Application Security

Application Security news, information, and how-to advice

Scary ghosts haunted scream
internet security with lock


Java is the biggest vulnerability for US computers

Oracle's Java poses the single biggest security risk to US desktops because of its penetration rate, number of vulnerabilities, and patch status, says a new report


Google defends policy that leaves most Android devices unpatched

Google defended its decision to stop patching WebView, a core component of Android, on versions older than 4.4, aka "KitKat."

facebook identity

Facebook goes ‘deep’ in getting to know you

Facebook's artificial intelligence initiative known as "deep learning" is designed to protect user privacy, in some cases from themselves. But some privacy advocates say users should be aware that nothing they do on the site is...

bike messenger nyc

How much trust can you put in Telegram messenger?

Researchers say the application has a few weak spots

Vulnerabilities in several Corel programs allow attackers to execute malicious code

Malicious DLLs will be executed if stored in the same directory as media files opened with the affected programs, researchers said

shadow it

Only 8 percent of companies can track shadow IT

Only 8 percent of companies know the scope of shadow IT at their organizations, according to a new survey by the Cloud Security Alliance

mobile survival

CSO's 2015 Mobile Security Survival Guide

Security risks and data breaches are growing while the form factors of computing devices shrink—because much enterprise data today is created and consumed on mobile devices. This clearly explains why mobile security persistently tops...

ransom note

GameZone, Huffington Post hit by malvertising attack

Criminals hijacked ads on AOL's network and served drive-by malware downloads to visitors to the Huffington Post, LA Weekly, GameZone, and other sites last week

medical exam on a piggy bank

Moonpig pulls API after ignoring vulnerability reports

After being publicly flamed for taking a poor stance on security, Moonpig, a popular UK retailer for personalized greeting cards, has taken down their API, which was so badly implemented that it was exposing the account details of 3.6...

21 jpmorganchase

Two-factor authentication oversight led to JPMorgan breach, investigators reportedly found

The attackers stole an employee's access credentials and used them to access a server that lacked a stronger authentication mechanism

holiday scam

Microsoft files suit against alleged tech support scammers

Over one-third of U.S. citizens contacted by scammers fall for the scam, according to Microsoft


Critical vulnerability in Git clients puts developers at risk

Malicious Git code repositories can execute rogue commands on client machines interacting with them

Runaway Train

Google's work on full encryption chugs along, with Yahoo's help

Code has been migrated to GitHub to foster involvement from the wider tech community

121114 linux malware 1

A brief history of Linux malware

A look at some of the worms and viruses and Trojans that have plagued Linux throughout the years.

01 the year ahead

The biggest challenges faced by CIOs/CISOs heading into 2015

As the year winds to a close, CIOs and CISOs are faced with a number of challenges heading into 2015. CSO recently heard from several experts about the topic, each offering their opinion on what they feel would be the most important...

061014 patch tuesday

Microsoft Patch Tuesday addresses Exchange and Explorer flaws

Microsoft issued 7 security patches for the month


Google says bye bye, CAPTCHAs, well, mostly

Google announced that the company is trying to get rid of CAPTCHAs, those annoying barely readable, letters and numbers that prove to a website that you're not a robot or a spammer.

present gift snow holiday

Security executives reveal their holiday wish lists

Do you know any security executives who say they have everything they need to keep their organizations safe from threats? Chances are you don’t.

Load More