Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Drupal 6.34 and Drupal 7.34 were released to address multiple moderately critical vulnerabilities affecting prior versions.
The creators of the jQuery Validation Plugin have fixed a vulnerability in a demo component that was first reported to them more than three years ago.
Researchers claim that a new attack method can be leveraged to silently modify the digital ballots used in the Internet voting process.
Microsoft has acquired Israeli cyber security startup Aorato, a company focused on protecting Active Directory deployments.
Invision Power Services (IPS) has released patches to address an SQL injection vulnerability affecting versions 3.3.x and 3.4.x of the popular online forum software IP.Board.
Las Vegas, Nevada-based telemedicine company Cytta Corp. reported on Monday that hackers managed to change the organization's officer and director information in the Nevada Secretary of State corporate filing system.
PHP released versions 5.6.2, 5.5.18 and 5.4.34 of the scripting language. In addition to some functionality bugs, the latest releases address a series of security-related flaws.
Trustwave researcher Ben Hayak presented an attack method, which he calls Same Origin Method Execution (SOME), at the Back Hat Europe security conference in Amsterdam, the Netherlands.
A security researcher has uncovered a new attack vector called "Reflected File Download" where a malicious file can be downloaded without actually being uploaded anywhere.
WordPress is the most attacked content management system (CMS), according to a report from Imperva. Analysis showed that WordPress websites were attacked 24.1% more than sites running on all other CMS platforms combined.

FEATURES, INSIGHTS // Application Security

rss icon

Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
Danelle Au's picture
Cloud service providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to and usage of the cloud application.
Danelle Au's picture
Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.
Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
view counter