Application Security

Energizer software found to open backdoor

Dan Kaplan March 08, 2010

An application that allows users to view the battery charging status of the Energizer DUO USB charger contains a vulnerability that could enable an attacker to install malware on Windows machines.
 

IBM report: Vulnerabilities fell in '09, attacks rose

Angela Moscaritolo February 25, 2010

The number of new and unpatched vulnerabilities decreased last year compared to 2008, but attack volume grew substantially, according to a new report from IBM ISS.
 

Peeling the onion layer on the web security inertia

Mandeep Khera, CMO, Cenzic February 11, 2010

Organizations must overcome the "myths" and "inhibitors" around securing web applications.
 

Application-level attacks biggest concern for ISPs

Angela Moscaritolo January 19, 2010

Distributed denial-of-service attacks against services and applications is expected to be the top operational problem in 2010, according to an annual report released Tuesday by network security firm Arbor Networks.
 

Rogue AppEngine app

Angela Moscaritolo November 10, 2009

Security researchers at Arbor Networks have discovered a malicious application in Google's cloud-based application development environment, AppEngine, the security firm said in a blog post on Monday. The malicious application was acting as a command-and-control hub, used by cybercriminals to issue download instructions to zombie computers that make up a botnet, researchers said. Google shut down the rogue application shortly after being notified about it. — AM
 

Web technologies account for 78 percent of all bugs

Angela Moscaritolo November 09, 2009

Of all vulnerabilities in web technologies discovered in the first half of 2009, 90 percent were present in web applications.
 

Government cloud initiative introduced, security focus promised

Chuck Miller September 15, 2009

Vivek Kundra, the federal CIO appointed by President Obama in March, announced on Tuesday a cloud computing initiative designed to cut spending on government data centers, but maintain a high level of security.
 

SANS finds pros overlooking dangers of client, web apps

Dan Kaplan September 15, 2009

Organizations must do a better job at patching client-side software and web applications -- or they face a major breach.
 

Twitter among web apps affected by patched XSS bug

Dan Kaplan September 04, 2009

A popular web application framework provider has shipped a fix for a dangerous XSS flaw.
 

Twitter XSS vulnerability not yet fixed

Angela Moscaritolo August 26, 2009

Because of the bug, an attacker could potentially capture account credentials, redirect a user to any site, alter a user's tweets or followers, or send messages from a compromised account.
 

Survey: Data at risk in app testing and development

Angela Moscaritolo August 18, 2009

Eighty percent of organizations use real data during application testing and development, but most are not confident about their ability to protect it, according to a survey released Tuesday.
 

eBay mandates developer password change

Chuck Miller August 11, 2009

The giant web marketplace site eBay has warned developers of a security vulnerability, and is requiring that they change their credentials immediately.
 

2010 budgets to fund app security and DLP, study shows

Angela Moscaritolo August 04, 2009

If security budgets go up next year, pros will be using the additional cash to buy application security and DLP technologies, a new study shows.
 

Black Hat: Vulnerability mitigation is working, sort of

Chuck Miller July 29, 2009

Efforts to reduce security vulnerabilities seem to be paying off, but IT administrators are not paying enough attention to application bugs, a CTO said Wednesday at the Black Hat conference in Las Vegas.
 

IBM buys source-code security firm Ounce Labs

Chuck Miller July 28, 2009

IBM has acquired Waltham, Mass.-based Ounce Labs, a maker of enterprise source-code security testing software systems.
 

Oracle issues security patches in seven product lines

Chuck Miller July 15, 2009

Oracle issued security updates Tuesday for 30 security vulnerabilities in seven of its product lines, as part of its regular quarterly patch cycle.
 

Survey: CISOs worried about insiders, data breaches

Angela Moscaritolo June 23, 2009

Eighty percent of CISOs believe their company's own employees and contractors are the greatest threat to company data, according to a new study.
 

Security expert wants feds to recruit volunteer pen testers

Dan Kaplan June 18, 2009

One respected security researcher wants to legalize the hacking of federal government and military websites -- and he wants everyone to hear him out.
 

New security standards for mobile payments coming

Angela Moscaritolo June 18, 2009

A financial services technology group is developing standards for making secure mobile payment transactions.
 

URL shortening site hacked to redirect millions of links

Chuck Miller June 16, 2009

The Cligs URL shortening site was hacked during the weekend to cause 2.2 million links to redirect to the same site.
 

Google's new Chome browser comes with privacy option

Chuck Miller May 22, 2009

Google has introduced its latest version of Chrome, and claims to have enhanced speed and privacy features.
 

Experts offer tips to deal with Gumblar malware

Chuck Miller May 21, 2009

A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive.
 

Adobe to issue scheduled patches, invest more in code review

Dan Kaplan May 20, 2009

Adobe, responding to widespread industry criticism that it was not effectively reacting to issues, unveiled on Wednesday a new approach to securing code and patching flaws.
 

Microsoft releases SDL tool

Dan Kaplan May 19, 2009

Microsoft on Tuesday released a free tool to help application developers better secure their programs. The SDL (Secure Development Lifecycle) Process Template for Visual Studio Team System provides a framework -- including auditable requirements -- for building security into applications. The offering complements previous Microsoft SDL releases: Optimization Model, Pro Network and Threat Modeling Tool. Microsoft developed SDL in 2004 to address security vulnerabilities in its software. The program is credited with reducing vulnerabilities in Vista and SQL Server. — DK
 

Google's traffic jam was not a DDoS attack

Dan Raywood May 15, 2009

Google has apologized after it suffered a huge traffic jam that left millions of users unable to access the site Thursday.
 

Obama's 2010 budget calls for heavier cybersecurity spending

Chuck Miller May 11, 2009

The U.S. Department of Homeland Security has asked Congress for $918 million to support its infrastructure protection programs.
 

UC Berkeley suffers breach

Dan Kaplan May 08, 2009

Hackers breached a server in the health services center at the University of California, Berkeley, and accessed the personal data of more than 160,000 people, the college announced Friday. The stored database records included Social Security numbers and health insurance and other medical information. The intruders, believed to be based overseas, burrowed their way in through a public website. The breach, which began in October and continued through April, affected former Berkeley students and possibly their spouses or parents if they were linked to insurance coverage. — DK
 

Report: Web app hacks can invade air traffic control systems

Dan Kaplan May 07, 2009

The Federal Aviation Administration (FAA) on Thursday shot down a U.S. Department of Transportation report that its air traffic control (ATC) systems have been compromised because of insecure web applications -- but the agency agreed with the report's call for better security.
 

Hackers seek payment after break-in on state health care site

Dan Kaplan May 05, 2009

Security experts remain puzzled how hackers orchestrated their compromise of a Virginia state health care website.
 

Corporate users increasingly skirt security infrastructures

Angela Moscaritolo April 16, 2009

In a recent assessment, organizations had an average of 156 applications traversing their networks -- some of which pose a danger to the organization.
 

Latest News

Popular Topics
Analyst Reports & Industry Surveys Botnets Breach Remediation Breaches & Exposures Cloud Computing Compliance Cybercrime Data Breaches Government Hackers Hacking Lawbreakers & Cybercrime Malware Nation State Patch Management Patch Tuesday PCI Personnel Moves Phishing Retail RSA Conference 2010 Security Policies Security Research Vulnerabilities & Flaws Vulnerability Management