Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Security Needs to Start Deep Within the OS: And It Needs to Start Now

eschuman's picture
By Evan Schuman May 12, 2016  | Security News

As strategic and essential as enterprise security is today, it is still, at its most fundamental level, an afterthought. We take the OS, apps, databases, network controls as they are given to us, and then we try and Band-Aid on top of it the best security we can. We use firewalls and filters and VPN tunnels and encryption to try and limit the damage software vulnerabilities can do. As a practical... READ MORE

Verizon’s 2016 Data Breach Investigations Report Demonstrates Traditional Approaches to AppSec Aren’t Working

jlavery's picture
By Jessica Lavery May 5, 2016  | Security News

It has taken me a few days to wade through all the data and information in this year’s Verizon Data Breach Investigations Report, but I’ve finally found the time to read it all the way to the end. As always, the report is full of interesting statistics about breach and incident trends. While each section of the report offered valuable insights and information, I found the section on... READ MORE

Examining Dark Territory With Fred Kaplan

jlavery's picture
By Jessica Lavery May 4, 2016  | Security News

On Tuesday night at RSA, CA Veracode held a book launch of Fred Kaplan’s Dark Territory: The Secret History of Cyber War. Kaplan was on site to sign copies of his book and to discuss the history of cyber war. That’s right, history, not future, of cyber war. Dark Territory looks back at the history of cyber war. Opening with a story from the Reagan administration, the book then... READ MORE

This Week's AppSec News Roundup

eseymour's picture
By Eric Seymour April 29, 2016  | Security News

Our weekly application security news roundup for April 25 to April 29 2016 features the 2016 Verizon report on data braches, details on the Bangladesh Central Bank breach and a breach at Qatar’s largest bank. Read on for details on the following headlines:  Verizon releases its annual data breach report, How Bangladesh Central Bank was hacked, IoT security growing, Breach at Qatar... READ MORE

Peripheral Security Issues Today Are Anything But Peripheral

eschuman's picture
By Evan Schuman April 25, 2016  | Security News

Last week, Microsoft issued an optional security alert relating to peripherals and specifically mice. Until the patch is implemented, Microsoft said, the peripheral could receive plain English—aka QWERTY—key packets in keystroke communications issued from receiving USB wireless dongles to the RP addresses of wireless mouse devices. This is a fine way for cyberthieves to hijack wireless mice and... READ MORE

My View of the Evolving Threat Landscape

sporemba's picture
By Sue Poremba April 19, 2016  | Security News

One of the most difficult challenges in cybersecurity – perhaps the most difficult challenge, depending on who you talk to – is how quickly the threat landscape changes and shifts. It seems as if no sooner is one set of security protocols in place, new regulations and compliances are required or the attack vector changes. It’s no wonder that so many companies struggle with security. I’ve been... READ MORE

This Week's AppSec News Roundup

eseymour's picture
By Eric Seymour April 16, 2016  | Security News

Our weekly application security news roundup for April 11 to April 15 2016 features commentary on Badlock, ransomware trends and a new Internet security threat report. Read on for details on the following headlines: Badlock vulnerability is not critical, Two major insurers enter cyber insurance arena, Symantec issues Internet security threat report, A new type of ransomware emerges, The U.S.... READ MORE

Badlock Is A Serious Hole, But How It Was Preannounced Is A Disgrace

eschuman's picture
By Evan Schuman April 14, 2016  | Security News

There is something unnerving—and even a tad repugnant—about announcing that there's a massive security hole and that it won't be patched for weeks. Welcome to Badlock. What possible legitimate security goal is advanced by this publicity stunt? The bug, which marketers for Samba dubbed Badlock, is extremely serious and potentially disruptive, which is what makes the... READ MORE

This Week's AppSec News Roundup

eseymour's picture
By Eric Seymour April 1, 2016  | Security News

Our weekly application security news roundup for March 28 to April 1 2016 features “Google dorking,” another healthcare institution malware victim, new Android vulnerability, and details on Petya ransomware. Read on for details on the following headlines: Investigators suspect “Google dorking” in Iranian hackers’ attempt to attack a New York dam, Healthcare... READ MORE

Hospitals Are Security's Biggest Nightmare

eschuman's picture
By Evan Schuman March 31, 2016  | Security News

Cyberattacks on hospitals represent the true security nightmare scenario. It combines privacy risks far more severe than attacks on the largest banks or retailers with life-and-limb risks that rival remote takeovers of nuclear power plants and cars. An attacker could change the type and quantity of a prescribed drug, steal and sell intimate medical details and change test findings, which could... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu