Application Security

Application security news, trends, analysis and practical advice

security padlock on keyboard locked computer stock
microsoft headquarters

todd mckinnon oktane15

Okta's API access product targets the trend toward services

Okta changed key parts of its product portfolio to attract new users to its corporate identity management and access control platforms.

hacker hacked unsecure theft passwords

Forget two-factor authentication, here comes context-aware authentication

The stakes are high and cloud vendors know it. Is context-aware authentication the next safety net?

social media applications 000019365398

Surefire security fail: One. App. At. A. Time.

A centralized approach that governs how apps interact and what they are allowed to do is essential.

code vulnerability software

Flaws in Oracle file-processing SDKs affect major third-party products

Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle on Tuesday also affect products from third-party software vendors, including Microsoft.

20151027 openworld oracle cloud signs

Oracle issues largest patch bundle ever, fixing 276 security flaws

Oracle has released a new batch of security updates for over 80 products from its software portfolio to fix 276 vulnerabilities.

Ubuntu China

Ubuntu Forums database breached

Ubuntu support forums users should be on the lookout for dodgy emails after the website's database of 2 million email addresses has been stolen.

microsoft headquarters

Microsoft fixes critical flaws in IE, Edge, Office and Windows print services

Microsoft's new batch of security patches fixes 47 vulnerabilities across its products, including in Internet Explorer, Edge, Office, Windows and the .NET Framework.

encryption decryption key code

Salesforce expands encryption options with 'bring your own key'

Salesforce on Tuesday stepped up its efforts to woo security-conscious businesses by adding "bring your own key" encryption to its Salesforce Shield set of cloud services.

wordpress logo 8

Serious flaw fixed in widely used WordPress plug-in

The latest version of the All in One SEO Pack plug-in for WordPress fixes a flaw that could be used to hijack the site's admin account.

web development code

Enterprise software developers continue to use flawed code in apps

Companies that develop enterprise applications download over 200,000 open-source components on average every year -- and one in sixteen of those components has security vulnerabilities.

dlink dcs 930l camera webcame wireless

Update: Code reuse exposes over 120 D-Link device models to hacking

A recently discovered vulnerability in a D-Link network camera exists in over 120 different D-Link products and allows attackers to remotely take over the affected devices.


Lenovo ThinkPwn UEFI exploit also affects products from other vendors

A critical vulnerability that was recently found in the low-level firmware of Lenovo ThinkPad systems also may exist in products from other vendors including HP and Gigabyte Technology.


Thousands of hacked CCTV devices used in DDoS attacks

Attackers have compromised more than 25,000 digital video recorders and CCTV cameras and are using them to launch distributed denial-of-service (DDoS) attacks against websites.

1password android

Biometrics is the new cool -- LogMeOnce goes password free

Biometric identity is the new bastion of access control. LogMeOnce enters the fray

3 patches

Lenovo patches two high-severity flaws in PC support tool

Lenovo has fixed two high severity vulnerabilities in its Lenovo Solution Center support tool that is preinstalled on many laptop and desktop PCs.

code big data binary programming

Severe flaws in widely used archive library put many projects at risk

Researchers from Cisco Systems' Talos group found three severe flaws in libarchive that could impact a large number of software products and their users.

20151005 cisco headquarters sign

Flaws open Cisco small-business routers, firewalls to hacking

Three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that attackers can exploit remotely to take control of devices.

Microsoft Windows patch tuesday bug

Microsoft fixes critical flaws in Windows, IE, Edge, Office

Microsoft has fixed over 40 vulnerabilities in its products Tuesday, including critical ones in Windows, Internet Explorer, Edge and Office.

Load More