Application Security

New Cybersecurity National Security Memorandum will let the spy agency "identify vulnerabilities, detect malicious threat activity and drive mitigations," agency cybersecurity director says.

The massive funding round comes as the rise of cloud and remote work led to new threats and growing security and privacy concerns.

Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.

Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.

The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.

The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.

Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.

By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.

Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.

A vulnerability in a third-party component used by many networking firms puts consumer and small business routers at risk for remote exploitation.

In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.

A Romanian researcher discovers more than 70 vulnerabilities in how applications and their content delivery networks handle cache misses that open the doors to denial-of-service attacks.

The FTC will pursue companies that fail to take steps to protect consumer data from exposure due to Log4j, officials report.