Web application security is crucial for any organization that relies on web-based applications. Learn about the importance of web application security and best practices for keeping your organization safe. The importance of web application security cannot be overstated. As organizations move towards web-based applications and services to run their business and connect with customers, it is becoming more vital than ever to secure those systems from malicious attacks.

Anyone who has watched the Lockpicking Lawyer realizes that certain locks promoted as the latest-and-greatest aren’t necessarily the most reliable devices for securing physical assets. Like many other security professionals, he seeks to educate consumers and manufacturers on defects in devices and how to improve their security. It reminds me of a quote by Deviant Ollam (security auditor and penetration testing consultant): "Security is achieved through openness.

My first interaction with a firewall was with a TIS Gauntlet that I compiled on a Sun workstation in 1994. Since then, I have worked with firewalls from Checkpoint (back when configuration files were clear text flat files and they only had support out of their headquarters in Israel), Raptor, Pix (when they booted from a 3 ¼” floppy), and finally the Cisco ASAs, FortiGates, and Palo Alto firewalls of today.

One of the benefits of a secure access service edge (SASE) framework is that organizations can dramatically simplify the implementation of security services without having to go through constant network redesigns and appliance operating system updates.

In an increasingly digital world, cybersecurity is a significant – and relevant – threat to individuals and companies alike. Cybercriminals are constantly devising new ways to steal information for personal gain through exploitation or ransom demands. It’s become unfortunately commonplace to hear tales of drained checking accounts, leaked photos, and private documents being published to the masses.

Cyber-attacks happen around the clock, far more often than can ever be reported outside of the organizations they affect. But sometimes an attack is so widespread and devastating that it sends shockwaves through the business world and even into the mainstream media. Incidents like SolarWinds and Log4j were front page news, sending organizations scrambling to patch them.

For some time now the Cyberint Research Team has been witnessing attacks targeting China. While most campaigns related to OpChina are focusing on infrastructure and government data breaches, over the past weekend, a major breach of the popular social network TikTok occurred, revealing 1.7 billion records and relations to another popular Chinese app – WeChat. The group taking full responsibility for this breach is none other than the notorious BlueHornet, aka AgainstTheWest, aka APT49.

According to the latest IBM Cost of a Data Breach Report, the average breach costs $4.35M per incident, climbing by 12.7% from 3.86 million USD in IBM’s 2020 report. This does not account for lost business opportunities and lingering reputational damage. A cybersecurity tabletop exercise could substantially reduce this amount simply by having a well-thought-out incident response plan and effectively exercising business continuity plans.

In our companion blog post, Vedere Labs analyzed the main ransomware trends we observed in the first half of 2022, including state-sponsored ransomware, new mainstream targets and evolving extortion techniques. Ransomware is the main threat targeting most organizations nowadays. However, three other notable cyberthreat trends also evolved during this period: Below we analyze each of these trends in more detail.