Directory traversal explained: Definition, examples and prevention
Jira is just the most recent company to expose its customers via a path traversal vulnerability. This risk is easily avoidable, but developers keep making the same mistake.
Category: CSO
7 ways 5G mobile networks will change IoT security, and how to prepare
Every internet of things security issue will be greatly magnified in a 5G environment. Address these seven areas before you deploy your own.
Business email compromise attacks cost millions, losses doubling each year
Cybercriminals follow the money, and you need look no further than Toyota Boshoku’s recent $37 million loss to see why many are turning to BEC scams.
Rich PII enables sophisticated impersonation attacks
Hackers are now using rich personally identifying information, including device types and browser versions, cookies and web histories, and even voice recordings to gain account access or commit fraud.
How secure are your AI and machine learning projects?
When enterprises adopt new technology, security is often on the back burner. It can seem more important to get new […]
6 ways cybercriminals use commercial infrastructure
Whether through fraud or legitimate purchase, cybercriminals increasingly depend on mainstream services to support their activities.
6 API security lessons from the Venmo breach
Cyber criminals are targeting application programming interfaces to steal sensitive data. Recent exposures and hacks at companies like Venmo, Facebook and Google present lessons to improve API security.
California Consumer Privacy Act (CCPA): What you need to know to be compliant
California’s new privacy law, AB 375, might not burden security as much as the GDPR, but details are subject to change.
How to close SIEM visibility gaps created by legacy apps
It’s often difficult to make log files and other data from legacy applications accessible to security information and event management systems. Here are some options for improving visibility.
4 security concerns for low-code and no-code development
Low code does not mean low risk. By allowing more people in an enterprise to develop applications, low-code development creates new vulnerabilities and can hide problems from security.
6 ways malware can bypass endpoint protection
Breaches from attacks that defeat or run around endpoint protection measures are on the rise. Here’s how attackers do it.
How First Citrus Bank got rid of employee passwords
The Florida bank rolled out passwordless authentication in February that relies on device biometrics of their smartphones.
What is GPS spoofing? And how you can defend against it
The U.S. Global Positioning System, part of a network of global navigation satellite systems (GNSS), is vulnerable to attacks that could disrupt many industries. Here’s how it works and what you can do to mitigate its risk.
Google expands cloud security capabilities, including simpler configuration
New tools and services will help make it easier for enterprises to manage security with Google products as well as with Amazon and in their own private clouds and applications.
What is AI fuzzing? And why it may be the next big cybersecurity threat
Pairing artificial intelligence or machine learning with traditional fuzzing techniques creates a powerful tool to find application or system vulnerabilities — for both researchers and cyber criminals.