Application Security

Application Security news, information, and how-to advice

security open lock

patch band-aid bandage broken fix

AVG lauded for fast vulnerability response

Security researchers from Tel-Aviv-based enSilo are congratulating anti-virus vendor AVG Technologies for its fast response to a security flaw in one of its programs

android filter

Google's screening process could help mitigate new Android vulnerability

Researchers at Palo Alto Networks' (PAN) Unit 42 have disclosed the details behind a widespread vulnerability that impact 49.5 percent of the current Android base. The flaw enables attackers the ability to hijack the installation of...

android malware

Google Play adds humans to the app review process

Google has announced that they're taking additional measures to lower the amount of malicious code appearing in the Google Play store.

drupal7

Researchers map Drupal attack that bypasses poorly tuned Web Application Firewalls

Late last year, CSO Online reported on a vulnerability in Drupal that could have left thousands of websites compromised. Last week, researchers examined the attack in more detail, measuring the time it would take to compromise a...

sql injection

Waratek takes on SQL injections with new RASP approach

Companies looking to protect their Web applications from SQL injection attacks typically install a firewall in learning mode and train it to recognize attacks. It's not a perfect solution, but it's been the best available.

mongodb

MongoDB tool vulnerable to remote code execution flaw

MongoDB, one of the Web's leading NoSQL platforms, is a popular alternative to table-based relational databases. One of the GUI tools used to manage MongoDB (phpMoAdmin) has a serious vulnerability that, if exploited, allows an...

samsung galaxy tab s

BlackBerry teams with Samsung and IBM to offer governments a secure tablet

BlackBerry is returning to the tablet market -- this time with the help of Samsung Electronics, IBM and Secusmart, the German encryption specialist BlackBerry bought last year.

wordpress dot org

Over a million WordPress websites at risk because of flaw in popular SEO plug-in

The vulnerability in a plug-in from Yoast exposes sites to SQL injection attacks

00 title

Flappy apps give users the angry bird

Beware buying apps as they may not be what they seem. Criminals often crowd stores with malware-laden fake versions. Here are several examples.

app malware

Attackers clone malware-laden copies of popular apps

Don’t get angry when cyber crooks give your enterprise the bird, get even.

android for work mobileiron

Google steps up its BYOD game; looks to secure more than a billion mobile devices

On Wednesday, Google officially launched Android for Work, which was announced last June at its I/O conference. The aim is to offer businesses a stopgap that addresses BYOD needs, including secured access to sensitive data and OS...

Oculus VR

Are metaverse pioneers making the same old security mistakes?

Ask security pros what they would change about the Internet if they could go back in time knowing what they know now, and most can point to a list of mistakes we could have avoided. But according to some experts, we're still making...

ssl secure browser security lock

Comodo's PrivDog advertising software leaves some users at risk

PrivDog, Comodo's advertising replacement software, has been flagged by researchers as a risk due to the way it handles SSL connections (HTTPS). Like Superfish, PrivDog breaks the trust and protection of HTTPS by using its own...

lenovo a10 bluetooth keyboard 1

Spin and FUD: Superfish CEO says software presents no security risk

In a statement to Ars Technica, Adi Pinhas, CEO of Superfish Inc. said his company's pre-installed advertising software on Lenovo PCs poses no security risk – despite clear evidence otherwise.

Lenovo Y50 gaming laptop

Lenovo says Superfish problems are theoretical, but that simply isn't the case

On Thursday, the world woke to the news that commercial-grade Lenovo PCs were being shipped from the factory with adware pre-installed on the system. Designed to provide a visual shopping experience, the software is insecure and...

Lenovo Y40 Gaming PC

FAQ: How to find and remove Superfish from your Lenovo laptop

Lenovo has shipped consumer PCs with software designed to offer a visual shopping experience, but in reality it's adware that breaks HTTPS online – leaving customers vulnerable to attack and information theft. Here’s how to determine...

patch band-aid bandage broken fix

January marked by Java, Flash vulnerabilities

Newly-disclosed vulnerabilities in Flash and Java were the ones to watch out for this winter, according to a new report by Copenhagen-based security firm Secunia.

first-aid medicine cure patch remedy

Report: Microsoft packing more patches into fewer bulletins

Microsoft is packing more common vulnerability exposures into its critical bulletins, according to a new report.

Load More