Application Security

Application Security news, information, and how-to advice

new year post-it resolution
07 insider

adultfriendfinder screengrab

412 million FriendFinder accounts exposed by hackers

Six databases from FriendFinder Networks Inc., the company behind some of the world’s largest adult-oriented social websites, have been circulating online since they were compromised in October. LeakedSource, a breach notification...

adobe systems headquarters san jose

Adobe fixes flaws in Flash Player and Adobe Connect

Adobe Systems released security patches for its widely used Flash Player software as well as its Adobe Connect web conferencing platform that's popular in enterprise environments.

google brain

AI makes security systems more flexible

Advances in machine learning are making security systems easier to train and more flexible in dealing with changing conditions, but not all use cases are benefitting at the same rate.

dock woman lonely

Warding off the blues of ransomware

Winter is definitely coming, but you can still avoid ransomware

security hacker privacy

Joomla websites attacked en masse using recently patched exploits

Attackers are aggressively attacking Joomla-based websites by exploiting two critical vulnerabilities patched last week.

0 pixel phones

Security apps you need on your new Pixel

Privacy and security apps that should be the first apps on Google's new phone to help avoid growing mobile security threats, including identity theft, hacks and breaches.

intel haswell microchip cpu

Flaw in Intel CPUs could help attackers defeat ASLR exploit defense

A feature in Intel's Haswell CPUs can be abused to reliably defeat an anti-exploitation technology that exists in all major operating systems, researchers have found.

samsung pay mobile wallet nfc

Researcher unveils second Samsung Pay vulnerability

A security researcher has found a second vulnerability in Samsung Pay and plans to demonstrate it at a security conference next week in Argentina

sexy spy

Researcher says Adult Friend Finder vulnerable to file inclusion vulnerabilities

On Twitter Tuesday evening, a researcher known for exposing application flaws posted screenshots showing Local File Inclusion vulnerabilities on AdultFriendFinder.com. The incident marks the second time in just over a year that the...

cloud data disaster breach 100453001 orig

How CSOs can better manage third-party risks

Scott Schneider from CyberGRX chats with CSO about how security managers can secure their data when dealing with third-party vendors.

Real-world devops failures -- and how to avoid them

War stories: just shut off telnet

Years ago I was working on a project that had a rather interesting premise. It was a way to send a file between two parties that was stamped as verified by a third party intermediary. Pretty basic stuff but, in the 90s it was...

slack icon

Security for your collaborative software

There’s a gaping hole in your security infrastructure right now. The front door is open, the side window is ajar, and there’s an open safe with a neon sign saying “steal my data” in flashing lights.

00 intro devops

7 ways DevOps benefits CISOs and their security programs

Many organizations are regularly pushing out tens if not hundreds of releases and updates on a daily basis. With help and guidance from the security team, organizations can push secure releases on the first try and save lots of money...

Cyber security breach attack on monitor with binary code

IT audits must consider the cyber kill chain and much more!

Its not enough to perform an IT audit to achieve compliance alone, Today's threat landscape includes sophisticated APT's, Advanced Persistent Threats, Remote access Trojans and Ransomeware to name a few, In order for an IT audit to...

ransomware locked computer stock image cropped

IP Expo Nordic and getting Popp’d by ransomware

Ransomware has become all the rage in the security field these days. Both from the perspective of the writers and the defenders. The media is lousy with these articles and I’m apparently not above writing about it myself. This...

iot retail internet of things

DDoS takedown powered by IoT devices

Lack of security leaves enterprises cleaning up the IoT vulnerability mess

5 checklist

What’s in your code? Why you need a software bill of materials

When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates

Chrome

Chrome OS gets cryptographically verified enterprise device management

Companies will now be able to cryptographically validate the identity of Chrome OS devices connecting to their networks and verify that those devices conform to their security policies.

Load More