Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Indictment of Chinese Hackers Underscores Need for Stronger Cybersecurity

lpaine's picture
By Laura Paine December 20, 2018

According to a newly unsealed indictment, two Chinese nationals working with the Chinese ministry of state security have been charged with hacking a number of U.S. government agencies and corporations. The court filing indicates that Zhu Hua and Zhang Jianguo, members of Advanced Persistent Threat 10 (APT10), used phishing techniques in order to steal intellectual property, confidential business... READ MORE

SQLite Vulnerability May Be Putting Your Applications at Risk

cwysopal's picture
By Chris Wysopal December 18, 2018

Late last week, Tencent announced that researchers from its Blade Team had discovered a remote code execution (RCE) vulnerability in SQLite, dubbed Magellan. SQLite is a very popular embedded SQL server. It is one of the components inside many thousands of applications, including the Google Chromium browser. Google has since updated Chromium to contain the fixed version of SQLite, version 3.26.0... READ MORE

These Silent Fixes are Silent Killers in Open Source Security

lpaine's picture
By Laura Paine December 17, 2018

When it comes to open source software, it’s natural for development and security leaders to want to know that the code they’re using is secure. Historically, they’ve relied on traditional software composition analysis solutions and the National Vulnerability Database to mine for open source issues. Yet there is a little-discussed fact that open source begets open source. We know that developers... READ MORE

An Avoidable Breach That Could Happen to Any Organization

lpaine's picture
By Laura Paine December 12, 2018
How to avoid becoming the next Equifax

Following a 14-month investigation into the Equifax breach that affected 148 million consumers around the world, a new report from a House Oversight and Government Reform Committee has concluded that the breach was entirely preventable. According to the report, Equifax “failed to fully appreciate and mitigate its cybersecurity risks” and if it had taken action, “the data breach could have been... READ MORE

Open Source Risk Continues to Challenge Organizations’ Software Security

lpaine's picture
By Laura Paine December 10, 2018

The pressure on software development teams to produce more software, and faster, is greater than ever before. This demand has necessitated heavy adoption of open source libraries and components, as they empower developers to reach production deadlines by adding functionality to their code without starting wholly from scratch. Download the State of Software Security Volume 9 Software Composition... READ MORE

Marriott Confirms Breach Impacts As Many As 500 Million Guests

lpaine's picture
By Laura Paine November 30, 2018

Marriott International has disclosed that the guest reservation database of its Starwood division has been breached, affecting as many as 500 million guests. The company has also confirmed that there has been unauthorized access to the Starwood network since 2014. According to a report from the BBC, for roughly 327 million guests, the attacker was able to access personally identifiable... READ MORE

Retailers Fix Software Flaws Quickly, Despite Continued Code Quality Issues

lpaine's picture
By Laura Paine November 27, 2018

The 2018 holiday shopping season is off to a record-breaking start, thanks to consumers’ growing comfort with making online purchases and an increasing number of retailers offering Black Friday pricing starting on Thanksgiving. In fact, in the first two days of the shopping season, online retailers saw nearly $10 billion sales, with Adobe reporting that consumers in the U.S. alone spent $6.2... READ MORE

Instagram Bug Accidentally Reveals User Passwords

lpaine's picture
By Laura Paine November 20, 2018

Facebook and Instagram have been having a rough go of it this year. According to The Information, some Instagram users who made use of the platform's new feature received notification that their passwords were showing up in the URL of their web browsers. What's more, this information was also stored on Facebook's servers, causing a greater issue for anyone using a shared computer or an insecure... READ MORE

Quick Take: The Developer's Role in the Future of Secure Software Development

lpaine's picture
By Laura Paine November 19, 2018

The State of Software Security Volume 9 offers some of the most dramatic and concrete evidence to date on the positive effect DevSecOps practices have on the  state of software security. The data showed consistently that the more an organization scans per year, the faster security fixes are made. The frequent, incremental changes brought forth by DevSecOps makes it possible for these teams... READ MORE

Veracode at Black Hat Europe 2018

cwysopal's picture
By Chris Wysopal November 16, 2018
Get details on Veracode's presence at Black Hat Europe 2018.

We recently published the 9th volume of our State of Software Security (SoSS) report, and although there are some bright spots, the overall state of software security remains a work in progress. Nowhere is this more true than in Europe. In separate research conducted earlier this year, we found that organizations in Europe are very aware of and concerned about application security. A staggering... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu