Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Google researcher Tavis Ormandy releases tool for porting Windows DLLs to Linux to improve fuzzing - ports Windows Defender as demo [Read More]
Attackers can remotely hijack millions of systems using malicious subtitle files and vulnerabilities in popular media players [Read More]
In the light of a recent phishing attack targeting Gmail users, Google is updating its app identity guidelines and is implementing a more thorough review process for new web applications that request user data. [Read More]
A vulnerability in a forensics tool from Guidance Software can be exploited to hack the investigator’s computer and manipulate evidence [Read More]
Critical unauthenticated remote code execution vulnerability patched in open source automation server Jenkins [Read More]
Vulnerabilities in Bosch’s Drivelog Connect dongle and its mobile app allow hackers to send malicious CAN messages to a car and stop its engine [Read More]
Researchers find serious vulnerabilities in Riverbed’s SteelCentral application and network performance monitoring system [Read More]
DoubleAgent is a new attack method that abuses a legitimate Microsoft tool to hijack security products [Read More]
Google painted a bleak picture of cybersecurity trends, saying the number of websites hacked rose 32 percent in 2016, with little relief in sight. [Read More]
A recently disclosed User Account Control (UAC) bypass that leverages App Paths can be used for fileless attacks as well, security researcher Matt Nelson now says. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.
Nimmy Reichenberg's picture
There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications .
Tal Be'ery's picture
In this column, Tal explores the recent trend of hackers abusing the target’s Web application in order to launch an attack on the datacenter.
Michael Callahan's picture
While obscuring website code, server architecture, and security mechanisms doesn’t provide bullet-proof security on its own, it is actually pretty effective.