Application Security

Application Security news, information, and how-to advice

security 2016 cybercrime
Apple iPhone 5S (1)

magento logo

Critical vulnerabilities patched in Magento e-commerce platform

Stored XSS bugs could let hackers hijack administrative accounts

Intel Core i7

Serious flaw patched in Intel Driver Update Utility

The flaw could allow man-in-the-middle attackers to install malware on computers

Apple logo from inside Apple Store in Boston

Researcher finds fault in Apple's Gatekeeper patch

Synack's Patrick Wardle says Gatekeeper can still be tricked into letting malware run

microsoft headquarters

Microsoft fixes critical flaws in Windows, Office, Edge, IE, other products

The company published nine security bulletins covering patches for 24 vulnerabilities


Trend Micro flaw could have allowed attackers to steal all passwords

Trend has patched that problem and another remote execution flaw found by a well-known Google security researcher


Drupal to secure its update process with HTTPS

Drupal to add HTTPS support and fix other issues with the content management system's update mechanism after a researcher recently found weaknesses

security hacker code cyberespionage

Antivirus software could make your company more vulnerable

Security researchers are worried that critical vulnerabilities in antivirus products are too easy to find and exploit

Security online

Exploit broker places $100k bounty on bypassing Flash Player's latest defenses

Flash Player's new heap isolation protection is already under attack

2015: The Year in Hacks

The most innovative and damaging hacks of 2015

The year's most significant attacks highlight how hackers are changing tactics -- and how IT security must evolve in the year ahead

fireeye soc

Google researchers find remote execution bug in FireEye security appliances

FireEye has patched the problem, which could give attackers full network access

Security online

Joomla patches critical remote execution bug

Users should immediately upgrade to version 3.4.6 to fix a vulnerability that is now being widely used by hackers

storage container

Docker, Twistlock, CoreOS, and the state of container security

Cryptographic hardware keys, inspecting for flawed software, and end-to-end trust add up to secure containers

150817 google marshmallow 03

Cisco patches permission hijacking issue in WebEx Meetings app for Android

The flaw made it possible for rogue apps to hijack the Cisco app's permissions

mobile payment wallet money smartphone

Mobile payment apps no safer than other mobile apps

A study of 10 popular mobile payment apps found they lack even the most basic security controls

Security online

Adobe patches flaws in ColdFusion, LiveCycle Data Services, and Premiere Clip

Adobe fixed important vulnerabilities in its ColdFusion application server, LiveCycle Data Services framework and Premiere Clip iOS app.

ten riskiest 00 title

10 old, risky applications you should stop using

Here's a security hole problem: Keeping around applications that have reached the ends of their lives, are no longer maintained by their original developers, and do not receive security updates

nikhil mittal black hat europe 2015

Continuous integration tools can be the Achilles' heel for a company's IT security

CI deployments are insecure in default configurations and allow the execution of commands on the underlying OS with system privileges

Bug bounty

Researchers find a fix for a Flash bug -- and future variants

Endgame Security researchers have identified a new mitigation technique to block use-after-free bugs similar to the one Adobe patched recently

Load More