Application Security

Application Security news, information, and how-to advice

sexy spy
man binoculars watching

4627233065 8ee539fcde o

What combination locks teach us about encryption weakness

Last week, an interesting story made the rounds on social media about a researcher named Samy Kamkar who discovered a flaw in Master-brand combination locks and was able to open the lock in eight tries or less. It’s a great discovery...

airplane interior

Security researcher's hack caused airplane to climb, FBI asserts

The FBI contends a cybersecurity researcher said he caused an airplane's engine to climb after hacking its software, according to a court document. The FBI interviewed him after he flew into Syracuse, New York, and seized his...

snake menacing breach

VENOM hype and pre-planned marketing campaign panned by experts

On Wednesday, CrowdStrike released details on CVE-2015-3456, also known as Venom. Venom is a vulnerability in the floppy drive emulation code used by many virtualization platforms. However, while it’s possible that a large number...

snake menacing breach

Significant virtual machine vulnerability has been hiding in floppy disk code for 11 years

CrowdStrike researchers announced this morning that they have discovered a buffer overlow vulnerability in many of today's most popular virtual machine platforms that could potentially allow hackers access to the host.

snl geeks intro

Add GitHub dorking to list of security concerns

The Uber-GitHub dispute highlights a common open source risk, but Uber is hardly alone in accidentally uploading sensitive data to GitHub, the world's most popular code hosting site. Security experts say that GitHub's repositories...

storage shed

Companies are falling behind on securing their SAP environments

More than 95 percent of SAP systems deployed in enterprises are exposed to vulnerabilities that could lead to a full compromise of business data, a security firm claims.

WordPress 4.0 logo

Attackers exploit vulnerabilities in two WordPress plugins

A vulnerability within two widely used WordPress plugins is already being exploited by hackers, putting millions of WordPress sites at risk, according to a computer security firm.

zombie dude

Zombie apps haunt BYOD workplaces

According to a new study of around 3 million apps on employee smartphones, 5.2 percent of iOS apps and 3.9 percent of Android apps are actually dead, removed from their respective app stores and no longer supported.

wordpress dot org

WordPress promises patch for zero-day "within hours"

In a statement on Monday, Matt Mullenweg, founder of Automattic and lead developer of WordPress, said that developers are working to address a recently disclosed XSS vulnerability in the popular CMS platform. A patch is expected in...

xss wordpress

Another day another Wordpress 0-day

Word came today that Wordpress has a new problem. It is hard enough to keep on top of maintaining the security of a Wordpress site without the constant deluge of security issues. Today, we get word of a cross site scripting...

green paper plane

AirDroid app fixes severe authentication vulnerability

AirDroid, a popular management tool for Android devices, has fixed a severe authentication software flaw in its Web interface that could give a hacker complete control over a mobile phone.

100 dollar bills

Dropbox to pay security researchers for bugs

Dropbox said Wednesday it will pay rewards to independent researchers who find software flaws in its applications, joining a growing list companies who see merit in crowdsourcing parts of their security testing.

judges scorecard

How to get CVSS right

CVSS is a good system in which to develop your vulnerability management program. But Ben Rothke argues that unless you customize it, you will always be basing your program off of other people's vulnerabilities.

patch bandage band-aid first-aid ouch cure remedy

Microsoft Patch Tuesday: The patches just keep coming

Microsoft's latest round of patches covers Internet Explorer, Windows, Office and other Microsoft products

apple watch calls time on apple retail

Five security questions you should be asking about the Apple Watch

The Apple Watch isn't due to hit the market until April 24, but many security professionals are already thinking about the security implications of the new generation of wearables that it promises to usher in.

windows phone biometrics security eye fingerprint

18-year-old SMB vulnerability resurfaces, dozens of vendors affected

SPEAR, the research team at Cylance, has discovered new attack vectors for an 18-year-old vulnerability in Windows Server Message Block (SMB). The updated attack vector, called Redirect to SMB, impacts products from Microsoft, Apple,...

heartbleed 1200x700

A bloody mess: Vast majority of organizations are still vulnerable to Heartbleed

According to research from Venafi, a vast majority of the world's top businesses are still vulnerable to Heartbleed, which was disclosed a year ago this month. The OpenSSL flaw impacted organizations both large and small, but the...

Mozilla Firefox mug

SSL flaw forces Mozilla to pull Opportunistic Encryption

Less than a week after it was introduced in Firefox 37, Opportunistic Encryption (OE) has been removed by Mozilla due to a flaw that was discovered in their HTTP Alternative Services implementation.

Load More