Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

According to the Open Web Application Security Project (OWASP, 2019), broken object-level authorization (BOLA) is the most significant vulnerability confronting modern application programming interfaces (APIs). It can be exciting to pursue innovations in the API area, but while doing so, programmers must ensure that they are adequately attentive to security concerns and that they develop protocols that can address such concerns.

The recent OpenSSH double-free vulnerability – CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms – Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.

In recent years, phishing attacks have become increasingly sophisticated and are now being conducted through various messaging platforms such as Telegram. Telegram is a popular messaging app that allows users to send messages, photos, videos, and other files over the internet. It also provides APIs that allow developers to create custom bots and applications. Unfortunately, these same APIs can be used by malicious actors to exfiltrate credentials successfully phished from attacks.

WatchGuard Technology was recognized as a Cybersecurity Channel Champion in the 2022 Canalys Global Cybersecurity Leadership Matrix. The Cybersecurity Leadership Matrix assesses vendor performance in the channel over the last 12 months based on partner feedback, vendor surveys, Canalys shipment estimates, and analyst insight.

In this episode of the Future of Security Operations podcast, Thomas speaks with Diana Kelley, Chief Security Officer / Chief Strategy Officer at Cybrize, which connects organizations, security leaders, and job seekers to train and support the next generation of cybersecurity professionals.

Cybersecurity isn’t easy in any industry, but it is perhaps most challenging for the banking, financial services, and insurance (BFSI) sector. Financial institutions are highly digitized and have large, complex IT infrastructures with many environments and assets to protect. At the same time, these enterprises are highly targeted by threat actors, leading to a constant barrage of attacks to detect and disrupt.

If you were to poll the folks in a typical office about which aspect of the infamous CIA Triad was most important to them, you would likely get different answers from different people. While confidentiality, integrity, and availability are all important and serve to function together, for the sake of fun, what if you had to choose one factor as the most critical?

Tanium can solve more of your endpoint management needs than ever before. We have just launched our new product Certificate Manager and added three new features to our core product Enforce — Modern Device Management for macOS®, Enhanced Policy Management for Windows, and USB Removable Storage Management.

The 18th International Conference on Cyber Warfare and Security gave researchers, policymakers, and security professionals a chance to share findings and ideas. Read the highlights.

Mass layoffs. Budget cuts. Funding shortages. Fears of recession. Headlines paint a bleak picture for organizations in 2023. To prepare for the turbulent year ahead, companies are scaling back their spending in droves. Yet, amid ruthless cost-cutting, many organizations are still prioritizing their investments in bulking up cybersecurity defenses. The question is, what are they spending these budgets on?