Application Security

Application Security news, information, and how-to advice

security awareness lock data finger touch point up

Google discloses unpatched Windows vulnerability

Microsoft didn't fix the bug in Windows 8.1 within a 90-day deadline Google imposed


lighthouse night warning

How to maintain security in continuous deployment environments

If you wait till tomorrow to secure what continuous deployment took live yesterday, hackers will infect your application today

BitTorrent dismisses security concerns raised about its Sync app

The cryptographic implementation is solid and cannot be compromsied through a remote server, the company says

Adobe fixes 18 vulnerabilities in Flash Player

Fifteen of the vulnerabilities addressed in the updates are critical and can result in remote code execution

patch bandage band-aid first-aid ouch cure remedy

Microsoft plans monster security update for next week

'Whopping … overwhelming' slate with 16 security updates is the biggest in more than three years

Security alert for incoming threats.

Drupal sites, assume you've been hacked

SQL injection bug threatens the websites of enterprises, governments, and many other institutions using the open source Drupal CMS

serverskulls header

Advisory says to assume all Drupal 7 websites are compromised

Drupal urged users to apply an update on Oct. 13, but only those who patched within seven hours may be in the clear

Microsoft discloses zero-day flaw in PowerPoint, publishes quick fix

Attacks are under way using a PowerPoint flaw that affects nearly all versions of Windows, the company says

One week after patch, Flash vulnerability already exploited in large-scale attacks

The Fiesta exploit kit bundles an exploit for the CVE-2014-0569 vulnerability in Flash Player, researchers found

Hackers exploit two more Windows zero-day bugs

Microsoft plans to add this pair of vulnerabilities to today's Patch Tuesday

androidusb primary

The BadUSB exploit is deadly, but few may be hit

It's a case of good news/bad news with the BadUSB firmware exploit

Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws

Software projects that use the Bugzilla bug tracking software should deploy the latest patches immediately, security researchers said

Google triples bug bounty reward range to $15,000

Google hopes to deter security researchers from selling their information to cyber criminals

Cisco, Oracle find dozens of their products affected by Shellshock

Cisco has identified 71 products vulnerable to Shellshock and Oracle 51, but the number is likely to increase

482251631

Attacks against Shellshock continue as updated patches hit the Web

Updated patches for the vulnerability are in the works, but cyber criminals are targeting the flaw now

shellshock

Apple says most Mac users safe from Shellshock bug, promises quick fix

Don't panic! Your Mac is very, very unlikely to be affected by the Shellshock Bash vulnerability

security snafus deadly death skull bones fatal

Shellshocked: Yes, it's a huge threat, and here's why

InfoWorld's Paul Venezia describes in technical detail what he's seeing on his own servers -- and it's not good

Adobe releases previously delayed security updates for Reader and Acrobat

The updates fix eight vulnerabilities, including some that could be exploited to infect computers with malware

Security hole

New NSA-funded programming language could close long-standing security holes

Wyvern securely rolls five programming languages into one.

Load More