featureNHIs may be your biggest — and most neglected — security holeBecause IT has so little visibility into non-human identities, attackers are increasingly seeking them out as ultra-easy onramps to everything of value in your enterprise. The solution? Stop treating NHIs as though they are another human end-user.By Evan SchumanJul 23, 20249 minsApplication SecurityIdentity and Access ManagementNetwork Security news analysis Python GitHub token leak shows binary files can burn developers tooBy Lucian ConstantinJul 11, 20245 minsDevSecOpsApplication SecuritySoftware Developmentfeature The CSO guide to top security conferencesBy CSO StaffJun 28, 202411 minsTechnology IndustryIT SkillsEvents featureWhitelisting explained: How it works and where it fits in a security programBy Josh Fruhlinger and CSO Staff Jun 07, 202410 minsEmail SecurityApplication SecurityData and Information Security newsOver half of government applications have unpatched flaws older than a yearBy Lucian Constantin May 30, 20246 minsGovernment ITApplication SecurityVulnerabilities newsCycode rolls out ASPM connector marketplace, analysts see it as bare minimumBy Evan Schuman May 16, 20244 minsApplication Security newsEquipped with AI tools, hackers make apps riskier than everBy Shweta Sharma May 14, 20244 minsApplication Security newsGoogle, Meta, Spotify accused of flouting Apple’s device fingerprinting rulesBy Gyana Swain May 08, 20247 minsMobile SecurityApplication Security news analysisKinsing crypto mining campaign targets 75 cloud-native applicationsBy Lucian Constantin May 08, 20246 minsCryptocurrencyMalwareApplication Security ArticlesnewsSAP users are at high risk as hackers exploit application vulnerabilitiesResearch highlights heightened threat actor interests in SAP systems, targeting poorly patched organizations.By Shweta Sharma Apr 17, 2024 4 minsApplication SecurityVulnerabilitiesfeatureWhere in the world is your AI? Identify and secure AI across a hybrid environmentAs AI becomes integral to systems brought into the enterprise ecosystem it is increasingly critical for security teams to know where it is and reduce its risks. By Deb Radcliff Apr 17, 2024 9 minsApplication SecurityCloud SecurityNetwork SecurityfeatureWhat is identity fabric immunity? Abstracting identity for better securityCISOs struggling to manage a diverse and complex identity access management infrastructure should start thinking about identity fabric immunity.By Matthew Tyson Apr 03, 2024 11 minsCSO and CISOApplication SecurityIdentity and Access Managementnews analysisSoftware supply chain attack impacts repo of large Discord bot communityThe incident shows the snowball effect a single malicious package can have on the open-source development ecosystem.By Lucian Constantin Mar 27, 2024 6 minsDevSecOpsMalwareSupply ChainfeatureTeams, Slack, and GitHub, oh my! – How collaborative tools can create a security nightmareSome of today’s most popular and useful information-sharing platforms can leave a lot to be desired from a security standpoint. Here are some of the issues and how to mitigate them.By Susan Bradley Mar 19, 2024 7 minsWindows SecurityApplication SecurityCloud Securitynews analysisNew Kubernetes vulnerability allows privilege escalation in WindowsAttackers can abuse YAML configuration files to execute malicious commands in Windows hosts.By Lucian Constantin Mar 13, 2024 6 minsDevSecOpsApplication SecurityVulnerabilitiesnewsTool sprawl is hurting application security, US CSOs saySecurity teams are managing many independent security tools and are able to fully review only half of major code changes, a new survey has found.By Shweta Sharma Feb 13, 2024 5 minsApplication SecurityfeatureHow to strengthen your Kubernetes defensesKubernetes-focused attacks are on the rise. Here is an overview of the current threats and best practices for securing your clusters.By David Strom Feb 13, 2024 8 minsDevSecOpsApplication SecurityIdentity and Access Managementnews analysisDeprecated npm packages that appear active present open-source riskA significant percentage of the 50,000 most-downloaded npm packages are deprecated or have a deprecated dependency but provide no warning.By Lucian Constantin Jan 19, 2024 5 minsDevSecOpsApplication SecurityOpen SourcefeatureThe OWASP AI Exchange: an open-source cybersecurity guide to AI componentsThis open-source collaborative effort to share global AI security standards, regulations, and knowledge aims to