Application Security

Survey: CISOs worried about insiders, data breaches

Angela Moscaritolo June 23, 2009

Eighty percent of CISOs believe their company's own employees and contractors are the greatest threat to company data, according to a new study.
 

Security expert wants feds to recruit volunteer pen testers

Dan Kaplan June 18, 2009

One respected security researcher wants to legalize the hacking of federal government and military websites -- and he wants everyone to hear him out.
 

New security standards for mobile payments coming

Angela Moscaritolo June 18, 2009

A financial services technology group is developing standards for making secure mobile payment transactions.
 

URL shortening site hacked to redirect millions of links

Chuck Miller June 16, 2009

The Cligs URL shortening site was hacked during the weekend to cause 2.2 million links to redirect to the same site.
 

Google's new Chome browser comes with privacy option

Chuck Miller May 22, 2009

Google has introduced its latest version of Chrome, and claims to have enhanced speed and privacy features.
 

Experts offer tips to deal with Gumblar malware

Chuck Miller May 21, 2009

A number of security organizations are offering tips to deal with the Gumblar drive-by exploit, which is growing ever more pervasive.
 

Adobe to issue scheduled patches, invest more in code review

Dan Kaplan May 20, 2009

Adobe, responding to widespread industry criticism that it was not effectively reacting to issues, unveiled on Wednesday a new approach to securing code and patching flaws.
 

Microsoft releases SDL tool

Dan Kaplan May 19, 2009

Microsoft on Tuesday released a free tool to help application developers better secure their programs. The SDL (Secure Development Lifecycle) Process Template for Visual Studio Team System provides a framework -- including auditable requirements -- for building security into applications. The offering complements previous Microsoft SDL releases: Optimization Model, Pro Network and Threat Modeling Tool. Microsoft developed SDL in 2004 to address security vulnerabilities in its software. The program is credited with reducing vulnerabilities in Vista and SQL Server. — DK
 

Google's traffic jam was not a DDoS attack

Dan Raywood May 15, 2009

Google has apologized after it suffered a huge traffic jam that left millions of users unable to access the site Thursday.
 

Obama's 2010 budget calls for heavier cybersecurity spending

Chuck Miller May 11, 2009

The U.S. Department of Homeland Security has asked Congress for $918 million to support its infrastructure protection programs.
 

UC Berkeley suffers breach

Dan Kaplan May 08, 2009

Hackers breached a server in the health services center at the University of California, Berkeley, and accessed the personal data of more than 160,000 people, the college announced Friday. The stored database records included Social Security numbers and health insurance and other medical information. The intruders, believed to be based overseas, burrowed their way in through a public website. The breach, which began in October and continued through April, affected former Berkeley students and possibly their spouses or parents if they were linked to insurance coverage. — DK
 

Report: Web app hacks can invade air traffic control systems

Dan Kaplan May 07, 2009

The Federal Aviation Administration (FAA) on Thursday shot down a U.S. Department of Transportation report that its air traffic control (ATC) systems have been compromised because of insecure web applications -- but the agency agreed with the report's call for better security.
 

Hackers seek payment after break-in on state health care site

Dan Kaplan May 05, 2009

Security experts remain puzzled how hackers orchestrated their compromise of a Virginia state health care website.
 

Corporate users increasingly skirt security infrastructures

Angela Moscaritolo April 16, 2009

In a recent assessment, organizations had an average of 156 applications traversing their networks -- some of which pose a danger to the organization.
 

Despite downturn, IT security spending to increase

Angela Moscaritolo April 13, 2009

Management increasingly is recognizing security as a top business priority, which is resulting in higher budgets for some organizations despite the economic slowdown, according to a new survey.
 

Unauthorized software rampant

Angela Moscaritolo April 08, 2009

In a survey of 250 IT managers, 77 percent of respondents said they had a policy prohibiting unauthorized downloads. Yet 37 percent said they found unauthorized software running on more than half of endpoints in their enterprise, Tom Murphy, chief strategist at application whitelisting vendor Bit9 told SCMagazineUS.com. In addition, only 34 percent reported feeling confident that they will be able to remove unauthorized software this year. "[Respondents] feel like they are out of control, with regard to prohibiting and enforcing policies," Murphy said. — AM
 

New variant of RSPlug Mac trojan

Angela Moscaritolo March 30, 2009

A new variant of the RSPlug trojan, which targets Apple machines, was recently discovered in the wild, but quickly was fixed.
 

Privacy group urges FTC to investigate Google's cloud services

Angela Moscaritolo March 18, 2009

The Electronic Privacy Information Center, a privacy advocacy group, filed a complaint with the Federal Trade Commission on Tuesday urging an investigation of Google's cloud computing services to determine the adequacy of its privacy and security safeguards.
 

Web apps account for 80 percent of internet vulnerabilities

Angela Moscaritolo March 18, 2009

Vulnerabilities in web applications made up 80 percent of all web-related flaws in the second half of 2008 and rose in prevalence by about eight percent from the first half of the year.
 

Google's glitch in the cloud

Chuck Miller March 09, 2009

Google Docs, a web-based word processor, experienced a glitch that shared documents without permission.
 

Users increasingly falling victim to malware distributed on Digg, YouTube

Angela Moscaritolo March 03, 2009

Infection of adware called "VideoPlay," which has been spreading through malicious posts and comments on Digg and YouTube, increased 400 percent from January to February.
 

Opera closes multiple security vulnerabilites with update

Chuck Miller March 03, 2009

A new version of the Opera browser closes several security holes that could have enabled an attacker to execute arbitrary code or launch cross-domain scripting attacks.
 

Adobe fixes critical vulnerabilities in Flash Player

Angela Moscaritolo February 25, 2009

Adobe on Tuesday issued a patch for Flash Player to address multiple vulnerabilities that could enable an attacker to take control of an affected system or execute arbitrary code.
 

Patch batch from Oracle to include 41 fixes

Dan Kaplan January 09, 2009

Microsoft is letting IT departments off easy next week, but not Oracle, which plans to deliver 41 patches on Tuesday.
 

Muslim hackers attack Israeli websites as Gaza strikes continue

Dan Kaplan December 31, 2008

Muslim extremists are targeting Israeli websites, as the conflict in the Gaza Strip rages on, with no end in sight.
 

Fending off network attacks

Greg Masters December 23, 2008

With attackers shifting their focus to applications, the IT team at University of Miami, Miller School of Medicine, decided it was time to upgrade the school's intrusion prevention solution, reports Greg Masters.
 

Malware posing as Firefox plugin steals login information

Chuck Miller December 05, 2008

Victims infected with new malware may have their financial login credentials sent to a web address in Russia.
 

Koobface worm variant circulating on Facebook

Angela Moscaritolo December 05, 2008

Spammed links leading to Koobface are likely to come from infected friends.
 

Report: Nearly all computer users running insecure programs

Angela Moscaritolo December 03, 2008

New data indicates that 98 out of 100 computer users are running at least one unpatched program.
 

Companies have security to consider with in-the-cloud Office

Angela Moscaritolo October 29, 2008

Security professionals weigh in on concerns of the next version of Microsoft Office, which will include components available in the cloud.
 

Latest News

« Previous
Next »
Popular Topics
Analyst Reports & Industry Surveys Anti Spam Anti Virus Application Security Breaches & Exposures Browser Flaws Browsers And Security CAN-SPAM Act Compliance Data Loss Prevention Data Theft Security DDoS Endpoint Protection External Threats Facebook Government Industry Surveys Lawbreakers & Cybercrime Malware Privacy Social Networks Spam Spam Techniques Trojans Vulnerabilities & Flaws