Application Security

Application Security news, information, and how-to advice

us uk flags
windows 95

drupal7

Mistaken identity: Indiana Dept. of Education hacked a second time

Late last week, the Indiana Department of Education was defaced for a second time; just days after attackers claiming to represent the Nigeria Cyber Army used a vulnerability in the website's CMS platform to initiate the first attack....

drupal7

Drupal vulnerability blamed for problems at Indiana Dept. of Education

On Monday, Indiana's Department of Education glimpsed the dark side of patch management, after administrators discovered that their website had been defaced. The root cause of the defacement was their vulnerable Drupal installation,...

Students taking a test

Popular messaging apps fail EFF's security review

The organization ranked 39 digital communication tools based on security features and best practices

Chrome

Google to kill off SSL 3.0 in Chrome 40

In the meantime, Chrome 39 will no longer support SSL 3.0 fallback for TLS connections

defenddrupal

What you need to know about the Drupal vulnerability CVE-2014-3704

Do you use Drupal for your personal website? Does your company use Drupal? Can’t recall the last time it was patched? It is a safe bet to assume that you’ve already been compromised. Here's what to do next

computer chip circuit board technology electrical equipment mother board processor engineering 0000

Chipmaker deliberately cripples user devices with driver update

FTDI, creator of a popular line of USB-to-Serial chips used by hardware hackers and embedded in a number of consumer devices the world over, is using a driver update to crush counterfeiters by rendering the fake chips useless once...

ssl secure browser security lock

Apple to stop SSL 3.0 support for push notifications soon

Apple is one of many companies moving to shut down SSL 3.0 for good

whisper

Whisper executive says tracking happens, but the data isn't exact

On Thursday, the Guardian published a story on how the anonymous secret sharing application, Whisper, was actually tracking users despite claims to the contrary.

poodle at play

Dreaded SSLv3 bug no monster, only a POODLE

On Tuesday, Google's Bodo Möller, along with fellow researchers Thai Duong and Krzysztof Kotowicz, disclosed the existence of a vulnerability in SSLv3, which allows the plaintext of secure connections to be calculated by an attacker...

What you should consider when choosing a password manager

Password managers offer many convenient options, but some come at the expense of security

Do we need to make SSL free to boost Internet security?

As concerns grow for ways to protect information on the Internet, maybe the best choice is to include security in part of the package - no extra charge.

148470916

Yahoo says attackers looking for Shellshock found a different bug

The bug has now been fixed and user data was not at risk, the company said

yahoo sign

Yahoo says they're patching servers compromised by Shellshock

Jonathan Hall, of Future South Technologies, said that he uncovered a botnet running on two Yahoo servers, managed by a group of hackers out of Romania. Yahoo has confirmed the incident, and said they are working to resolve the issue....

keyboard app security

Alternate keyboard apps: Too risky for your smartphone?

Alternative keyboard apps are just one glaring example of how protecting your privacy requires diligence.

android browser

Android browser flaw found to leak data

A security researcher has found another flaw in the Android browser that a cybercriminal could use to steal sensitive data.

jpmorgan

JPMorgan says breach impacted 76M households and 7M small businesses

On Thursday, JPMorgan Chase (JPMC) updated investors about their recently disclosed data breach in an 8-K filing with the Securities and Exchange Commission. The incident impacts 76M households and 7M small businesses.

14 tips to secure cloud applications

Enterprises are now clamoring for the corporate security gateway to give way to the new cloud application security gateway.

shellshocked3

Shellshock attackers targeting NAS devices

Researchers have discovered hackers trying to exploit the Shellshock Bash vulnerability to compromise network attached storage devices in universities in the U.S., Japan and Korea.

Load More