New Year, Same Security Problems – Kris Lahiri – ESW #256
It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for…
It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for…
The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security…
There’s an understandable focus on “shift left” in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into…
Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA….
Log4j has more updates and more vulns (but probably not more heartburn…), revisiting outages and whether availability has made it into your threat models, deep…
Sponsored By Visit https://www.cybereason.com/cisostories for more information! Cybersecurity talent shortages are well documented and asking experience cybersecurity professionals to spend countless hours on routine tasks…
In this interview, we discuss defenders sharing information, how Edna deals with Azure’s supply chain challenges, ransomware trends, and some future predictions. Edna has been…
This week in the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach,…
In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML…
Sponsored By Visit https://www.cybereason.com/cisostories for more information! Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a…
It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for…
The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security…
There’s an understandable focus on “shift left” in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into…
Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA….
Log4j has more updates and more vulns (but probably not more heartburn…), revisiting outages and whether availability has made it into your threat models, deep…
Sponsored By Visit https://www.cybereason.com/cisostories for more information! Cybersecurity talent shortages are well documented and asking experience cybersecurity professionals to spend countless hours on routine tasks…
In this interview, we discuss defenders sharing information, how Edna deals with Azure’s supply chain challenges, ransomware trends, and some future predictions. Edna has been…
This week in the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach,…
In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML…
Filter By:
Lessons Learned from Building an ISAC – Grant Sewell – CSP #59
Sponsored By Visit https://www.cybereason.com/cisostories for more information! Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a…