Application Security

Application Security news, information, and how-to advice

Black Hat 2015
combat cyber crime ts

ladder escape

Pwn2Own hacking contest ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

duck hunting shoot

Adobe Reader, Edge, Safari, and Ubuntu fall during first day at Pwn2Own

During the first day of the Pwn2Own hacking contest, security researchers successfully demonstrated exploits against Microsoft Edge, Apple's Safari, Adobe Reader, and Ubuntu Desktop.

20160225 stock mwc ericsson booth security locks

How much are vendor security assurances worth after the CIA leaks?

Google, Apple, Microsoft and other software vendors are working to identify and patch the vulnerabilities described in the CIA leak, but ultimately this doesn't change the status quo of software security.

phone picture conference

Protecting the enterprise against mobile threats

Mobile devices have transformed the digital enterprise allowing employees to access the information they need to be most productive from virtually anywhere. Has that convenience come at a cost to enterprise security, though?

code programming software bugs cybersecurity

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

170301 mwc 03173

Cisco and Apache issue warnings over Zero-Day flaw being targeted in the wild

Cisco's Talos says they've observed active attacks against a Zero-Day vulnerability in Apache's Struts, a popular Java application framework. Cisco started investigating the vulnerability shortly after it was disclosed, and found a...

code programming software bugs cybersecurity

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

first google

Old Windows malware may have tampered with 132 Android apps

More than 130 Android apps containing some malicious coding managed to infiltrate the Google Play store, possibly because the developers’ tools that built them were tainted, according to security researchers.

magnifying glass stock prices

Microservices offer speed and flexibility, but at a price

The benefits of microservices include speed to market, lower costs, and greater flexibility -- but microservices also come with their own set of security and management challenges.

data spill leak

Carders capitalize on Cloudflare problems, claim 150 million logins for sale

A carder forum is advertising a special deal to VIP members. The website claims to possess more than 150 million logins, from a number of services including Netflix, and Uber.

microsoft stock campus building

Google discloses unpatched IE vulnerability after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.

data spill leak

Bleeding clouds: Cloudflare server errors blamed for leaked customer data

While working on something completely unrelated, Google security researcher, Tavis Ormandy, recently discovered that Cloudflare was leaking a wide range of sensitive information, which could have included everything from cookies and...

0 shadow it intro

8 steps to regaining control over shadow IT

Learn how to discover those employees who went roaming for outside services.

privacy assistant app

Personalized privacy app manages smartphone permission settings

New app designed to manage privacy settings helps consolidate and tailor user permissions.

eric schmidt

RSA: Eric Schmidt shares deep learning on AI

In a wide-ranging conversation focused on artificial intelligence, the Google executive also touched on security concerns and the need to keep the internet open.

artificial intelligence ai a.i.

A.I. faces hype, skepticism at RSA cybersecurity show

The cybersecurity industry has been talking up artificial intelligence and machine learning as a way to stop the hackers, but don’t necessarily believe all the hype.

iphone apps

Dozens of iOS apps fail to secure users' data, researcher says

Dozens of iOS apps that are supposed to be encrypting their users' data don't do it properly, according to a security researcher.

Blockchain gear and chain

Are your security tools secure? It all depends

Organizations globally rely on a variety of security software packages to protect their environments. And while security vendors typically put a lot effort into making sure their code is secure, the dependencies they need to run may...

Load More