Application Security

Application Security news, information, and how-to advice

BitTorrent dismisses security concerns raised about its Sync app

The cryptographic implementation is solid and cannot be compromsied through a remote server, the company says

Adobe fixes 18 vulnerabilities in Flash Player

Fifteen of the vulnerabilities addressed in the updates are critical and can result in remote code execution


patch bandage band-aid first-aid ouch cure remedy

Microsoft plans monster security update for next week

'Whopping … overwhelming' slate with 16 security updates is the biggest in more than three years

Security alert for incoming threats.

Drupal sites, assume you've been hacked

SQL injection bug threatens the websites of enterprises, governments, and many other institutions using the open source Drupal CMS

serverskulls header

Advisory says to assume all Drupal 7 websites are compromised

Drupal urged users to apply an update on Oct. 13, but only those who patched within seven hours may be in the clear

Microsoft discloses zero-day flaw in PowerPoint, publishes quick fix

Attacks are under way using a PowerPoint flaw that affects nearly all versions of Windows, the company says

One week after patch, Flash vulnerability already exploited in large-scale attacks

The Fiesta exploit kit bundles an exploit for the CVE-2014-0569 vulnerability in Flash Player, researchers found

Hackers exploit two more Windows zero-day bugs

Microsoft plans to add this pair of vulnerabilities to today's Patch Tuesday

androidusb primary

The BadUSB exploit is deadly, but few may be hit

It's a case of good news/bad news with the BadUSB firmware exploit

Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws

Software projects that use the Bugzilla bug tracking software should deploy the latest patches immediately, security researchers said

Google triples bug bounty reward range to $15,000

Google hopes to deter security researchers from selling their information to cyber criminals

Cisco, Oracle find dozens of their products affected by Shellshock

Cisco has identified 71 products vulnerable to Shellshock and Oracle 51, but the number is likely to increase

482251631

Attacks against Shellshock continue as updated patches hit the Web

Updated patches for the vulnerability are in the works, but cyber criminals are targeting the flaw now

shellshock

Apple says most Mac users safe from Shellshock bug, promises quick fix

Don't panic! Your Mac is very, very unlikely to be affected by the Shellshock Bash vulnerability

security snafus deadly death skull bones fatal

Shellshocked: Yes, it's a huge threat, and here's why

InfoWorld's Paul Venezia describes in technical detail what he's seeing on his own servers -- and it's not good

Adobe releases previously delayed security updates for Reader and Acrobat

The updates fix eight vulnerabilities, including some that could be exploited to infect computers with malware

Security hole

New NSA-funded programming language could close long-standing security holes

Wyvern securely rolls five programming languages into one.

Popular Android apps fail basic security tests, putting privacy at risk

Instagram and Grindr stored images on their servers that were accessible without authentication

Adobe slates critical Reader security update for Tuesday

Adobe plans to issue security updates for its PDF viewer Reader and for Acrobat to fix critical flaws in the software on Windows and Apple's OS X

Many Chrome browser extensions do sneaky things

A study of 48,000 Chrome extensions uncovers ad fraud, data theft, and other misdeeds

Load More