Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

The Home Depot Breach Offers Key Lessons for Those Hoping to Avoid a Similar Fate

ewade's picture
By Evan Wade July 27, 2015  | Security News

Retail stores (and especially big-box, multiple-store, nationwide retail businesses) face unique security challenges when adapting to advancements in the digital age. Whether you're talking about the Internet or the smart devices that made it mobile, as a result of their existence, big-name resellers collect tons of sensitive consumer information every minute of every hour of every day... READ MORE

Branded Vulnerabilities May Change Enterprise Security

sdrew's picture
By Shawn Drew June 1, 2015  | Security News

For as long as malware, viruses and assorted vulnerabilities have existed, the most significant among them have been given names by the media. Lately, however, the practice of naming security flaws has evolved, building into a legitimate branding campaign for issues found in existing software. While seemingly benign, the practice of branding security issues may affect the way these flaws are... READ MORE

VENOM – Not as Deadly as a Heartbleed

jlavery's picture
By Jessica Lavery May 13, 2015  | Security News

This morning, CrowdStrike issued a vulnerability disclosure for CVE-2015-3456 — branded VENOM (Virtualized Environment Neglected Operations Manipulation). VENOM is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. I’ve seen a few articles from reputable outlets claiming that the vulnerability is “bigger than Heartbleed.... READ MORE

As Security Software Is Wasted, Establishing a Secure Development Process Is Crucial

sdrew's picture
By Shawn Drew May 6, 2015

Investing in security software is one of the wisest decisions business leaders can make, given the rampant growth in hacking and data theft over the past few years. But new research shows a significant portion of purchased security-related software is simply going to waste. Armed with this knowledge, every developer should establish a secure development process — or risk taking the blame when a... READ MORE

Don't Let Credit Card Hacking Happen to You!

jmontesi's picture
By John Montesi January 9, 2015  | Security News

In recent weeks, both Kmart and Staples have been victims of credit card hacking. This isn't the first time a major retailer has been attacked in such a way: According to the New York Times, Kmart and Staples have joined the ranks of Target, Home Depot, Sally Beauty Supply, the United Parcel Service, Dairy Queen and countless other retail stores and restaurants that "have had their in-... READ MORE

Web Application Security Testing: Why the Utilities Industry Can't Afford a Security Blackout

jmontesi's picture
By John Montesi December 16, 2014  | Security News

Web applications are surprisingly vulnerable to malicious attacks. No longer is the biggest threat to your safety an alleged, long-lost Nigerian uncle who needs all your bank account information so he can wire you a million dollars. Instead, an arsenal comprising parasitic apps, keyloggers, SQL injection and incredibly well-designed XSS shadow sites and emails is available to those who wish to... READ MORE

Why Secure Critical Infrastructure Is a Pillar of Society

ppaganini's picture
By Pierluigi Paganini December 11, 2014  | Security News

Critical infrastructure is the backbone of any country. Today, governments are acutely aware of the threat that terrorists, state-sponsored hackers, cybercriminals and hacktivists pose to control systems within a critical environment. As a result, protection (rightly) lies at the heart of every governmental cyberstrategy. The number of cyberattacks launched against critical infrastructures... READ MORE

Monetary Authority of Singapore (MAS) Compliance: As Easy as Chewing Gum and Walking

jmontesi's picture
By John Montesi October 23, 2014  | Security News

MAS-source-code-review.jpg Singapore is famous for its balmy weather, insanely clean streets — and maximum-security banks. The dark side of such a utopia is an overwhelming set of rules and regulations that can quickly become disastrous for tourists. The half-joke about visiting Singapore, chewing gum, and never leaving has a little too much truth to be funny. But I digress.... READ MORE

Is Protecting Against SQL Injection (and Other Issues) Worth $2.6 Million?

ewade's picture
By Evan Wade September 19, 2014  | Security News

sql-injection-cost-of-protection.jpg It's not exactly earth-shattering news: businesses like having (and making!) money. And it's likely no surprise that many companies achieve that goal in part by handling their operational costs as efficiently as possible. Whether they're selling cheeseburgers or slinging software, close attention paid to the cost of doing business is... READ MORE

FS-ISAC Issues Guidance on Third-Party Application Security

wnather's picture
By Wendy Nather January 8, 2014  | Security News 3

The following is a guest post by Wendy Nather, Research Director, Security, 451 Research. As a former CISO, I’m always happy to see practical advice for defenders. In increasing order of usefulness, there are these types of advice: “Here’s what could be wrong; you might want to take a look at that.” “This is wrong, and good luck fixing it.” “This is... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu