July 29, 2024 at 06:57AM In H1 2024, SecurityWeek recorded 178 cybersecurity-related M&A deals, the lowest since 2021. North America led with 135 deals, mainly in the US. Europe saw 49 deals, with the UK being the most active. Financial details for 33 deals totaled $33.5 billion. MSSPs were the most involved, with 50 deals. … Read more
July 25, 2024 at 07:31AM The text discusses various application security testing methods essential for securing applications and understanding the differences between these methods and penetration testing. It details six different types of testing methods – Pentesting, DAST, SAST, IAST, Fuzz Testing for APIs, and APSM, providing benefits and distinctions for each. The integration of … Read more
July 22, 2024 at 08:02AM Heeler Security, a US-based application security startup founded in 2023, has secured $8.5 million in seed funding led by Norwest Venture Partners. The company focuses on enhancing application security and efficiency with its ProductDNA technology, providing real-time code assessment and automation. Currently used by Fortune 500 companies, the technology will … Read more
July 18, 2024 at 03:36AM According to a CrowdStrike report, only 54 percent of cyber security workers review major software updates. The process is time-consuming and costly, with an average annual expenditure of nearly $1.2 million for code reviews. Security managers face challenges such as misaligned tools and prioritizing issues. Strengthening application security is critical … Read more
July 10, 2024 at 09:06AM The NSA patched a CSRF vulnerability in its SkillTree platform, designed to modernize software practices within the agency and shared on GitHub in 2020. The fix addressed potential manipulation by hackers, and users were urged to apply the update. This incident highlights the inherent difficulty in identifying and addressing CSRF … Read more
July 9, 2024 at 10:21AM SAP released 16 new and 2 updated security notes for July 2024, addressing high-severity vulnerabilities in PDCE and SAP Commerce. The PDCE bug (CVE-2024-39592) could allow unauthorized data access, while the SAP Commerce issue (CVE-2024-39597) could enable access to improperly configured sites. 15 medium-severity issues in various SAP products were … Read more
June 28, 2024 at 01:28PM A new study reveals the widespread and concerning use of memory-unsafe code in major open source software projects, leading to common security issues. Despite this insight, immediate changes are unlikely due to the complexity and cost of rewriting code entirely in memory-safe languages. The report’s findings align with previous studies, … Read more
June 11, 2024 at 05:39PM Checkmarx, a leading cloud-native application security provider, has launched Checkmarx Application Security Posture Management (ASPM) and Cloud Insights to offer unparalleled visibility into organizations’ application security posture from code to cloud. These new solutions empower enterprises to reduce application and business risk and prioritize remediation efforts effectively. For more information, … Read more
June 11, 2024 at 08:03AM SAP released ten new and two updated security notes, including high-priority fixes for cross-site scripting in Financial Consolidation and denial-of-service in SAP NetWeaver AS Java. Eight medium-severity vulnerabilities were also addressed in various products, with potential impacts like DoS, file uploads, information disclosure, and data tampering. Two low-severity issues were … Read more
June 7, 2024 at 08:06AM Summary: Traditional Software Composition Analysis (SCA) tools struggle to provide comprehensive security for software supply chains, leading to alert fatigue and leaving organizations vulnerable. Myrror Security’s guide offers insights into the limitations of current SCA tools and the features needed in future software supply chain security solutions to combat emerging … Read more