14 Aug 2019

Orgs Doing More App Security Testing but Fixing Fewer Vulns

A new study by WhiteHat Security shows that in 2018, US companies tested 20% more application for security vulnerabilities than in the year before, but they fixed only about half (50.7%) of critical flaws and 37% of high severity issues that were uncovered during dynamic application security tests (DAST). This

Read More
11 Jul 2019

Big Banks Vulnerable to Web, Mobile Attacks

ImmuniWeb researchers have found vulnerabilities in the web applications, APIs and/or mobile apps of 97 of the 100 largest financial organizations in the world, which are located across 22 countries. The report shows that 85 online banking apps where not compliant with GDPR, while 49 were not compliant with PCI

Read More
26 Jun 2019

Cybercriminals leverage malicious Office docs, Mac malware, web app exploits

A new Watchguard report shows that malware detections rose by 62% between Q4 of 2018 and Q1 of this year. The study also found that macOS malware is a growing threat, with two strains making the top 10 of most common malware in Q1 2019. Attacks on web applications are

Read More
18 Jun 2019

Disgruntled security firm discloses zero-days in Facebook’s WordPress plugins

A security firm holding a grudge against WordPress recently released proof-of-concept (PoC) code for two zero-days affecting two official Facebook plugins for WordPress. The impacted plugins are “Messenger Customer Chat” (20,000 installations) and “Facebook for WooCommerce” (200,000 installations). The flaws are tricky to exploit, but can enable threat actors to

Read More
14 Jun 2019

The gaming community is a rising target for credential stuffing attacks

An extensive Akamai report on the state of Internet security highlights the growing cyber threat for gamers. According to the study, gaming websites were the target of around 12 billion credential stuffing attacks between (November 2017 and March 2019. In a credential stuffing attack, a threat actor uses leaked or

Read More
12 Jun 2019

Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw

New research by bug bounty firm HackerOne shows that cross-site scripting (XSS) vulnerabilities are still the most common type of security flaw found in web applications. XSS flaws can enable attackers to inject malicious code into websites in order to steal sensitive information from users. Miju Han of HackerOne says

Read More