1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A worrying amount of apps found to have high-severity security fl

    From TechnologyDaily@1337:1/100 to All on Fri Dec 9 11:45:04 2022
    A worrying amount of apps found to have high-severity security flaws

    Date:
    Fri, 09 Dec 2022 11:36:35 +0000

    Description:
    Server configurations, insecure dependencies, and information leakage are the most common types of flaws, report finds.

    FULL STORY ======================================================================

    A worrying amount of commonly-used apps have high-severity security flaws, especially those used by companies in the technology sector, new research has found.

    A report from Veracode analyzing 20 million scans across half a million applications in technology, manufacturing, retail, financial services, healthcare, and government sectors, found 24% of apps in the technology
    sector carry high-severity flaws.

    Comparatively, thats the second-highest proportion of applications with security flaws (79%), with only the public sector having it worse (82%). Fixing the flaws

    Among the most common types of vulnerabilities are server configurations, insecure dependencies, and information leakage, the report further states, saying that these findings broadly follow a similar pattern to other industries. However, the sector has the highest disparity from the industry average when it comes to cryptographic issues and information leakage, prompting the researchers to speculate how devs in the tech industry are savvier on data protection challenges.

    When it comes to the number of fixed issues, the tech sector is somewhere in the middle. The companies are relatively fast to address the problems,
    though. It takes them up to 363 days to fix 50% of the flaws. While this is better than the average, theres still plenty of room for improvement,
    Veracode added.

    For Chief Research Officer at Veracode, Chris Eng, its not just about discovering the flaws, its also about reducing the number of flaws introduced into the code, in the first place. Furthermore, he believes businesses need
    to focus more on security testing automation. REad more

    A large number of retail apps are hiding serious security flaws


    Businesses at risk from poor third-party software, mobile apps


    Remove viruses and ransomware with the best malware removal

    Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus, said Eng. To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put
    greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.

    Cybercriminals often analyze internet-facing apps used by businesses, for vulnerabilities and flaws in the code. When they find one, they often use it to deploy web shells, which subsequently give them access to the company network, and endpoints . After mapping out the network, and identifying all
    of the devices and data, they can launch the second stage of the attack,
    which is often either ransomware, malware, or data wipers. These are the best firewalls at the moment



    ======================================================================
    Link to news story: https://www.techradar.com/news/a-worrying-amount-of-apps-found-to-have-high-se verity-security-flaws


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)