Sign up for our weekly newsletter!
REGISTER NOW
News & Views
Latest Content tagged with Application Security
Page 1 / 2   >   >>
Are US & UK Firms Keeping up With 'Best Practice' Password Management?
Larry Loeb  
6/14/2019   Post a comment
Companies think that they are much safer than their actual password practices would suggest.
Are Consumers Afraid of Biometrics for E-Commerce?
Larry Loeb  
6/12/2019   Post a comment
Researchers found that 81% of consumers still favor passwords for making payments online due to concerns about the security of new biometric options.
Study Finds Most Popular iOS Apps Are Not Encrypting Data
Larry Loeb  
6/7/2019   1 comment
Wandera found that two-thirds (67.8%) of apps still disable Apple Transport Security (ATS) globally and don't set any granular exceptions for specific functions.
Windows Remote Code Execution Vulnerability Requires More Than Just Patching
Larry Loeb  
6/4/2019   Post a comment
But nobody said it was going to be easy...
HawkEye Malware Finds Renewed Life With Financially Motivated Actors
Larry Loeb  
5/29/2019   Post a comment
IBM X-Force researchers have reported an increase in the HawkEye v9 keylogger infection campaigns after they looked at data from the IBM X-Force effort during April and May 2019.
DevSecOps Enables Security to Finally Move at the Speed of the Business
Tim Woods  
5/20/2019   1 comment
In the DevSecOps model, security teams are fully integrated into the DevOps process.
SharePoint Problem Returns. Be Afraid.
Larry Loeb  
5/14/2019   3 comments
Both Canada and Saudi Arabia issued alerts to the security community that they had observed traces of CVE-2019-0604 as part of other cyber attacks.
Cybercrime Study Finds Increasing Costs as Well as Changing Targets & Methods
Larry Loeb  
5/3/2019   10 comments
Accenture and Ponemon Institute say that they are analyzing the latest cost numbers of cybercrime to try and help leaders to better target security investments and resources.
Bootstrapping Security Programs: How to Gradually Implement an Enterprise-Level Security Program at a Fast-Growing Startup
Marzena Fuller  
5/2/2019   3 comments
You can't expect to build an adequate security program without investment in both people and security tools.
190,000 Accounts in Docker Hub Database May Have Been Exposed
Larry Loeb  
5/1/2019   7 comments
Potentially poisoned images could be distributed without the distributors realizing that this is occurring.
Shadow IT & Unsecured Data Still Rampant Within the Digital Workplace
Larry Loeb  
4/30/2019   10 comments
The digital workplace is full of opportunities for improvement.
NIST Offers Improved Software Testing
Larry Loeb  
4/29/2019   11 comments
Combinatorial testing is a software testing method that the National Institute of Science and Technology (NIST) likes a lot.
Enterprise Attacks Increase 235%: Trojans & Ransomware Most Common
Larry Loeb  
4/26/2019   19 comments
The Malwarebytes Labs Cybercrime Tactics and Techniques Q1 2019 report found in just one year, threats aimed at corporate targets have increased by 235%. Trojans, such as Emotet, and ransomware were the most likely attacks.
New Fix for jQuery Vulnerabilities
Larry Loeb  
4/24/2019   5 comments
A security patch has been made for jQuery to mitigate 'prototype pollution.'
Over 500 Million Chrome iOS Sessions Hijacked in Massive Malvertising Campaign
Larry Loeb  
4/22/2019   18 comments
Confiant has spotted the known threat actor eGobbler back in action.
FIN6 Expands Its Range With Ransomware
Larry Loeb  
4/8/2019   Post a comment
The well-known FIN6 group has been spotted trying its luck at a new game: ransomware.
Attackers Use 'Well-Known' Hidden HTTPS Directory to Spread Ransomware & Phishing Pages
Larry Loeb  
4/5/2019   1 comment
Researchers from security firm Zscaler's ThreatLabZ found themselves looking at WordPress and Joomla sites that were serving Shade/Troldesh ransomware (which has been known since 2014), backdoors, redirectors and a variety of phishing pages.
Vulnerabilities Found in Kubernetes Container System
Larry Loeb  
4/3/2019   2 comments
Trouble with tarballs and more.
