Application Security

Application security news, trends, analysis and practical advice

patch bandage scissors first-aid kit
email encryption

Security online

Pwn2Own ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

hacker, hackers, hacking

Adobe Reader, Edge, Safari and Ubuntu fall in first day at Pwn2Own

During the first day of the Pwn2Own hacking contest, security researchers successfully demonstrated exploits against Microsoft Edge, Apple's Safari, Adobe Reader and Ubuntu Desktop.

20160225 stock mwc ericsson booth security locks

How much are vendor security assurances worth after the CIA leaks?

Google, Apple, Microsoft and other software vendors are working to identify and patch the vulnerabilities described in the CIA leak, but ultimately this doesn't change the status quo of software security.

code programming software bugs cybersecurity

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

code programming software bugs cybersecurity

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

microsoft stock campus building

Google discloses unpatched IE flaw after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.

0 shadow it intro

8 steps to regaining control over shadow IT

Learn how to discover those employees who went roaming for outside services.

code programming software bugs cybersecurity

JavaScript-based attack simplifies browser exploits

Researchers have devised a new attack that can bypass address space layout randomization (ASLR) in browsers and possibly other applications.

161214 apple newyork

What happens when tech companies make television shows

Short version: It's not good. Apple's Planet of the Apps is not exactly popcorn-friendly.

BSOD

Vulnerability in Microsoft SMBv3 protocol crashes Windows PCs

Computers running fully patched Windows 10, 8.1, Server 2012, and 2016 are hit by Blue Screens when trying to connect to an infected server

20151027 oracle cloud on building 100625234 orig

Oracle patches raft of vulnerabilities in business applications

Oracle released its first batch of security patches this year fixing 270 vulnerabilities, mostly in business-critical applications.

Black Hat 2015

The CSO guide to top security conferences

CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

adobe systems headquarters san jose

Adobe patches critical flaws in Flash Player, Reader and Acrobat

Adobe Systems released security updates for its Flash Player, Adobe Reader and Acrobat products fixing critical vulnerabilities that could allow attackers to install malware on computers.

adobe systems headquarters san jose

Adobe patches critical flaws in Flash Player, Reader and Acrobat

Adobe Systems released security updates for its Flash Player, Adobe Reader and Acrobat products fixing critical vulnerabilities that could allow attackers to install malware on computers.

code programming software bugs cybersecurity

This tool can help weed out hard-coded keys from software projects

A security researcher developed a tool that can automatically detect sensitive access keys that were hard-coded inside software projects.

Badlock vulnerability logo

Google researchers help test cryptographic flaws

Security experts from Google have developed a test suite that allows developers to find weaknesses in their cryptographic libraries and implementations.

adobe systems headquarters san jose

Adobe fixes critical flaw in Flash Player

Adobe Systems released security updates for several products, including one for Flash Player that fixes a critical vulnerability that's already known and exploited by attackers.

1 working

Common security mistakes in collaboration tools

Collaboration tools have become all the rage, but has your IT department closed all security gaps.

Load More