Application Security

Application Security news, information, and how-to advice

mobile security
security awareness

Healthcare organizations still too lax on security

Data breach at Community Health is symptom of broader problem, security experts say


Senator questions airlines' data privacy practices

Jay Rockefeller raises concerns about airlines collecting and sharing personal information

Supervalu breach shows why move to smartcards is long overdue

U.S. remains one of the last developed nations to use magnetic stripe cards


How Google is heading toward safe, global Gmail

Google has made a small, but important, change to its Gmail spam filters that is expected to make targeted phishing attacks more difficult.

Users should patch critical flaw in Adobe Reader and Acrobat, researchers say

Adobe also releases critical updates for Flash Player and AIR


How Yahoo email encryption could help your business

If Yahoo gets it right, then the end-to-end email encryption the Internet company is promising would be a big help to companies concerned with privacy in the use of webmail, experts say.

stack of credit cards in isolated white 000001679406

Payment cards with chips aren't perfect, so encrypt everything, experts say

The EMV or 'chip-and-PIN' system is not without security flaws, researchers warned

Network-attached storage devices more vulnerable than routers, researcher finds

A security review found serious vulnerabilities in 10 popular NAS systems


Black Hat 2014: The challenge of securing embedded devices and IoT on display

Industry doesn’t yet fully realize extent of subversion possible through IoT security, researchers say.

In a hyper-social world, some seek a little privacy

People are getting more selective about what they want to share, and online firms are picking up on it

No patch yet for zero day in Symantec Endpoint Protection software driver

Symantec has published recommendations for mitigating the danger


Tor releases updates to address traffic confirmation attacks

According to an advisory posted on Wednesday, Tor discovered an attack that had been active for nearly five months, which could have revealed identifying details and other information related to people using the network to access...

Using Instagram on public Wi-Fi poses risk of an account hijack, researcher says

Instagram is moving to full https encryption but isn't there just yet

'Anonymous Kenya' group hacks government Twitter accounts

Hack calls government security preparedness into question

SQL injection flaw in Wall Street Journal database led to breach

The publisher said the intrusion did not affect customers' data

serverskulls header

URL redirect flaw on NBC News website a spammer's dream

A URL redirection flaw on the NBC News website could be used by scammers to give links a false sense of added trust. This is in addition to ongoing abuse of MSNBC's publicly available Bitly API key, which is being used in an active...

Do security seals on websites matter?

Does a security seal on a website demonstrate a commitment to security?

Google bug-hunting Project Zero could face software developer troubles

Google's launch of a bug-hunting initiative has raised concerns over how the company will handle conflicts with vendors unable to patch software before Google's deadline for reporting vulnerabilities.

Load More