The takedown this week of a massive phishing-as-a-service (PhaaS) operation spanned law enforcement agencies from both sides of the Atlantic and is the latest example of an increasingly aggressive approach by authorities to disrupt the operations of high-profile cybercriminal gangs.…
Category: Security Boulevard
USENIX Security ’23 – Inductive Graph Unlearning
Authors/Presenters: *Cheng-Long Wang, Mengdi Huai, Di Wang* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via…
From DAST to dawn: why fuzzing is better solution | Code Intelligence
Security testing allows you to evaluate the robustness of applications and systems and identify potential weaknesses that attackers may exploit. DAST and fuzzing are two popular, important, and proven security testing methods. DAST (dynamic application security testing) searches for security…
Scaling Application Security With Application Security Posture Management (ASPM)
Did you know that the total number of data breaches more than tripled between 2013 and 2022? These breaches exposed 2.6 billion personal records in the past two years alone… The post Scaling Application Security With Application Security Posture Management…
The Dark Side of EDR: Repurpose EDR as an Offensive Tool
See how a SafeBreach Labs researcher bypassed the anti-tampering mechanism of a leading EDR to execute malicious code within one of the EDR’s own processes and altered the mechanism to gain unique, persistent, and fully undetectable capabilities. The post The…
Google Chrome DBSC Protection Tested Against Cookie Attacks
In light of cookie stealing attacks and to ensure Chrome browser protection, Google has recently piloted its new Chrome DBSC. The device-bound session credentials (DBSC) are aimed at protecting users against cookie theft that threat actors may carry out using…
Crunching Some Numbers on PHP Support
PHP Extended Lifecycle Support (ELS) allows you to continue using older versions of PHP while still receiving security updates for the language, without introducing breaking changes to your application. The first and obvious question might be, “Why would I want…
The Ultimate Guide to SBIR and STTR Program Budgeting
The world advances based on innovation, and innovation can come from anywhere. The trouble is that the current capitalist economic system encourages large corporations to play conservatively with their products and their budgets while working to secure their own positions…
Vulnerabilities for AI and ML Applications are Skyrocketing
In their haste to deploy LLM tools, organizations may overlook crucial security practices. The rise in threats like Remote Code Execution indicates an urgent need to improve security measures in AI development. The post Vulnerabilities for AI and ML Applications…
What to Consider When Choosing a Software Composition Analysis (SCA) Tool
Given the widespread use of third-party components in application development, identifying and remediating code vulnerabilities as early in development as possible is critical. As a result, many organizations turn to SCA tools, however traditional ones often deliver superficial code analysis…