Application Security

Application Security news, information, and how-to advice

whisper
poodle at play

What you should consider when choosing a password manager

Password managers offer many convenient options, but some come at the expense of security

Do we need to make SSL free to boost Internet security?

As concerns grow for ways to protect information on the Internet, maybe the best choice is to include security in part of the package - no extra charge.

148470916

Yahoo says attackers looking for Shellshock found a different bug

The bug has now been fixed and user data was not at risk, the company said

yahoo sign

Yahoo says they're patching servers compromised by Shellshock

Jonathan Hall, of Future South Technologies, said that he uncovered a botnet running on two Yahoo servers, managed by a group of hackers out of Romania. Yahoo has confirmed the incident, and said they are working to resolve the issue....

keyboard app security

Alternate keyboard apps: Too risky for your smartphone?

Alternative keyboard apps are just one glaring example of how protecting your privacy requires diligence.

android browser

Android browser flaw found to leak data

A security researcher has found another flaw in the Android browser that a cybercriminal could use to steal sensitive data.

jpmorgan

JPMorgan says breach impacted 76M households and 7M small businesses

On Thursday, JPMorgan Chase (JPMC) updated investors about their recently disclosed data breach in an 8-K filing with the Securities and Exchange Commission. The incident impacts 76M households and 7M small businesses.

14 tips to secure cloud applications

Enterprises are now clamoring for the corporate security gateway to give way to the new cloud application security gateway.

shellshocked3

Shellshock attackers targeting NAS devices

Researchers have discovered hackers trying to exploit the Shellshock Bash vulnerability to compromise network attached storage devices in universities in the U.S., Japan and Korea.

Apple store fifth avenue NYC

Apple's Shellshock patch is incomplete experts say

On Monday, Apple released three patches to address two vulnerabilities in GNU Bash, commonly referred to as Shellshock. Experts who have tested the various known attack surfaces say that Apple's patch doesn't fix everything.

482251631

Attacks against Shellshock continue as updated patches hit the Web

Over the weekend, attackers used the recently disclosed Shellshock vulnerability in a number of schemes, while developers at some of the world's largest technology firms worked to release updated patches.

serverskulls header

Shellshock Bash vulnerability being exploited in the wild, Red Hat says patch incomplete

On Wednesday, AusCERT and MalwareMustDie reported that Shellshock is being exploited in the wild. Shellshock is the name given to a vulnerability that exists in GNU Bash versions 1.14 through 4.3, and the problem is likely to surpass...

The FBI’s big, bad identification system

The FBI’s formidable Next Generation Identification is up and running

danger

Remote exploit vulnerability in bash CVE-2014-6271

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some. This...

Apple iOS 8 on the iPhone

iPhone 6 fingerprint scanner found accurate enough for Apple Pay

Apple's iPhone 6 fingerprint scanner has a level of accuracy that makes it a solid authentication tool for people planning to use the smartphone in place of a credit card for in-store purchases, research shows.

ebay sign

Is eBay trading too much security for seller happiness?

Criminals are exploiting an eBay security weakness that could result in shoppers getting redirected to a malicious webpage that tries to steal bank account information.

ss apple iphone evolution carousel 100412891 orig

Here are the limits of Apple's iOS 8 privacy features

The privacy improvements in the latest version of Apple's mobile operating system provide necessary, but limited, protection to customers, experts say.

healthcare.gov

Fixing HealthCare.gov security

While the security weaknesses found in HealthCare.gov by a U.S. government watchdog need to be addressed, they are not unusual for sites as complex as the federal insurance exchange.

Load More