Scaling a risk-based AppSec program involves adapting your security practices to accommodate the growth and evolving needs of your business, while effectively managing and mitigating security risks.

With the United Nations Economic Commission for Europe World Forum for Harmonisation of Vehicle Regulations (UNECE WP.29) framework coming into effect in July 2024, leaders across the Automotive sector are apparently ‘swamped’ by the volume of compliance and security risks that need to be addressed to protect drivers in all types of connected or autonomous vehicles.

YouTube is the world's second-biggest social media platform, currently boasting 2.7 billion active users in 2023, second only to Facebook, which stands at 2.9 billion. An important feature of YouTube is YouTube Kids, where 35 million children can enjoy age-appropriate content for younger audiences (5-8 years) and older (9-12 years).

Picture this: A crowd of people suddenly, without warning, enter a tiny shop, with room for only a handful of customers. All these extra people make it impossible for customers to get in or get out. Those extra people do not intend to shop — instead they want to disrupt the regular business operations. All this traffic jam-packs the shop, preventing it from carrying out normal business operations.

During this year’s Black Hat in Las Vegas, I learned (or was reminded of) many lessons working alongside my Corelight colleagues and Black Hat Network Operations Center (NOC) teammates from Arista, Cisco, Lumen, NetWitness and Palo Alto Networks. The uniqueness of standing up a full security stack and NOC in such a short time with a team that comes together infrequently really forced me to consider how team processes and communication affect NOC/SOC efficiency and effectiveness.

A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 protocol was recently disclosed by researchers and vendors. It was exploited in the wild from August 2023 to October 2023. The issue arises from the HTTP/2 protocol's ability to cancel streams using an RST_STREAM frame, which can be misused to overload servers by initiating and quickly canceling numerous streams, circumventing the server's concurrent stream limit.

In this era, threat actors have proven to be tireless in their pursuit of exploiting vulnerabilities and gaining unauthorized access to online platforms using anything from simple to sophisticated attacks. Today, we delve into shedding light on how attackers employ methods to bypass one of the most common defenses against automated attacks. Particularly on using TOR networks to evade or bypass CAPTCHA.

In the fast-paced world of technology business, mergers and acquisitions (M&As) have become commonplace. Companies often seek growth, innovation, and market expansion through these strategic moves. However, amidst the excitement of potential synergies and increased market share, there is a lurking danger that can significantly impact the success of an M&A deal: technical debt.

The recent hype focused on the cURL vulnerability highlights the need for greater visibility and knowledge of your applications' software bill of materials (SBOM)

Air Europa is a Spanish airline that serves travelers from all over Europe, North America, the Caribbean, and Tunisia. The airline welcomes over 430 million fliers each year, with 10,000+ daily flights across the globe. Following a recent hack, some consumers may have had their credit card information stolen. Very little is public about the cyber incident, meaning any traveler could be at risk.