Almost 1 Billion Emails With Personal Information Left Unsecured
Larry Loeb  
4/1/2019   40 comments
As leaks go, it's a whopper, and a so-called email validation service provider is to blame.
Android Banking Trojan 'Gustuff' Becomes More Dangerous
Larry Loeb  
3/29/2019   35 comments
New report puts Gustuff into the same threat tier as Anubis, Red Alert, Exobot, LokiBot and BankBot.
Worldwide Study Finds Limited Advances Against Evolving Threats
Larry Loeb  
3/28/2019   16 comments
Security vendor SonicWall has issued its SonicWall Cyber Threat Report based on its experiences in 2018.
Norsk Hydro: This Is How You React to a Ransomware Breach
Larry Loeb  
3/25/2019   10 comments
The company's response to a massive ransomware attack is an object lesson in how to do it right.
FIN7 Resurfaces With New Malware Techniques
Larry Loeb  
3/22/2019   5 comments
The FIN7 group of cyber criminals is still going strong.
Convergence: Real Problems When it Comes to Securing the IoT/IIoT
Alan Zeichick  
3/14/2019   Post a comment
Today, enterprises are dealing with a proliferation of connected devices that probably aren't dedicated to computing – think video cameras, inventory sensors, machine tools, thermostats and environmental monitors.
InfoSec Community Excited as NSA Releases Ghidra 9.0 to the Public
Larry Loeb  
3/7/2019   Post a comment
At the RSA Conference in San Francisco this week, the National Security Agency released to the public one of its internal tools, Ghidra 9.0, which is used for software reverse engineering. The NSA has been using it internally for a decade.
Boosted Rowhammer & Cache Attacks Spell Bad News for Intel
Larry Loeb  
3/5/2019   Post a comment
Researchers from Worcester Polytechnic Institute in Massachusetts and the University of Lübeck in Germany have published a paper that is really bad news for Intel.
Take White Hats Seriously to Staunch the Flow of Zero-Days
Joe Stanganelli  
2/19/2019   10 comments
Zero-day vulnerabilities are serious, and on the rise. And IT-security teams make the problem worse when they fail to respond, or respond poorly, to responsible vulnerability disclosures.
Modern Enterprise – Stewards of Personal Data
Larry Loeb  
2/6/2019   3 comments
Get on the nine-step program if you want to assure data privacy.
'Steganography' Obsfucation Hides Old PDF Exploits From Antivirus Tools
Larry Loeb  
1/28/2019   20 comments
EdgeSpot has found two new obsfucation methods to hide old PDF exploits from various antivirus tools.
Microsoft Looks to Squash Bugs in its Azure DevOps Product
Larry Loeb  
1/21/2019   18 comments
Microsoft's latest bug-hunting program is targeting the company's Azure DevOps platform, which looks to make software development more secure.
Vulnerability Puts Millions of Fortnite Players at Risk, Check Point Finds
Jeffrey Burt  
1/18/2019   3 comments
Epic Games, the developer of Fortnite, fixed vulnerabilities in its web infrastructure that researchers said exposed the sensitive information of users of the wildly popular online game.
Average Cyber Attack Cleanup Tops $1M, Radware Finds
News Analysis  
1/15/2019   1 comment
Over the last year, the amount that companies pay out to clean up from a cyber attack jumped more than 50%, topping $1 million on average, according to a new industry survey from Radware.
Texas City Hit With Ransomware
News Analysis  
1/15/2019   Post a comment
It's back to paper and pen for a while for Del Rio, Texas, which was hit with a ransomware attack earlier this month.
Ryuk Ransomware Origin Remains a Mystery
News Analysis  
1/14/2019   Post a comment
After shutting down newspaper printing facilities, as well as a cloud hosting firm, security researchers are debating who is behind the Ryuk ransomware. While it seemed that North Korea played a role, more research shows that a Russian gang might be responsible.
US Government Shutdown Preventing SSL Certificates From Being Renewed
Larry Loeb  
1/14/2019   Post a comment
The shutdown of the federal government is not only affecting federal workers, but the websites that various departments run. Specifically, SSL certificates are not being renewed.
