Application Security

Application Security news, information, and how-to advice

Unlocked circuit board / security threat

Microsoft fixes FREAK vulnerability in Patch Tuesday update

Microsoft has issued five critical patches among its 14 updates for for Windows, Internet Explorer, and Office


Flaw in popular Web analytics plug-in exposes WordPress sites to hacking

Attackers can easily crack cryptographic keys used by the WP-Slimstat plug-in and use them to read information from a site's database

Google scraps annual Pwnium bug-hunting contest

Google said the change will prevent security researchers from holding onto dangerous bugs in order to claim a big prize

Google Cloud offers security scanning for customer apps

The Google Cloud Security Scanner can ferret out XSS and mixed-content vulnerabilities

magnifying glass held over globe e013908

Real data security for all is now getting its start on mobile

Two approaches to data security are being pioneered on mobile, but over time will protect you anywhere

security awareness lock data finger touch point up

How the rise of open source could improve software security

Openness by itself does not yield more secure code, but a new dependence on open source by major software players could ensure more rigorous scrutiny

Google discloses unpatched Windows vulnerability

Microsoft didn't fix the bug in Windows 8.1 within a 90-day deadline Google imposed

lighthouse night warning

How to maintain security in continuous deployment environments

If you wait till tomorrow to secure what continuous deployment took live yesterday, hackers will infect your application today

BitTorrent dismisses security concerns raised about its Sync app

The cryptographic implementation is solid and cannot be compromsied through a remote server, the company says

Adobe fixes 18 vulnerabilities in Flash Player

Fifteen of the vulnerabilities addressed in the updates are critical and can result in remote code execution

patch bandage band-aid first-aid ouch cure remedy

Microsoft plans monster security update for next week

'Whopping … overwhelming' slate with 16 security updates is the biggest in more than three years

Security alert for incoming threats.

Drupal sites, assume you've been hacked

SQL injection bug threatens the websites of enterprises, governments, and many other institutions using the open source Drupal CMS

serverskulls header

Advisory says to assume all Drupal 7 websites are compromised

Drupal urged users to apply an update on Oct. 13, but only those who patched within seven hours may be in the clear

Microsoft discloses zero-day flaw in PowerPoint, publishes quick fix

Attacks are under way using a PowerPoint flaw that affects nearly all versions of Windows, the company says

One week after patch, Flash vulnerability already exploited in large-scale attacks

The Fiesta exploit kit bundles an exploit for the CVE-2014-0569 vulnerability in Flash Player, researchers found

Hackers exploit two more Windows zero-day bugs

Microsoft plans to add this pair of vulnerabilities to today's Patch Tuesday

androidusb primary

The BadUSB exploit is deadly, but few may be hit

It's a case of good news/bad news with the BadUSB firmware exploit

Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws

Software projects that use the Bugzilla bug tracking software should deploy the latest patches immediately, security researchers said

Google triples bug bounty reward range to $15,000

Google hopes to deter security researchers from selling their information to cyber criminals

Load More