Topgolf Callaway is a powerful golf company that offers modern golfing entertainment, as well as selling golf equipment in most areas of the world. The organization maintains online and in-person stores in many different countries and sells to millions of customers annually. With so much customer data exchanging hands through this company and its many retailers, everyone involved is at risk because of a recent security vulnerability.

One of the most vital things to get right in application security is dependency management, and to achieve this, your suite of AppSec tools must be up to date. This means that your vulnerability scanning, detection, and remediation capabilities must be able to identify and address the newest and most exploited vulnerabilities. Do you know what these vulnerabilities are? Have you got them covered? With the help of some of the world’s leading cybersecurity authorities, you can be.

Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

At this year’s AWS re:Invent, Mic McCully, Field CTO at Snyk, spoke with Jacob Salassi, Director of Product Security at Snowflake. They discussed what it looked like for Snowflake to overcome various security challenges with the right combination of processes, company culture shifts, and tool partners (including Snyk!). Read on to learn about the practices Jacob and his team established to create a successful application security program.

On Tuesday, August 29, 2023, VMware disclosed a critical authentication bypass vulnerability (CVE-2023-34039) in VMware Aria Operations for Networks–formerly known as vRealize Network Insight–that could result in a threat actor gaining access to the Aria Operations for Networks CLI by bypassing SSH authentication. The vulnerability was responsibly disclosed to VMware and has not been actively exploited in campaigns.

There are few security tasks more important, yet more difficult, to conduct than a vulnerability scanning program. A properly conducted scanning program requires a team of human-led experts with the technology to search for issues that might give a threat actor access to a network. Only the largest organizations with equally large wallets can afford to take on this task, but there is an option.

We’ve seen how technology can evolve at warp speed, and AI has emerged as both a revolutionary force and a tantalizing enigma. Whether you're a seasoned developer seeking to expand your toolkit or a security enthusiast on a quest for clarity in the realm of AI, embarking on the journey to demystify this dynamic field can be both exhilarating and overwhelming.

Threat Intelligence Analyst How does phishing-as-a-service (PhaaS) really work, and can it really bypass MFA? Here, we will walk you through the user interface of a PhaaS platform, and how its users can quickly build their own attacks using the built-in attack models and templates (and bypass MFA). For a layered approach, beyond MFA, we will introduce you to the benefits of using a threat intelligence solution to stay-ahead of emerging and advanced phishing attacks.

There are flaws in every organization’s IT infrastructure, along with software that requires patching. These flaws could arise from various sources, such as human errors during software coding. Hackers are always on the lookout to exploit these flaws and applications. However, by following a vulnerability assessment methodology to perform vulnerability assessments, organizations can identify these weaknesses before the cyber adversaries do.

Get more from your investment in ServiceNow. Secure IT assets by proactively identifying endpoint security and compliance risks, automating patching of vulnerabilities, and more.