Authors/Presenters:Binlin Cheng, Erika A Leal, Haotian Zhang, Jiang Mingy Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott;…
Category: Security Boulevard
SquareX: The Future of BYOD Security for Enterprises
Convert the Browsers on BYOD / Unmanaged Devices into Secure Browsing Sessions As modern enterprises continue to adapt to the flexible work culture, Bring Your Own Device (BYOD) policies have become a standard practice. However, protecting sensitive corporate data while maintaining…
CVE-2024-28986 – SolarWinds Web Help Desk Security Vulnerability – August 2024
A critical vulnerability (CVE-2024-28986) in SolarWinds Web Help Desk puts systems at risk of exploitation, requiring immediate attention. Affected Platform The security vulnerability CVE-2024-28986 primarily affects the SolarWinds Web Help Desk software. Organizations utilizing this platform must act swiftly to…
New Office of the CISO Paper: Organizing Security for Digital Transformation
So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security into…
Fundamentals of GraphQL-specific attacks
GraphQL vs REST APIs Developers are constantly exploring new technologies that can improve the performance, flexibility, and usability of applications. GraphQL is one such technology that has gained significant attention for its ability to fetch data efficiently. Unlike the traditional REST…
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
Introduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an organization. On September 12th, 2024, ZDI and Ivanti released an advisory describing a deserialization vulnerability resulting in remote code execution…
USENIX Security ’23 – Security Analysis of MongoDB Queryable Encryption
Authors/Presenters:Zichen Gui, Kenneth G. Paterson, Tianxin Tang Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via…
Randall Munroe’s XKCD ‘Monocaster’
<a class=” sqs-block-image-link ” href=”https://xkcd.com/2983/” rel=”noopener” target=”_blank”> <img alt=”” height=”673″ src=”https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/d6d46307-0dbb-42b6-9d46-ab12d107684e/monocaster.png?format=1000w” width=”536″ /> </a><figcaption class=”image-caption-wrapper”> via the comic & dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Monocaster’ appeared first on Security Boulevard. This…
AI in Cybersecurity: Experts Discuss Opportunities, Misconceptions and the Path Forward
Artificial intelligence (AI) is no longer just a buzzword in the cybersecurity industry—it’s an essential tool for staying ahead of threats. But how are leading organizations leveraging AI in cybersecurity effectively, and what challenges do they face? During a recent…
Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid)
Are you confident your vulnerability management is doing its job, or do you sometimes feel like it’s falling short? Many companies invest time and resources into managing vulnerabilities, yet still… The post Top 5 Vulnerability Management Mistakes Companies Make (Plus…
Realm.Security Emerges to Tackle Cybersecurity Data Management
Realm.Security has launched a platform for collecting and normalizing cybersecurity telemetry data that promises to streamline analytics. The post Realm.Security Emerges to Tackle Cybersecurity Data Management appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read…
Live Patching as a Growth Enabler for Your Infrastructure
Yesterday, as I was preparing this article, I had the opportunity to present at a TuxCare webinar, where we introduced live patching. Throughout the presentation, we discussed various characteristics of this patching methodology. While reflecting on these aspects, I realized…
Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth
In today’s digital age, cybersecurity compliance is no longer just a legal necessity or a defensive measure; it has become a catalyst for innovation and growth. The post Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth appeared first…
How Secure is the “Password Protection” on Your Files and Drives?
Most password protection methods use some form of encryption, but is there a clear choice between software and hardware encryption when it comes to protecting your personal or business files from theft, loss, or hacking? The post How Secure is…
Why Breaking into Cybersecurity Isn’t as Easy as You Think
We’re told over and over again that there are hundreds of thousands of cybersecurity vacancies in the U.S. and millions worldwide. But from what I hear, many new entrants to the application security field find it difficult to land jobs.…
Application Security — The Complete Guide
Explore our application security complete guide and find key trends, testing methods, best practices, and tools to safeguard your software. The post Application Security — The Complete Guide appeared first on Security Boulevard. This article has been indexed from Security…
Comprehensive Guide to Infrastructure Robustness Metrics
Infrastructure robustness is critical for ensuring the resilience and reliability of your systems. This comprehensive guide explores key metrics used to assess and improve infrastructure robustness. The post Comprehensive Guide to Infrastructure Robustness Metrics appeared first on Security Boulevard. This…
Navigating the Shared Responsibility Model: Lessons Learned from the Snowflake Cybersecurity Incident
Jerry Dawkins, PhD In the world of cybersecurity, the recent incident involving Snowflake has sparked a significant discussion around the shared responsibility between vendors and customers. The attacks, which targeted over 100 Snowflake customers, have highlighted vulnerabilities that arise not…
Microsoft’s September 2024 Patch Tuesday Addresses 4 Zero-Days, 79 Vulnerabilities
On September 10, 2024, Microsoft released its latest round of security updates as part of its monthly Patch Tuesday program. This month’s updates address a total of 79 vulnerabilities across various Microsoft products, including four zero-day vulnerabilities that have been…
Randall Munroe’s XKCD ‘Water Filtration’
<a class=” sqs-block-image-link ” href=”https://xkcd.com/2982/” rel=”noopener” target=”_blank”> <img alt=”” height=”467″ src=”https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/387450f7-0c5b-4e62-85be-87148f628a01/water_filtration.png?format=1000w” width=”593″ /> </a><figcaption class=”image-caption-wrapper”> via the comic & dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Water Filtration’ appeared first on Security Boulevard.…