In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher…
Browsing CategoryApplication Vulnerability
Containers, Security, and Risks within Containerized Environments
Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform…
Electron Application Attacks: No Vulnerability Required
While you may have never heard of “Electron applications,” you most likely use them. Electron technology is in many of today’s most popular applications, from streaming music to messaging to…
Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform
In an age where organizations have established a direct dependence on software to run critical business operations, it’s fundamental that they are evaluating their software development lifecycles and that of…
Behavior Transparency: Where Application Security Meets Cyber Awareness
How can you tell when software is behaving strangely if you don’t know what the right behavior is? That’s an important question when it comes to threat actors. After all,…
How AI Will Transform Data Security
I’ve often wondered whether artificial intelligence (AI) in cybersecurity is a good thing or a bad thing for data security. Yes, I love the convenience of online stores suggesting the…
API Abuse Is a Data Security Issue Here to Stay
Just about every app uses an application programming interface (API). From a security standpoint, though, APIs also come with some common problems. Gartner predicted that API abuse will be the…
Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness
Security professionals keep busy. Before you can patch a vulnerability, you need to decide how important it is. How does it compare to the other problems that day? Choosing which…
Harnessing the Power of Transfer Learning to Detect Code Security Weaknesses
Detecting vulnerabilities in code has been a problem facing the software development community for decades. Undetected weaknesses in production code can become attack entry points if detected and exploited by…
Updating Legacy Systems Amid Growing Cybersecurity Concerns
Over the past few months, a shift to remote working has raised many security questions for businesses trying to protect their data. And, ensuring that legacy systems are secure is…