Application Security

Application Security news, information, and how-to advice

truce white flag
Man squeezed between file cabinets

Hackers can track your whereabouts with Waze vulnerability

Researchers from UC-Santa Barbara were able to reproduce the hack by creating thousands of ghost drivers to monitor the whereabouts of the target.

hidden backdoor
Update

Facebook bug hunter stumbles on backdoor left by... another bug hunter

A researcher found a PHP-based backdoor installed by a hacker on one of Facebook's corporate servers, but all was not as it seemed.

big windows logo wallpaper

Researcher uses Regsvr32 function to bypass AppLocker

A researcher in Colorado has discovered a feature in Regsvr32 that allows an attacker to bypass application whitelisting protections, such as those afforded by Microsoft's AppLocker. If the technique is used, there's little evidence...

taxi passenger

Uber fraud: Scammer takes the ride, victim gets the bill

Some users of the ride-hailing service Uber have found themselves being charged for “ghost” rides they never ordered, since their credentials were stolen and sold on the Dark Web. Experts say better security practices by the company...

0 title hacking competition

Hacking competitions that will get you noticed

The government's announcement of a pilot program "Hack the Pentagon" serves as a reminder of the opportunities available to newbies trying to get a foot in the door of the cyber security industry.

balloon release

Oracle releases 136 security patches for wide range of products

Oracle's latest quarterly security update contains 136 fixes for flaws in a wide range of products including Oracle Database Server, E-Business Suite, Fusion Middleware, Oracle Sun Products, Java and MySQL.

A mug with the words GitHub Social Coding

19 open source GitHub projects for security pros

GitHub has a ton of open source options for security professionals, with new entries every day. Add these tools to your collection and work smarter

isis flag graphic

Pro-Daesh hackers target Wisconsin government websites

An Algeria-based group calling itself Team System DZ spent most of last week spreading Daesh propaganda, defacing 88 domains in just three days. Among the defacements were domains used by Wisconsin’s Richland County government, which...

quicktime windows

Apple kills QuickTime for Windows, two vulnerabilities announced

On Thursday, Trend Micro announced that Apple would no longer provide security updates to QuickTime on the Windows platform. This status update via Apple comes on the same day that ZDI disclosed two vulnerabilities in the multimedia...

graphic shopping carts traveling in a row on blue background

Internet 101: Securing ecommerce and the digital enterprise

Chris Olson, CEO, The Media Trust, talks about security vulnerabilities and how they impact the enterprise from their own website management

Security online

Adobe fixes 24 vulnerabilities in Flash Player, including an actively exploited one

Adobe Systems released a security update for Flash Player to fix 24 critical vulnerabilities, including one that hackers have been exploiting to infect computers with ransomware over the past week.

8 free websites that teach programming

Securing apps: scan code for vulnerabilities or rewrite from scratch?

Frank Zinghini is founder and CEO at Applied Visions, a 40-person secure software development firm headquartered on Long Island, N.Y., with another office in Clifton Park, N.Y. Zinghini has been writing code, managing software...

la times building

LA Times said to be compromised, shell access offered up for sale

Wednesday afternoon, someone on Twitter offered access to the LA Times website to anyone willing to purchase it. The access itself has been obtained due to a vulnerable WordPress installation and an uploaded web shell.

ibm outthink

Three-year-old IBM patch for critical Java flaw is broken

Security researchers have found that a patch released by IBM three years ago for a critical vulnerability in its own Java implementation is ineffective and can be easily bypassed to exploit the flaw again.

us eu handshake

The impact of the new Trans-Atlantic privacy law

After 20 years of relative calm regarding the handling of personal data of EU citizens by U.S. companies, events over the past six months have instigated widespread reform. While the resolution is yet to be confirmed, the building...

160302 pentagon

Feds tackle open source code quality

Even as the White House is calling on federal agencies to make more use of open source projects, there's also a federal effort under way to reduce the number of vulnerabilities in those products via better code review tools and bug...

bangkok skyline

UPDATED: Thailand healthcare system suffers data breach

I was poking about on social media after lunch today when I noticed someone had found that the Thai immigration systems were exposing the personal data of people who had entered the country from abroad. There was personal...

nasty surprise

Unexpected security issues and unpleasant surprises

Years ago I was working for a company and one of the finance directors was having difficulty getting his financial application to work. He rang me up late on a Friday (still can’t believe that I remember that) and he declared...

Load More