Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Docker, a platform used to build, ship, and run distributed applications, has been updated to version 1.3.2 to address two critical vulnerabilities.
Thousands of backdoored plugins and themes for popular content management systems (CMS) are being leveraged by a threat group to abuse Web servers on a large scale.
Radware has launched a new hybrid solution designed to help enterprise organizations detect and protect against sophisticated and volumetric DDoS attacks.
WordPress 4.0.1 fixes several vulnerabilities, including a critical flaw that could have been exploited to compromise websites.
Drupal 6.34 and Drupal 7.34 were released to address multiple moderately critical vulnerabilities affecting prior versions.
The creators of the jQuery Validation Plugin have fixed a vulnerability in a demo component that was first reported to them more than three years ago.
Researchers claim that a new attack method can be leveraged to silently modify the digital ballots used in the Internet voting process.
Microsoft has acquired Israeli cyber security startup Aorato, a company focused on protecting Active Directory deployments.
Invision Power Services (IPS) has released patches to address an SQL injection vulnerability affecting versions 3.3.x and 3.4.x of the popular online forum software IP.Board.
Las Vegas, Nevada-based telemedicine company Cytta Corp. reported on Monday that hackers managed to change the organization's officer and director information in the Nevada Secretary of State corporate filing system.

FEATURES, INSIGHTS // Application Security

rss icon

Adam Firestone's picture
Security requirements for information assurance, risk management, and certification and accreditation constrain Government organizations with respect to software allowed on Government networks.
Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
Danelle Au's picture
Cloud service providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to and usage of the cloud application.
Danelle Au's picture
Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.
Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.