ServHelper & FlawedGrace Malware Highlight Shift in Cyber Attacks
Jeffrey Burt  
1/11/2019   Post a comment
The ServHelper and FlawedGrace malware developed by threat group TA505 exemplify the move away from smash-and-grab ransomware toward more stealthy, longer campaigns, according to a recent analysis by Proofpoint.
Radware Boosts Bot-Fighting Capabilities With ShieldSquare Acquisition
News Analysis  
1/8/2019   Post a comment
Radware plans to bolster its cloud security portfolio with a deal for ShieldSquare, which offers tools for fighting bots.
New Malvertising Campaign Delivers Vidar Stealer Plus Ransomware
News Analysis  
1/8/2019   Post a comment
Malwarebytes Labs has uncovered a new malvertising campaign in the wild that delivers a one-two punch: the Vidar data stealer and GrandCrab ransomware.
Ryuk Ransomware Tied to Printing Press & Cloud Service Provider Attacks
News Analysis  
1/3/2019   7 comments
A series of cyber attacks over the holiday week that targeted newspaper printing presses and a cloud service provider are tied to a specific strain of ransomware called Ryuk.
EU's FOSSA Project Launches New Bug Bounty Program
Larry Loeb  
1/3/2019   4 comments
The European Union's FOSSA project is launching its first-ever bug bounty program that will focus on 15 different software platforms starting later in January.
4 Global Cybersecurity Threats for 2019
News Analysis  
12/31/2018   4 comments
As the calendar turns to 2018, ISF is urging members to watch out for four specific security issues: ransomware, legislation, IoT and supply chain.
Healthcare Industry Still in Ransomware Crosshairs
Jeffrey Burt  
12/27/2018   16 comments
A report by Kaspersky researchers has found that healthcare organizations in the US and Canada are still at heightened risk of ransomware attacks.
SOP Story: Why Protecting Web Browsers Remains a Security Cornerstone
Larry Loeb  
12/24/2018   22 comments
One of the oldest ways to protect content on the web is SOP. However, it's not always implemented in the same way on all browsers. This can complicate one of the main cornerstones of Internet security.
Cloud Backup: How It Can Protect Against Ransomware
Jeffrey Burt  
12/20/2018   1 comment
For enterprises anxious to avoid being extorted by attackers using ransomware, backing up data to the cloud is an option to consider, though it's not the answer for everyone.
McAfee: IoT & Crypomining Malware Growth Exploded in Q3
News Analysis  
12/20/2018   6 comments
In its new quarterly threat report, McAfee Labs researchers found that malware targeting IoT devices, as well as cryptomining, continued to grow, specifically by taking advantage of lax security practices.
Jenkins Flaw Can Allow Attackers to Log In as Admins
Larry Loeb  
12/19/2018   4 comments
New research from CyberArk finds a critical flaw in Jenkins servers that can allow an attacker to log in as an administrator, which can lead to any number of compromises and malicious activity.
Many Enterprises Still Blind to Security Risk, Study Finds
Jeffrey Burt  
12/19/2018   1 comment
Even as organizations continue to get hit with cyber attacks, they're struggling to accurately measure the costs of such events to their operations, a report by Tenable and the Ponemon Institute found.
SQLite Vulnerability Could Put Thousands of Apps at Risk
Larry Loeb  
12/17/2018   6 comments
A significant bug in SQLite could allow for remote code execution, leaks of memory and program crashes within thousands of apps, according to new research.
Page 1 / 2   >   >>




Latest Articles
Companies think that they are much safer than their actual password practices would suggest.
Security firm Preempt issued an advisory that showed how to conceptually bypass the Enhanced Protection for Authentication that prevents attackers from performing a relay of NT Lan Manager messages to top-level security sessions.
Researchers found that 81% of consumers still favor passwords for making payments online due to concerns about the security of new biometric options.
Over the next two years, vulnerability disclosure will evolve from a predominantly altruistic endeavor to one that actively damages organizations.
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
Join editor Curt Franklin and guest Rebekah Brown, threat intelligence lead at Rpaid7, as they discuss the the most important news at one of the largest security conferences of 2017.
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with