Security
Headlines
HeadlinesLatestCVEs

Source

DARKReading

3 Lessons Learned in Vulnerability Management

In 2022, multiple high-profile vulnerabilities like Log4j and OpenSSL provided important takeaways for future public reporting.

DARKReading
#vulnerability#web#mac#perl#log4j#ssl
Java, .NET Developers Prone to More Frequent Vulnerabilities

About three-quarters of Java and .NET applications have vulnerabilities from the OWASP Top 10 list, while only 55% of JavaScript codebases have such flaws, according to testing data.

Why Mean Time to Repair Is Not Always A Useful Security Metric

Analyzing and learning from incidents is the ideal path to finding more insightful data and metrics, according to the VOID report.

Norton LifeLock Warns on Password Manager Account Compromises

Password manager accounts may have, ironically, been compromised via simple credential stuffing, thanks to password reuse.

Malware Comes Standard With This Android TV Box on Amazon

The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box tainted.

Sneaky New Stealer Woos Corporate Workers Through Fake Zoom Downloads

Rhadamanthys spreads through Google Ads that redirect to bogus download sites for popular workforce software — as well as through more typical malicious emails.

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools

High-profile software provider compromises in the past few months show that threat actors are actively targeting the services underpinning corporate infrastructure. Here's what to do about it.

Cloudflare Wins CISA Contract for Registry and Authoritative Domain Name System (DNS) Services

With the $7.2M contract, Cloudflare will enhance resilience and simplify security for .gov domain users.

Fast-Track Secure Development Using Lite Threat Modeling

Establish clear and consistent processes and standards to scale lite threat modeling's streamlined approach across your organization.