Application Security

Application security news, trends, analysis and practical advice

1 working
Android statues

Adobe Flash player v10 icon

Adobe fixes flaws in Flash Player and Adobe Connect

Adobe Systems released security patches for its widely used Flash Player software as well as its Adobe Connect web conferencing platform that's popular in enterprise environments.

security thinkstock

Flaw in Intel CPUs could help attackers defeat ASLR exploit defense

A feature in Intel's Haswell CPUs can be abused to reliably defeat an anti-exploitation technology that exists in all major operating systems, researchers have found.

00 intro devops

7 ways DevOps can benefit CISOs and their security programs

Many organizations are regularly pushing out tens if not hundreds of releases and updates on a daily basis. With help and guidance from the security team, organizations can push secure releases on the first try and save lots of money...

security padlock on keyboard locked computer stock

Adobe fixes critical flaws in Flash Player and Digital Editions

Adobe Systems has fixed over 30 vulnerabilities in its Flash Player and Digital Editions products, most of which could be exploited to remotely install malware on computers.

microsoft headquarters

Microsoft bug bounty program adds .NET Core and ASP.NET Core

Microsoft has expanded its bug bounty programs to cover its open-source .NET Core and ASP.NET Core application development platforms.

todd mckinnon oktane15

Okta's API access product targets the trend toward services

Okta changed key parts of its product portfolio to attract new users to its corporate identity management and access control platforms.

hacker hacked unsecure theft passwords

Forget two-factor authentication, here comes context-aware authentication

The stakes are high and cloud vendors know it. Is context-aware authentication the next safety net?

social media applications 000019365398

Surefire security fail: One. App. At. A. Time.

A centralized approach that governs how apps interact and what they are allowed to do is essential.

code vulnerability software

Flaws in Oracle file-processing SDKs affect major third-party products

Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle on Tuesday also affect products from third-party software vendors, including Microsoft.

20151027 openworld oracle cloud signs

Oracle issues largest patch bundle ever, fixing 276 security flaws

Oracle has released a new batch of security updates for over 80 products from its software portfolio to fix 276 vulnerabilities.

Ubuntu China

Ubuntu Forums database breached

Ubuntu support forums users should be on the lookout for dodgy emails after the website's database of 2 million email addresses has been stolen.

microsoft headquarters

Microsoft fixes critical flaws in IE, Edge, Office and Windows print services

Microsoft's new batch of security patches fixes 47 vulnerabilities across its products, including in Internet Explorer, Edge, Office, Windows and the .NET Framework.

encryption decryption key code

Salesforce expands encryption options with 'bring your own key'

Salesforce on Tuesday stepped up its efforts to woo security-conscious businesses by adding "bring your own key" encryption to its Salesforce Shield set of cloud services.

wordpress logo 8

Serious flaw fixed in widely used WordPress plug-in

The latest version of the All in One SEO Pack plug-in for WordPress fixes a flaw that could be used to hijack the site's admin account.

web development code

Enterprise software developers continue to use flawed code in apps

Companies that develop enterprise applications download over 200,000 open-source components on average every year -- and one in sixteen of those components has security vulnerabilities.

dlink dcs 930l camera webcame wireless

Update: Code reuse exposes over 120 D-Link device models to hacking

A recently discovered vulnerability in a D-Link network camera exists in over 120 different D-Link products and allows attackers to remotely take over the affected devices.

Security

Lenovo ThinkPwn UEFI exploit also affects products from other vendors

A critical vulnerability that was recently found in the low-level firmware of Lenovo ThinkPad systems also may exist in products from other vendors including HP and Gigabyte Technology.

ddos

Thousands of hacked CCTV devices used in DDoS attacks

Attackers have compromised more than 25,000 digital video recorders and CCTV cameras and are using them to launch distributed denial-of-service (DDoS) attacks against websites.

Load More