Tag Archives: application security

New Webinar: Security at the Speed of Development with Wendy Nather, 451 Research


April 15, 2013 By
Emily Blades

Tuesday, April 30, 2013 – 11:00AM-11:45AM EDT (GMT-0400) We have a problem. Application development has become agile, component-based, and open-source-dependent. We’re delivering more software faster than ever before, but security approaches haven’t kept up. Every day we’re forced to make the dangerous choice between speed and security, putting Development and Security at odds. There has […]

Continue reading...

Android Malware Carries Windows Snooping App


February 4, 2013 By
The Vigilant Application Owner

The H – (International) Android malware carries Windows snooping app. Kaspersky has found malware being distributed through the Google Play store that loads malware onto PCs once an infected Android device is plugged in to a PC running Windows. Source: http://www.h-online.com/security/news/item/Android-malware-carries-Windows-snooping-app-1797241.html

Continue reading...

XSS Attacks Remain Top Threat To Web Applications


October 22, 2012 By
The Vigilant Application Owner

Computer Weekly – (International) XSS attacks remain top threat to Web applications. Cross-site scripting (XSS) attacks remain the top threat to Web applications, databases, and Web sites, an analysis of 15 million cyberattacks in the third quarter of 2012 revealed. Other top attack techniques are directory traversals, SQL injections (SQLi), and cross-site request forgery (CSRF), […]

Continue reading...

Building Android Malware Is Trivial With Available Tools


September 27, 2012 By
The Vigilant Application Owner

SecurityWeek – (International) Building Android malware is trivial with available tools. Because of readily available tools that enable even a novice – 18 – developer to create malicious mobile applications, users should be cautious when downloading and installing mobile apps, especially from non-official App Stores. Developing Android malware to harvest information is a trivial task […]

Continue reading...

That’s Billion with a B: Is Java Having an “Outlook” Moment?


September 26, 2012 By
Tim O'Brien

I’m a broken record, I know, but every month that goes by we get more and more news that suggests that Java developers (and the companies that support Java) are slow to wake up to these threats. You remember Outlook, maybe some of you are unlucky enough to still use Outlook, but for Microsoft, Outlook […]

Continue reading...

Researchers beat up Google’s Bouncer


June 25, 2012 By
The Vigilant Application Owner

Dark Reading – (International) Researchers beat up Google’s Bouncer. Two security researchers from security firm Trustwave submitted increasingly malicious versions of an Android application to Google Play, Dark Reading reported June 25. Each variant of the application was scanned by Bouncer, Google’s security-checking application, and it failed to flag them as malicious, the researchers plan […]

Continue reading...

Software Update Site For Hospital Respirators Found Riddled With Malware


June 14, 2012 By
The Vigilant Application Owner

Threatpost – (National; California) Software update site for hospital respirators found riddled with malware. A Web site used to distribute software updates for a wide range of medical equipment has been blocked by Google after it was found to be riddled with malware and serving up attacks, Threatpost reported June 14. The site belongs to […]

Continue reading...

LinkedIn Confirms ‘Some’ Passwords Leaked


June 6, 2012 By
The Vigilant Application Owner

Computerworld – (International) LinkedIn confirms ‘some’ passwords leaked. In response to widespread reports of a massive data breach at LinkedIn, the company confirmed June 6 that passwords belonging to “some” members were compromised. In a blog post, LinkedIn’s director said the company confirmed an unspecified number of hashed passwords posted publicly on a Russian hacker […]

Continue reading...

Fuzz-o-Matic Finds Critical Flaw In OpenSSL


May 14, 2012 By
The Vigilant Application Owner

Help Net Security – (International) Fuzz-o-Matic finds critical flaw in OpenSSL. Codenomicon helped identify a critical flaw in widely used encryption software. A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2, and DTLS can be exploited in a denial-of-service attack on both client and server software. The flaw was found […]

Continue reading...

Java Drive-by Generator Used In Recent Attack


May 9, 2012 By
The Vigilant Application Owner

May 9, Help Net Security – (International) Java drive-by generator used in recent attack. A malware delivery campaign that doubles infection efforts to ensure users are compromised was recently spotted by F-Secure researchers. One discovered a Web site that poses as a “Gmail Attachment Viewer,” which attempts to make the visitor run the offered application. […]

Continue reading...