Application Security

Application Security news, information, and how-to advice

heartbleed 1200x700
cloud security

web security

Verizon breach report makes case for behavioral analytics

Verizon's annual data-breach investigations report makes a strong case for behavioral analytics technology that looks for anomalies among user activity to spot hackers.

Major security flaws threaten satellite communications

An analysis of satellite communication gear from more than a half-dozen major manufacturers has uncovered critical vulnerabilities that could be exploited to disrupt military operations and ship and aircraft communications.

CDW Integrates with Google Apps for Cloud Collaboration

Through a partnership with Google and Esna Technologies, CDW has rolled out native access to the CDW Cloud Collaboration suite within Google Apps.

ssl secure browser lock

Bugcrowd launches funding drive to audit OpenSSL

Bugcrowd, the bug bounty marketplace driven by crowdsouring, has launched a donation campaign in order to help pay for a security audit of OpenSSL.

Organizations suffer SQL Injection attacks, but do little to prevent them

Respondents taking part in a new study from the Ponemon Institute say they've had their eyes opened to the realities of SQL Injection, and the impact it has on their organization.

heartbleed
breaking

Heartbleed vulnerability linked to breach of Canadian tax data

The Canada Revenue Agency (CRA), Canada's tax-collection agency, confirmed in a statement on Monday that the Heartbleed vulnerability was to blame for the loss of tax-related information.

jetpack logo

Jetpack for WordPress pushes patch for two year-old flaw

The developers behind Jetpack, one of WordPress' most popular plugins, have patched a serious flaw introduced in 2012 that would enable an attacker bypass access controls and publish posts to any website hosted on the blogging...

Logicalis eBook: SAP HANA: The Need for Speed

Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes

heartbleed bug

Vendors and administrators scramble to patch OpenSSL vulnerability

Since news of the OpenSSL bug started to spread on Monday, administrators and vendors have made a mad scramble to patch the Heartbleed bug, named for the flawed implementation of the heartbeat option in the cryptographic library.

Microsoft tightens restrictions on adware on Windows PCs

Adware developers have a new set of Microsoft-imposed guidelines to follow

Zeus malware found with valid digital certificate

New version of notorious banking Trojan could avoid detection by browsers and anti-malware software

Forgotten risks hide in legacy systems

Investing in new tools and solutions and making sure they’re doing their job may be top-of-mind in your security department, but older, less-used systems could be quietly costing you money and putting you at risk

2013 Cyber Risk Report

The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat landscape.

IE easily beats Chrome, Firefox, Safari in malware detection

Tests from NSS Labs indicate that IE has a 99.9 percent block rate for socially engineered malware

Just previewing email can give attackers control of your PC, Microsoft warns

Attackers are actively exploiting a newly discovered Microsoft Word vulnerability that could be used to gain remote access of your PC, Microsoft warned Monday--and even worse, the exploit can be triggered by opening or merely...

Cybercrime trends point to greater sophistication, stealthier malware, more encryption

RAND Corp. report outlines evolution of cybercrime and emergence of more complex and evasive tools

msword

Latest Word zero-day similar to exploits in other targeted attacks

Exploits involved booby-trapped Rich Text Format file and Microsoft Outlook email

Internet Security Threat Report 2014

The Internet Security Threat Report (ISTR) provides an analysis of the year's global threat activity, based on data from the Symantec™ Global Intelligence Network.

Teen cyberbullying grows with 'anonymous' social chat apps

Apps like Yik Yak, Whisper and Secret offer teens online anonymity, but experts say parents need to remind kids that the promise is bogus

Rogue apps could exploit Android vulnerability to brick devices

The only way to recover from such an attack involves wiping all user data from affected devices, researchers from Trend Micro said

Microsoft warns Word users of ongoing attacks exploiting unpatched bug

Biggest worry, says expert, is that exploits are triggered just by previewing malicious messages in Outlook 2007, 2010 and 2013

A thin lifeline for XP users: New Malwarebytes suite will support the older OS

The new Anti-Malware Premium suite unites five technologies under a new interface, including a behavior-based detection engine.

Load More