The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?

August 16, 2024 at 07:40AM SaaS applications offer convenience and efficiency but come with security risks, making due diligence essential. AppOmni offers the Due Diligence Questionnaire (DDQ) and SaaS Event Maturity Matrix (EMM) to simplify the process and enhance security measures. These resources facilitate identifying and addressing security gaps, streamlining the due diligence process and … Read more

Unconfirmed Hack of 2.9 Billion Records at National Public Data Sparks Media Frenzy Amid Lawsuits

August 14, 2024 at 11:16AM National Public Data (NPD) allegedly experienced a data breach, with 2.9 billion records of US, Canada, and UK citizens being offered for sale. While media largely ignored the reports, a class-action lawsuit filed against NPD raised substantial concerns. However, there is a lack of concrete evidence, and NPD has not … Read more

Microsoft discloses Office zero-day, still working on a patch

August 9, 2024 at 12:17PM Microsoft has identified a high-severity zero-day vulnerability in Office 2016 and later, for which a patch is yet to be released. Based on the meeting notes, the key takeaway is that Microsoft has announced a high-severity zero-day vulnerability impacting Office 2016 and later versions that is still awaiting a patch. … Read more

Twilio kills off Authy for desktop, forcibly logs out all users

August 1, 2024 at 05:15PM Twilio has discontinued its Authy for Desktop app, prompting a mandatory logout for users. After reviewing the meeting notes, it’s clear that Twilio has made the decision to discontinue its Authy for Desktop application, resulting in a forced logout of users from the desktop application. This decision will likely impact … Read more

Dangerous XSS Bugs in RedCAP Threaten Academic & Scientific Research

July 31, 2024 at 10:23AM Three cross-site scripting (XSS) vulnerabilities (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396) were found in REDCap, a web app used by researchers. These vulnerabilities could allow attackers to execute malicious JavaScript code, potentially compromising sensitive data. Updating to REDCap version 14.2.1 or later is recommended to mitigate these flaws. Based on the meeting … Read more

Forget security – Google’s reCAPTCHA v2 is exploiting users for profit

July 24, 2024 at 02:42AM Google’s reCAPTCHA service, initially designed to enhance website security, is accused by researchers at the University of California, Irvine of gathering user information and labor. The researchers argue it is disliked by users, costly, and vulnerable to bots. They estimate the service has cost over $6.1 billion in human time … Read more

Under-Resourced Maintainers Pose Risk to Africa’s Open Source Push

July 22, 2024 at 02:07AM The UN Open-Source Program Officers for Good 2024 conference discussed the benefits of open source software (OSS) in delivering affordable technology to underserved nations. Emphasizing the need for security in OSS, speakers highlighted the risk of under-resourced projects and ways to secure the open source ecosystem, including software bills of … Read more

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm

July 19, 2024 at 11:06AM SonicWall warns that a recently patched Splunk Enterprise vulnerability, CVE-2024-36991, is more severe than initially considered. The vulnerability, with a CVSS score of 7.5, allows for path traversal on the /modules/messaging/ endpoint, potentially granting access to sensitive files. SonicWall urges users to update or disable Splunk Web to mitigate the … Read more

OpenAI Rolls Out Compliance API and Integrations for ChatGPT Enterprise

July 18, 2024 at 04:03PM OpenAI is launching new compliance tools for ChatGPT Business Edition, aiming to support enterprise customers in regulated industries like finance and healthcare. The Enterprise Compliance API and third-party integrations help audit, manage data, and ensure compliance with regulations like FINRA, HIPAA, and GDPR. This move aligns with OpenAI’s focus on … Read more

Pindrop Security Raises $100 Million to Expand Deepfake Detection Technology

July 17, 2024 at 11:12AM Pindrop Security secured $100 million in debt financing to enhance its AI-powered detection of AI-generated voice deepfakes, distinct from its previous equity funding. The surge in malicious gen-AI-based deepfake voice attacks has propelled the demand for improved detection tools, as the company aims to counteract the growing threat through specialized … Read more