Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

It's Time To Rethink The Password. Yes, Again

eschuman's picture
By Evan Schuman June 6, 2016  | Security News

Every few months, another prominent person in software security suggests that the password needs to be done away with—and they invariably say it as though it's a new idea. In reality, the security community has effectively agreed for more than a decade that passwords are no longer sufficiently secure to protect the sensitive data it is tasked with protecting. And yet, just like the... READ MORE

If Government Data Threats Get Companies To Take Data Security Seriously, It May Be All Worthwhile

eschuman's picture
By Evan Schuman May 27, 2016  | Security News

Perceived security threats motivate IT people the same way they do everyone else. People react to how much a threat scares them, which sometimes has little relation to how truly threatening that threat is. Consider rank-and-file U.S. citizens and fears of terrorism. The potential damage by a terrorist is horrendous, but there are consumers who consider terrorist a far bigger threat then burglars... READ MORE

When US-CERT Issues an Alert, Does IT Listen?

eschuman's picture
By Evan Schuman May 18, 2016  | Security News

Last week, US-CERT (the U.S. Computer Emergency Readiness Team) issued an alert about an old SAP security hole after a vendor flagged that attackers were still using it. The initial problem was that SAP had apparently fixed the hole some six years ago, but gave users the choice whether to protect themselves or not. Candidly, that's an odd choice to offer IT execs, but it's easier to... READ MORE

Security Needs to Start Deep Within the OS: And It Needs to Start Now

eschuman's picture
By Evan Schuman May 12, 2016  | Security News

As strategic and essential as enterprise security is today, it is still, at its most fundamental level, an afterthought. We take the OS, apps, databases, network controls as they are given to us, and then we try and Band-Aid on top of it the best security we can. We use firewalls and filters and VPN tunnels and encryption to try and limit the damage software vulnerabilities can do. As a practical... READ MORE

Verizon’s 2016 Data Breach Investigations Report Demonstrates Traditional Approaches to AppSec Aren’t Working

jlavery's picture
By Jessica Lavery May 5, 2016  | Security News

It has taken me a few days to wade through all the data and information in this year’s Verizon Data Breach Investigations Report, but I’ve finally found the time to read it all the way to the end. As always, the report is full of interesting statistics about breach and incident trends. While each section of the report offered valuable insights and information, I found the section on... READ MORE

Examining Dark Territory With Fred Kaplan

jlavery's picture
By Jessica Lavery May 4, 2016  | Security News

On Tuesday night at RSA, CA Veracode held a book launch of Fred Kaplan’s Dark Territory: The Secret History of Cyber War. Kaplan was on site to sign copies of his book and to discuss the history of cyber war. That’s right, history, not future, of cyber war. Dark Territory looks back at the history of cyber war. Opening with a story from the Reagan administration, the book then... READ MORE

This Week's AppSec News Roundup

eseymour's picture
By Eric Seymour April 29, 2016  | Security News

Our weekly application security news roundup for April 25 to April 29 2016 features the 2016 Verizon report on data braches, details on the Bangladesh Central Bank breach and a breach at Qatar’s largest bank. Read on for details on the following headlines:  Verizon releases its annual data breach report, How Bangladesh Central Bank was hacked, IoT security growing, Breach at Qatar... READ MORE

Peripheral Security Issues Today Are Anything But Peripheral

eschuman's picture
By Evan Schuman April 25, 2016  | Security News

Last week, Microsoft issued an optional security alert relating to peripherals and specifically mice. Until the patch is implemented, Microsoft said, the peripheral could receive plain English—aka QWERTY—key packets in keystroke communications issued from receiving USB wireless dongles to the RP addresses of wireless mouse devices. This is a fine way for cyberthieves to hijack wireless mice and... READ MORE

My View of the Evolving Threat Landscape

sporemba's picture
By Sue Poremba April 19, 2016  | Security News

One of the most difficult challenges in cybersecurity – perhaps the most difficult challenge, depending on who you talk to – is how quickly the threat landscape changes and shifts. It seems as if no sooner is one set of security protocols in place, new regulations and compliances are required or the attack vector changes. It’s no wonder that so many companies struggle with security. I’ve been... READ MORE

This Week's AppSec News Roundup

eseymour's picture
By Eric Seymour April 16, 2016  | Security News

Our weekly application security news roundup for April 11 to April 15 2016 features commentary on Badlock, ransomware trends and a new Internet security threat report. Read on for details on the following headlines: Badlock vulnerability is not critical, Two major insurers enter cyber insurance arena, Symantec issues Internet security threat report, A new type of ransomware emerges, The U.S.... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu