-
By John K. Waters
The annual RSA Conference gets under way next week in San Francisco, which means the Moscone Center will be packed with infosec mavens from "the frontlines of the cybersecurity landscape." (So cool.)
-
By Richard Seeley
Providing security for IoT devices is getting expensive and will become costlier, according to a Gartner report released in March. IoT security spending will reach $1.5 billion in 2018, up from $1.2 billion in 2017, a 28 percent increase.
-
Amazon Web Services added encryption-at-rest to Amazon DynamoDB, increasing security options for its NoSQL cloud database service in the wake of publicized wide-open data stores found on the cloud platform.
-
Waratek announced a new security tool for Java and .NET applications that uses virtualization to quickly apply patches for long-term and newly discovered vulnerabilities.
-
By John K. Waters
Oracle's first Quarterly Critical Patch Update of 2018 provided fixes for 237 vulnerabilities across its product lines, including patches for 21 security holes in the Java Platform Standard edition (Java SE), 18 of which are remotely exploitable without authentication.
-
By Richard Seeley
Dr. Ben Zorn, co-manager of Microsoft's Research in Software Engineering group, wonders if the smart fork you are using to eat your spaghetti could be hacked.
-
The latest report from security firm Check Point Software Technologies Ltd. identifies the top three mobile malware threats -- which all run on Android.
-
Google' Safe Browsing team has expanded the enforcement of the company's Unwanted Software Policy, promising to flag Android apps in Google Play that collect personal information about users without their consent.
-
By John K. Waters
A new report from application security vendor Veracode paints an unflattering picture of Java developers, finding 88 percent of Java applications contain at least one vulnerable component.
-
Amid increasing reports of cyberattacks and data breaches, open source security company Flexera has published the results of a study examining the risk of using vulnerable open source code in enterprise applications and systems.
-
By John K. Waters
More than 90 percent of the vulnerabilities can be exploited remotely without authentication; about 60 percent can allow attackers to perform remote denial-of-service attacks; and more than 72 percent of these vulnerabilities can be easily exploited, because their attack complexity is low.
-
To improve the security of Android apps offered in the Google Play store, the search giant has launched a bug bounty program to award $1,000 to hackers who discover bugs in select, popular apps and work with developers to fix them.
-
Attack campaigns are currently being waged against the latest Adobe Flash security hole, the company announced on Monday.
-
WPA2, the gold-standard protocol for protecting Wi-Fi networks, has been found to have a serious security vulnerability.
-
GitHub is boosting the security capabilities of its software development platform, introducing new open source project dependency graphs and promising alerts when bad actors show up in those graphs.
-
By John K. Waters
Without baking in proper training and education, a new study suggests that the rush to adopt DevOps practices might be leading enterprises to an insecure place.
-
By John K. Waters
"The attack vector of the Java platform is huge," says Waratek security architect. "More and more vulnerabilities are discovered that affect both the legacy and newer versions."
-
Data from 12th annual WhiteHat Security study shows Android apps are plagued by incorrectly set backup flags, while many iOS apps allow unsecure cookies.
-
Apperian updated its mobile application management platform with more functionality designed to boost the security of enterprise mobile app data.
-
Developers are once again being blamed for cloud security vulnerabilities, this time in a new report from Appthority, which found terabytes of enterprise data exposed on cloud back-ends, including personally identifiable information.
-
Developers lacking security training unknowingly jeopardize public cloud computing environments, says a new report from RedLock Inc.
-
The sorry state of open source security was further revealed by Google, which reported its fuzz testing tool has found hundreds of potential security vulnerabilities in the five months since it was launched.
-
Researchers at the University of Michigan have published a paper in which they break new ground in investigating security implications of open Internet ports in Android applications, finding flawed apps that leave millions of users vulnerable to attack.
-
Black Duck report finds "widespread weakness in addressing open source security vulnerability risks."
-
German researchers have published a paper finding that developers do indeed copy and paste code directly into their open source software, which can lead to the introduction of security vulnerabilities if that code comes from flawed online tutorials.