mitigate risk and boost AI cybersecurity for all.By Chris Hughes Jan 16, 2024 9 minsDevSecOpsApplication SecuritySecurity PracticesfeatureUnderstanding the NSA’s latest guidance on managing OSS and SBOMsOpen-source software is ever vulnerable to malicious actors, but software bills of material can help mitigate the threat. NSA guidance sets a solid foundation for managing the ecosystem.By Chris Hughes Dec 25, 2023 9 minsApplication SecurityOpen SourceSecurity Practicesnews analysisAtlassian patches critical remote code execution vulnerabilities in multiple productsThe company also releases advisories for high-severity data leaks and denial-of-service issues across multiple products, including Jira and Confluence.By Lucian Constantin Dec 12, 2023 6 minsDDoSApplication SecurityVulnerabilities Show more Show less View all Resources whitepaper 2023 Comcast Business Cybersecurity Threat Report The 2023 Comcast Business Cybersecurity Threat Report was developed to help IT leaders glean a deeper understanding of trends in cybersecurity threats—and the steps they can take to help protect their organizations from an evolving set of threats. The post 2023 Comcast Business Cybersecurity Threat Report appeared first on Whitepaper Repository –. By Comcast Business 08 Jul 2024Application SecurityBusiness OperationsData and Information Security whitepaper 2023 Comcast Business Cybersecurity Threat Report By Comcast Business 24 Jun 2024Application SecurityBusiness OperationsData and Information Security whitepaper 2023 Comcast Business Cybersecurity Threat Report By Comcast Business 24 Jun 2024Application SecurityBusiness OperationsData and Information Security View all Podcasts podcastsSponsored by VeracodeA Hard Look at Software SecurityIn Season 2 of our podcast series, we’ll discuss the implications and mandates generated by Veracode’s most recent State of Software Security report. Our industry experts will pick up from Season 1’s highlights to take a closer look at application security today. Listeners will learn more about: The impact security debt is having across industries The changing attitudes and priorities put around application security How the average number of days to fix software flaws has almost tripled since the last report The case for scanning early and often 0 episodeApplication Security Ep. 12 Frequency matters: the case for scanning early and often, part 2 Jan 15, 202014 mins Application SecurityData and Information SecuritySecurity Ep. 08 Unresolved flaws: security debt grows deeper Jan 15, 202011 mins Application SecurityData and Information SecuritySecurity Video on demand videoWhat’s ahead for cybersecurity in 2019: TECH(talk)J.M. Porup, senior writer at CSO online, joins Juliet on this week’s episode of TECH(talk) to discuss trends in ransomware, IoT security and enterprise cybersecurity roles. Feb 01, 2019 25 minsRansomwareTechnology IndustryCyberattacks 6 security reasons to upgrade to Windows 10 Jul 25, 2018 1 minsApplication SecurityPrivacyWindows Don’t ignore application security | Salted Hash Ep 35 Jul 23, 2018 18 minsApplication SecurityVulnerabilitiesSecurity The difference between red team engagements and vulnerability assessments | Salted Hash Ep 34 Jul 03, 2018 16 minsData BreachApplication SecurityCybercrime See all videos Explore a topic Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management View all topics All topics Close Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Generative AI Show me morePopularArticlesPodcastsVideos news analysis Secure Boot no more? Leaked key, faulty practices put 900 PC/server models in jeopardy By Lucian Constantin Jul 26, 20247 mins Vulnerabilities news Counting the cost of CrowdStrike: the bug that bit billions By Shweta Sharma Jul 26, 20241 min Business ContinuityEndpoint Protection how-to Download the unified endpoint management (UEM) platform enterprise buyer’s guide By Bob Violino Jul 26, 20241 min Mobile SecurityEndpoint ProtectionEnterprise Buyer’s Guides podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) Jul 17, 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO podcast CSO Executive Sessions: Data protection in Malaysia Jul 02, 202415 mins CSO and CISO video CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) Jul 17, 202417 mins CSO and CISO video Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience Jul 10, 202424 mins CSO and CISO video CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO