Security News


Google's Fuzz Tester IDs Hundreds of Potential Open Source Security Flaws

The sorry state of open source security was further revealed by Google, which reported its fuzz testing tool has found hundreds of potential security vulnerabilities in the five months since it was launched.

Researchers: Open Android Ports Leave Millions Vulnerable

Researchers at the University of Michigan have published a paper in which they break new ground in investigating security implications of open Internet ports in Android applications, finding flawed apps that leave millions of users vulnerable to attack.

Open Source Security Audit 'Should Be a Wake-Up Call'

Black Duck report finds "widespread weakness in addressing open source security vulnerability risks."

Study Links Flawed Online Tutorials with Vulnerable Open Source Software

German researchers have published a paper finding that developers do indeed copy and paste code directly into their open source software, which can lead to the introduction of security vulnerabilities if that code comes from flawed online tutorials.

Java Watch 4/26/2017: New Java Trojans, Amazon SQS, Stanford CS Dept. Dropping Java, More

Here's a roundup of recent news and product announcements around Java and Java-related technologies.

Java Watch 4/12/17: CERT Security Warning, Deprecated Object.finalize, Updated Red Hat Tools

Here's a roundup of this week's news and product announcements around Java and Java-related technologies.

Ivanti Expands Datacenter Security Suite

It provides a "mitigation fabric" for server and hybrid cloud security that expands the company's security coverage from the endpoint to the datacenter,

Unpatched Java, Python Flaws Allow FTP Protocol Injection

Old vulnerabilities in both Java and Python that allow attackers to bypass firewalls and access local networks by injecting malicious commands inside FTP URLs resurfaced this week when two security researchers noticed that they remain unpatched.

BlackBerry Pivots to Secure Cloud Communications

Former smartphone manufacturer announced it's entering the Communications Platform-as-a-Service market, with an emphasis on security.

Another New Programming Language, This One for Security

Adding to the existing portfolio of some 700 programming languages is a new release candidate for Scramblecode, a security-oriented offering that encrypts everything from compilation to variables in memory.

Vulnerable Mobile, IoT Code Caused by 'Rush to Release' Says Security Report

Risks also result from an emphasis on end-user convenience over security and organizations' lack of urgency to address threats.

DevOps Security: Turn Security into Code

A presenter at the upcoming RSA security conference explains how security must be continuous and automated to be successful in DevOps.

Oracle Delays Plan to Block JAR Files Signed with MD5 until April

When Oracle publishes its next quarterly patch update in April, the company will begin treating JAR files signed with the MD5 hashing algorithm as unsigned.

Oracle Issues First Security Patch of the Year

Near-record Critical Patch Update provides fixes for 270 vulnerabilities across 45 products.

After MongoDB Debacle, Expect More Ransomware, Open Source Attacks in 2017

After the recent MongoDB debacle in which tens of thousands of unsecured open source databases were hijacked for ransom, security specialists are predicting more of the same for 2017 -- at least until the good guys catch up and things settle down in the second half.

Hackers Pile On As MongoDB Databases Are Hijacked for Ransom

Thousands of open MongoDB databases have been attacked by hackers who hijack the stored data and demand ransom to return the contents, with more bad actors piling on by the day.

Google Launches Open Source Security Tool in Beta

Google wants to make "fuzz testing" -- providing random data inputs to programs -- a standard part of open source development with a new tool called OSS-Fuzz, now in beta.

Oracle's Quarterly Critical Patch Update Is Another Whopper

Oracle's latest quarterly Critical Patch Update was the second-largest ever, providing fixes for 253 security vulnerabilities for 76 of the company's products, including seven security updates for Java SE 6, 7 and 8, and eight for the Java EE-based WebLogic and GlassFish application servers.

HPE DevOps Report: Security Hindered by Pressure to Release Apps Quickly

In an age of huge data breaches and hacked IoT devices bringing down the Internet, it seems strange that enterprise developers still need to be reminded of the importance of security, but that's exactly what Hewlett Packard Enterprise does in its new DevOps research.

Waratek Adds RASP Plug-In to AppSecurity for Java

Application security tools provider Waratek has released a new version of its AppSecurity for Java platform that automatically modernizes the security capabilities of older Java apps with a simple RASP plug-in.