Technology

OAuth security gaps at Booking.com (now remediated)

Mar 2, 2023 By Salt Security In Salt Security

This short video explains how Salt Labs researchers identified several critical security flaws on the popular travel site Booking.com. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user such as booking or canceling reservations and ordering transportation services.

View Video

Salt Security

Read more about OAuth security gaps at Booking.com (now remediated)

Traveling with OAuth - Account Takeover on Booking.com

Mar 2, 2023 By Aviad Carmel In Salt Security

OAuth (Open Authorization) is a modern, open authorization standard designed to allow cross-application access delegation – for example, allowing your application to read data from your Facebook profile. Combined with the proper extensions, OAuth can also be used for authentication – for example, to log into your application using Google credentials. Since its first introduction in 2006, OAuth has gained tremendous popularity.

Read Post

Salt Security

Read more about Traveling with OAuth - Account Takeover on Booking.com

Using ChatGPT to Improve Your Cybersecurity Posture

Mar 2, 2023 By Edward Kost In UpGuard

On November 30, 2022, ChatGPT quaked the digital world, sending a tremor that even rattled the cybersecurity industry. Instead of responding in panic, a more sensible approach is to begin learning how to leverage the technology to streamline your workflow and optimize your skills. In this post, we explain how ChatGPT can be used to improve your cybersecurity posture and data breach resilience.

Read Post

UpGuard

Read more about Using ChatGPT to Improve Your Cybersecurity Posture

How Advanced Technology Can Help Detect Indecent Images Online

Mar 1, 2023 By SecuritySenses In SecuritySenses

In 2023, technology has a hand in almost every aspect of our lives, and is vital in helping to tackle a number of forms of cybercrime. In this article, we're looking at how advanced technology can help to detect indecent images online.

Read Post

SecuritySenses

Read more about How Advanced Technology Can Help Detect Indecent Images Online

EP 22 - Deep Fakes, ChatGPT and Disinformation: Theresa Payton on Evolving Digital Threats (Part 2)

Mar 1, 2023 By CyberArk In CyberArk

Today’s episode is part two of our conversation with former White House CIO, bestselling author and founder and CEO of Fortalice Solutions, Theresa Payton. If you missed part one, you can start here and go back to that episode. Or, you can start there and come back to this one – but you’re already here, so maybe just stick around?

Read Post

CyberArk

Read more about EP 22 - Deep Fakes, ChatGPT and Disinformation: Theresa Payton on Evolving Digital Threats (Part 2)

Keep Your Data Protected from Adversarial States and Governments

Mar 1, 2023 By Lookout In Lookout

Lookout Mobile Endpoint Security allows organizations to protect data and government agencies to comply with state and federal government mandates, such as OMB M-23-13, banning the use of TikTok on devices.

View Video

Lookout

Read more about Keep Your Data Protected from Adversarial States and Governments

MITRE ATT&CK and D3FEND for Cloud and Containers

Mar 1, 2023 By Nigel Douglas In Sysdig

MITRE ATT&CK and MITRE D3FEND are both frameworks developed by the non-profit organization MITRE, but they serve different purposes. If you are new to the MITRE ATT&CK framework and would like to brush up on some of the concepts first, we created a Learn Cloud Native article to help you on your journey. If you want to go further, here’s how Falco’s Cloudtrail rules align with MITRE ATT&CK.

Read Post

Sysdig

Read more about MITRE ATT&CK and D3FEND for Cloud and Containers

Developing A Cloud Data Protection Architecture

Mar 1, 2023 By Protegrity

As companies embrace the operational flexibility of the cloud, security, and compliance concerns are at the forefront of their minds. Developing a proper cloud data-protection architecture requires a personalized and innovative security approach - that's where Protegrity steps in.

Get White Paper

Protegrity

Read more about Developing A Cloud Data Protection Architecture

Mapping the MITRE ATT&CK Framework to API Security

Mar 1, 2023 By Salt Security

API attacks include many of the tactics, techniques, and procedures (TTPs) identified in the MITRE ATT&CK framework. This white paper analyzes and maps three common API attack scenarios to the TTPs found in the MITRE Enterprise Matrix. By understanding how the MITRE ATT&CK TTPs relate to API security threats, security leaders can: Download now to learn how to defend against API attacks by leveraging this well-known security framework.

Get White Paper

Salt Security

Read more about Mapping the MITRE ATT&CK Framework to API Security

The business value of API security

Mar 1, 2023 By Salt Security

Securing your APIs is no longer a luxury, but it shouldn't be viewed as just a necessary burden either. Protecting your APIs opens the door to real business value including: Download this eBook to explore the business results customers are uncovering as they embark on their API security journey and how to quantify the value of API security in your organization.

Get EBook