprises not to engage with sanctioned entities exploiting the financial system - particularly to launder ransomware proceeds.
Vulnerable software and applications are the leading cause of security breaches. Couple this with the fact that software is proliferating at an accelerated pace, and it’s clear why malicious actors have zeroed in on this rapidly-expanding attack surface. Software security must be a top priority going forward. Here...
A newspaper reporter in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor. The governor alleged the publication of the vulnerability after it was fixed was part of a "political vendetta."
Static application security testing (SAST) plays a major
role in securing the software development lifecycle (SDLC).
Unlike dynamic application security testing (DAST), where
you need the system running to interact with it, SAST
works at the source code level prior to compiling. SAST
can address issues at the...
Security champions bridge the gap between security and development teams. Both of these teams want to deliver secure applications at the speed that the business demands, but traditionally, security practices are added into the SDLC without scaling knowledge and practices through development teams. This creates...
Cloud native applications don’t just run on a different platform; they
overhaul the scope of the applications, the methodologies with
which they’re built, and the skills and ownership around them. To
stay relevant, security practices need to undergo a transformation of
a similar magnitude. We have to embrace a...
The state of the art application security tool needs to combine the power of SAST and
DAST, with a focus on integrating security into the SDLC as early as possible. Additionally, the
tool needs to be developer-first — fast, seamless, contextualized, prioritized — in order to drive
adoption. And finally, it...
Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production.
As digital business and remote work become the new normal, organizations recognize their increasing
exposures to cyberattacks and the need to refactor their security strategies accordingly. In response to this
new landscape several key factors are influencing the demand for an inhouse Malware Lab,...
In an effort to bolster endpoint protection within the U.S. government, the White House is ordering federal agencies to allow CISA to access existing deployments. It is also setting timelines for improving the protection of workstations, mobile phones and servers.
Mobile applications have become a nearly ubiquitous offer from Financial Services organizations. While many banks employ defense in depth security protections at their perimeter, a surprising number do not shield their mobile apps from attack. Application Shielding protects banks and consumers by obfuscating code in...
A congressional letter sent to the heads of four federal agencies expressed an urgent need for the Biden administration to continue combating ransomware. This includes a particular focus on the cryptocurrency infrastructure that is enabling these cyberattacks, four Democratic lawmakers say.