Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Badlock Is A Serious Hole, But How It Was Preannounced Is A Disgrace

eschuman's picture
By Evan Schuman April 14, 2016  | Security News

There is something unnerving—and even a tad repugnant—about announcing that there's a massive security hole and that it won't be patched for weeks. Welcome to Badlock. What possible legitimate security goal is advanced by this publicity stunt? The bug, which marketers for Samba dubbed Badlock, is extremely serious and potentially disruptive, which is what makes the... READ MORE

Introducing Python Support

skinzer's picture
By Sean Kinzer April 3, 2016

On our journey to ensure all open-source is being used safely, we have taken a step forward by adding language support for a growing community of developers. I am happy to announce that you can now scan your Python 2 applications and see if they are using vulnerable open-source libaries. We mirror PyPi packages in our library catalog, and already have hundreds of Python vulnerabilities cataloged... READ MORE

This Week's AppSec News Roundup

eseymour's picture
By Eric Seymour April 1, 2016  | Security News

Our weekly application security news roundup for March 28 to April 1 2016 features “Google dorking,” another healthcare institution malware victim, new Android vulnerability, and details on Petya ransomware. Read on for details on the following headlines: Investigators suspect “Google dorking” in Iranian hackers’ attempt to attack a New York dam, Healthcare... READ MORE

Hospitals Are Security's Biggest Nightmare

eschuman's picture
By Evan Schuman March 31, 2016  | Security News

Cyberattacks on hospitals represent the true security nightmare scenario. It combines privacy risks far more severe than attacks on the largest banks or retailers with life-and-limb risks that rival remote takeovers of nuclear power plants and cars. An attacker could change the type and quantity of a prescribed drug, steal and sell intimate medical details and change test findings, which could... READ MORE

This Week's AppSec News Roundup

eseymour's picture
By Eric Seymour March 25, 2016  | Security News

Our weekly application security news roundup for March 21 to 25 2016 features Badlock, the security of hospitals and federal agencies, and a new Android vulnerability. Read on for details on the following headlines:  The Badlock bug will be disclosed in April Verizon’s breach division attacked Federal agency security incidents are on the rise New report shows federal agencies fall... READ MORE

Vulnerability Hype: No Longer Helping Improve AppSec Awareness

cwysopal's picture
By Chris Wysopal March 25, 2016  | Security News

It used to be a vulnerability was disclosed, a few people who paid attention to such things blogged about it, patches were made, and we went about our day. During this time, not enough people understood the importance of application security and remediating vulnerabilities. It wasn’t mainstream, and it certainly wasn’t considered major news. Application security just wasn’t... READ MORE

Today's AppSec News: Bangladesh Bank Hack, NJ Town Victim of Ransomware

eseymour's picture
By Eric Seymour March 21, 2016  | Security News

In today’s news, we have an interim investigative report on the Bangladesh Bank hack, a flaw discovered in Apple’s iMessage encryption, the town of Plainfield N.J. gets targeted in a ransomware attack, research finds 24 vehicle keys vulnerable to unlocking, and Google has made its binary code analysis tool BinDiff free for security researchers. The Investigation Continues on the... READ MORE

Today's AppSec News: New Android Vulnerabilities

eseymour's picture
By Eric Seymour March 17, 2016  | Security News

In today’s news, millions of Android users may be at risk from another "Stagefright" security flaw, Islamic State hackers posted a "kill list" of Minnesota cops and an Android vulnerability could allow for “easy” root access. New 'Metaphor' Android Virus Can Hack Samsung, LG and HTC Phones in 15 Seconds Millions of Android users may be at risk... READ MORE

Today's AppSec News: NY Times hit with malvertising, XSS in some VMware products

eseymour's picture
By Eric Seymour March 16, 2016  | Security News

Major News Websites Hit by Malvertising Attacks Major websites including the BBC, Newsweek, The New York Times and MSN ran malicious online advertisements on Sunday that attacked users’ computers, a campaign that one expert said was the largest seen in two years. "Researchers at Trend Micro, Malwarebytes, and Trustwave each reported a spike in malicious traffic over the... READ MORE

AppSec News Roundup: March 15, 2016

eseymour's picture
By Eric Seymour March 15, 2016  | Security News

Bangladesh Central Bank Chief Resigns After Funds Stolen by Hackers In the latest development on the Bangladesh hack, Atiur Rahman, governor of the bank, resigned Tuesday after more than $100 million was stolen from the bank's account at the Federal Reserve Bank of New York last month. The WSJ reports, "Finance Minister Abul Maal Abdul Muhith said Tuesday... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu