DARKReading

NTT Application Security's Modern AppSec Framework takes a DAST-first approach to defend applications where breaches happen — in production.

More than 200 applications on the Google Play store have, until recently, allowed cybercriminals to deliver malicious Web content to victims' phones, likely garnering tens of millions of dollars.

Attacker used a legitimate — but likely deprecated — domain to sneak malicious emails past security filters, vendor says.

In the wake of SolarWinds and other third-party attacks, security teams worry that outsourced applications pose risks to the organization's application security, according to Dark Reading's recent "How Enterprises Are Developing Secure Applications" report.

Joint document includes configuration recommendations for hardening VPNs, and recommendations on how to select the most secure ones.

Of the largest 2,000 companies in the world, 81% fail to take simple security measures, such as locking their domain with the registrar, leaving them open to domain shenanigans.

Russian national Aleksi Burkov was sentenced to nine years in prison for his operation of two websites facilitating payment card fraud.

FinFisher (aka FinSpy) surveillance software now goes to extreme lengths to duck analysis and discovery, researchers found in a months-long investigation.

Teams that remain reactive will always be on the back foot — take an active stance.

New high-security padlocks integrate with easy-to-use software solution to offer security and cloud-based simplicity.