Application Security

Application Security news, information, and how-to advice

Hacking the Gibson in the movie “Hackers”
google hits misses google logo

flash update

Second Flash Player zero-day exploit found in Hacking Team's data

The huge cache of files recently leaked from Italian surveillance software maker Hacking Team is the gift that keeps on giving for attackers. Researchers sifting through the data found a new exploit for a previously unknown...

cash register

Think your website isn’t worth anything to hackers? Think again

Many people think that if their website is not an e-banking application or e-commerce platform, hackers have nothing to steal. They think that a hacked website can be quickly and easily repaired, and nobody will ever remember the...

cisco

Cisco leaves key to all its Unified CDM systems under doormat

Cisco Systems recently realized that its Unified Communications Domain Manager (Unified CDM) software contains a default privileged account with a static password that cannot be changed, exposing the platform to hacking by remote...

tim cook apple music

Apple releases tons of security updates for recent flaws and exploits

Along with Apple Music came fixes for a laundry list of exploits and a long-overdue change to Apple's digital certificate policy.

FTC website

FTC settles with developers of sneaky cryptocurrency mining app

The developers of a mobile app called Prized that secretly mined cryptocurrencies on people's mobile phones have settled with the U.S. Federal Trade Commission after being accused of deceptive trade practices.

A real bug on a computer monitor full of code

MIT tests 'software transplants' to fix buggy code

Like visiting a junk yard to find cheap parts for an aging vehicle, researchers from the Massachusetts Institute of Technology have come up with a way to fix buggy software by inserting working code from another program.

software development

Government ranks last in fixing software security holes

Three-quarters of all government Web and mobile applications fail their initial security reviews, making it the worst-performing vertical -- and government agencies are also the slowest at fixing vulnerabilities.

uss fort worth bridge

The US Navy's warfare systems command just paid millions to stay on Windows XP

The U.S. Navy is paying Microsoft millions of dollars to keep up to 100,000 computers afloat because it has yet to transition away from Windows XP. They've signed a US$9.1 million contract earlier this month for continued access to...

rx drugs thinkstock

Akorn Inc. has customer database stolen, records offered to highest bidder

Akorn Inc., a niche pharmaceutical company Lake Forest, IL, has had a customer database with more than 50,000 records compromised by hackers who are offering to sell the data to the highest bidder or back to the company, whichever...

apple watch pay

Mobile security: the coming battle of hardware versus software

According to security experts, there are several paths forward for mobile payments, each with its own security implications

LastPass-Android

LastPass compromise: Here's what you need to know and what you can do

On Monday, LastPass informed customers about an attack that took place on Friday, which compromised password data. However, before you panic, here's what you need to know and what you can do to stay safe.

flashlight darkness

Windows 10 will allow apps to actively scan their content for malware

Developers will be able to have their apps talk to the locally installed antivirus programs through a new API

icloud rain

Apple Mail flaw could pose risk to iCloud passwords

A researcher says he notified Apple in January but the flaw has yet to be patched

sweetcaptcha

SweetCAPTCHA users complain of advertising pop-ups

A script inside the CAPTCHA tool is displaying pop-ups, which could lead to harmful software

hitching ride

A CSO explains how to reduce risk by improving user experience

Peter Hesse shares how techniques used during development reveal a pathway to reduce risk while improving experience

radiology tomography

Attackers targeting medical devices to bypass hospital security

A report from TrapX Labs highlights three successful attacks against healthcare organizations. The incidents prove that defending assets in a healthcare environment isn't as easy as some would have you think.

iceberg underwater

Security startup finds stolen data on the 'Dark Web'

Terbium uses data fingerprinting techniques to find stolen information on the Web

Servers at laas fdls

Researchers discover hidden shell in Hola VPN software

Hola pushed software updates out to users over the weekend, but they do not fix the vulnerabilities disclosed last week by researchers. On Monday, researchers released new details about the Hola VPN client based on their examination...

Load More