Internet AppSec Remains Abysmal & Requires Sustained Action in 2023

A variety of initiatives promise more secure applications, but sustained improvements will require that vendors do much better. [TechWeb]( Follow Dark Reading: [RSS]( December 28, 2022 LATEST SECURITY NEWS & COMMENTARY [Internet AppSec Remains Abysmal & Requires Sustained Action in 2023]( A variety of initiatives — such as memory-safe languages and software bills of materials — promise more secure applications, but sustained improvements will require that vendors do much better, researchers agree. [The Threat of Predictive Policing to Data Privacy and Personal Liberty]( Inaccurate information from data brokers can damage careers and reputations. It's time for US privacy laws to change how law enforcement and legal agencies obtain and act on data. [Container Verification Bug Allows Malicious Images to Cloud Up Kubernetes]( A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware. ['Sextortion,' Business Disruption, and a Massive Attack: What Could Be in Store for 2023]( Our growing interconnectedness poses almost as many challenges as it does benefits. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Security on a Shoestring? Cloud, Consolidation Best Bets for Businesses]( With a recession potentially coming, some companies are cutting security teams. But moving more infrastructure to the cloud and reducing the number of vendors through consolidation may be the best ways to prepare. [Inside the Next-Level Fraud Ring Scamming Billions Off Holiday Retailers]( "Largest attack of its kind": A potent Southeast Asian e-commerce fraud ring has declared war on US retailers, targeting billions in goods in just the past month and forcing mules into its scheme. [Biden Signs Post-Quantum Cybersecurity Guidelines Into Law]( The new law holds the US Office of Budget and Management to a road map for transitioning federal systems to NIST-approved PQC. [MORE]( EDITORS' CHOICE [Google: With Cloud Comes APIs & Security Headaches]( APIs are key to cloud transformation, but two Google surveys find that cyberattacks targeting them are reaching a tipping point, even as general cloud security issues abound. LATEST FROM THE EDGE [Why Attackers Target GitHub, and How You Can Secure It]( The unfettered collaboration of the GitHub model creates a security headache. Follow these seven principles to help relieve the pain. LATEST FROM DR TECHNOLOGY [How to Get the Most Out of UEBA]( Security teams are considering how to get the most out of user entity behavioral analytics by taking advantage of its strengths and augmenting its limitations. WEBINARS - [A Roadmap to Zero Trust: Steps for Meaningful Progress Amongst the Hype]( Join this webinar as our Zero Trust experts discuss "quick wins" like: --Enforcing strong multifactor authentication and Zero Trust policies for critical applications. --Closing inbound ports open to the Internet. --Areas not always included in the Zero Trust conversation, like ... - [Zero Trust Security 101: What You Need to Know Before Getting Started]( With varying definitions, variations, and approaches floating around the cybersecurity ecosystem, it can be difficult to get a clear view of what exactly zero trust is, what it means, and what it takes to get it done. In this webinar, ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( [View More White Papers >>]( FEATURED REPORTS - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Bfore.Ai Releases 'The King, The Knight & The Snowball' - Cybersecurity Book for Children]( [Searchlight Security Changes Name to Searchlight Cyber and Launches New Brand]( [Bugcrowd Launches Bug Bounty Program for Australian-Based Navitas]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)