Application Security

Application Security news, information, and how-to advice

shellshocked3
482251631

Apple store fifth avenue NYC

Apple's Shellshock patch is incomplete experts say

On Monday, Apple released three patches to address two vulnerabilities in GNU Bash, commonly referred to as Shellshock. Experts who have tested the various known attack surfaces say that Apple's patch doesn't fix everything.

serverskulls header

Shellshock Bash vulnerability being exploited in the wild, Red Hat says patch incomplete

On Wednesday, AusCERT and MalwareMustDie reported that Shellshock is being exploited in the wild. Shellshock is the name given to a vulnerability that exists in GNU Bash versions 1.14 through 4.3, and the problem is likely to surpass...

The FBI’s big, bad identification system

The FBI’s formidable Next Generation Identification is up and running

danger

Remote exploit vulnerability in bash CVE-2014-6271

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some. This...

Apple iOS 8 on the iPhone

iPhone 6 fingerprint scanner found accurate enough for Apple Pay

Apple's iPhone 6 fingerprint scanner has a level of accuracy that makes it a solid authentication tool for people planning to use the smartphone in place of a credit card for in-store purchases, research shows.

ebay sign

Is eBay trading too much security for seller happiness?

Criminals are exploiting an eBay security weakness that could result in shoppers getting redirected to a malicious webpage that tries to steal bank account information.

ss apple iphone evolution carousel 100412891 orig

Here are the limits of Apple's iOS 8 privacy features

The privacy improvements in the latest version of Apple's mobile operating system provide necessary, but limited, protection to customers, experts say.

jennifer lawrence

Apple turns on iCloud two-step verification after nude selfie scandal

Two-step verification is not mandatory though Apple recommends it

healthcare.gov

Fixing HealthCare.gov security

While the security weaknesses found in HealthCare.gov by a U.S. government watchdog need to be addressed, they are not unusual for sites as complex as the federal insurance exchange.

tablet bug

Software bugs most common cause for mobile Internet outages, study says

The outages affected 1.4 million user connections on average per incident

illustration of email

Open-source project promises easy-to-use encryption for email, instant messaging and more

Pretty Easy Privacy system aims to make encryption of written online communication accessible to masses.

colorful apps

Data protection authorities find privacy lapses in majority of mobile apps

One in three applications request excessive permissions, and privacy information is inadequate in 85 percent of them, a study found

grindr logo

Grindr vulnerability places men in harm's way

Grindr, a dating application that caters to gay and bisexual men, could be placing them at risk; and in at least one case, has helped authorities enforce anti-gay agendas by taking advantage of the service's geo-location...

Salesforce warns customers of malware attack

A new version of the Dyreza online banking Trojan is stealing Salesforce.com log-in credentials

mobile security

Why giving mobile apps banking info isn't as risky as it seems

Big name apps like Uber and Venmo may be putting some users ill at ease by requiring payment card information in order to function, but experts say the risk is relatively low

LinkedIn beefs up account security with session management, detailed alerts

LinkedIn now allows users to see and terminate their authenticated sessions from multiple devices

Home Depot investigates possible payment data breach

The retailer is working with law enforcement and banking partners to investigate

wateringhole

Industrial software website used in watering hole attack

AlienVault Labs has discovered a watering hole attack that's using a framework developed for reconnaissance as the primary infection vector.

Load More