Cloud-based dev teams: shift security left to avoid being the next SolarWinds
“The entire way we perform security in a development environment needs to be rethought.”
About SC Media
Application Security
Startup Traceable turns to CISO investors for next phase of growth
The new partnership with Silicon Valley CISO Investments will include an additional $250,000, but perhaps more importantly it will include support and guidance from dozens of practicing CISOs around operations, product road maps, pricing and marketing initiatives as the startup looks to scale its business.
Google: Insufficient and rushed patching leads to more zero-day exploits
The findings highlight a troubling habit that software developers can sometimes fall into: hastily scramble to issue an urgent vulnerability patch, only to move on to the next issue without fully grasping the underlying cause or crafting a wholistic fix.
State auditor’s office clashes with file transfer service provider after breach
The product from private cloud solutions company Accellion was near end of life at the time of the breach. Should customers have switched sooner?
As SolarWinds spooks tech firms into rechecking code, some won’t like what they find
If more attacks are uncovered, end-user organizations must apply lessons learned from SolarWinds and take decisive action.
70% of apps for the manufacturing sector spent all of 2020 with at least one security flaw
With public administration apps, the number that went a year with an unpatched security flaw dropped to 67 percent, and nine other sectors ranged between 50 and 60 percent, according to research from WhiteHat Security.
Sunspot malware scoured servers for SolarWinds builds that it could weaponize
The software company says two customer inquires, in hindsight, appear linked to the supply-chain attack.
Perils of coding errors play out in Parler slip up
Applied to internet applications in general, the IDOR problems that led to the Parler exposure could extend to anything stored sequentially and not secured individually — receipts, posts, and in many instances entire accounts.
‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform
In theory they know better. But Users naïvely trust workplace communications platforms, despite phishing and impersonation threats.
Google outage tied to authentication system outage, not supply chain attacks
An outage caused a stir among security experts, wondering whether the incident might have ties to a major hacking event that resulted in breaches at both the Treasury and Commerce departments. It didn’t.
Want to read more?
Next post in Application Security
