Security News


Oracle's Latest CPU Includes 20 Security Patches for Java SE

Oracle’s latest quarterly <a href="https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" target="_blank">Critical Patch Update</a> (CPU) provides 219 new security patches across Oracle’s product line, including 20 new patches for Java SE. But none of the Java patches in this CPU earned a CVSS risk score of greater than 6.8 out of 10.0.

Autonomous Security Platform Designed for IoT Self Defense

A new security platform that "enables IoT devices to defend themselves against hackers without the need for human intervention" is being demonstrated by NXM Labs, Inc. this week at Arm TechCon 2019.

Red Fog Graphic

API Security Project Identifies Top 10 Vulnerabilities

"Broken object level authorization" is the number one API vulnerability that attackers can exploit to gain access to an organization's data, according to a report from the independent Open Web Application Security Project (OWASP).

Google Publishes App OAuth Verification Guidance

As part of a data security initiative, Google has published guidance for developers to get their apps ready for OAuth verification by the company.

Enterprise Mobility Firm Offers 'Zero Management' Device Security

Enterprise mobility specialist Appdome is out with a new service that secures devices in bring-your-own-device (BYOD) shops without the need to install a management profile.

Another Cloud Service Automates Mobile App Security

Much as low-code tooling has exploded among enterprises needing more apps amid a dearth of skilled professional developers, a new niche appears to be forming: automated cloud security services for iOS and Android projects.

Researchers Offer Tool to Vet Possible Insecure Mobile Backends

New research indicates that even though mobile developers may follow security best practices in their projects, their apps may be contacting cloud-based backend platforms that can introduce vulnerabilities without their knowledge.

Urgent/11 IoT Zero-Day Security Flaw Poses Threat

Major code vulnerabilities detected in the network stack of up to 200 million IoT devices could enable attackers to remotely execute code and take over or shut down devices in the field.

Malware Index Advises Android Developers of Suspicious Apps on Google Play

Secure-D has unveiled a free mobile malware center that lets developers and others see suspicious Android apps.

Oracle's Summer CPU Fixes 10 Java Security Vulnerabilities

Oracle's summer Critical Patch Update is expected to contain 322 patches across the company's product line, including 10 security fixes for Java Standard Edition (Java SE).

Firm Unveils Upload-and-Protect Cloud Security Tool for Mobile Developers

Persistent mobile app development security issues -- in an age of unrelenting demand for more enterprise mobile apps -- can now be addressed with a cloud-based, upload-and-protect service.

Report: Security of iOS and Android Mobile Apps 'Roughly Equivalent'

New research from security vendor Positive Technologies examines vulnerabilities and threats in mobile applications, stating that the security level of iOS and Android apps is "roughly equivalent between the two platforms."

Research Examines Android for Enterprise Apps

Research firm IDC has published a sponsored whitepaper examining the use of Android devices in the enterprise, where Google's flagship mobile OS fights security-related perceptions in its battle with Apple's iOS for business market share.

Chinese Company Announces New Blockchain-as-a-Service for SMB Developers

This week Shanghai, China-based VeChain announced ToolChain, a new blockchain-as-a-service (BaaS) offering for developers in a small- to medium-sized business environment.

Oracle's Latest CPU Patches 3-Year-Old Deserialization Flaw

All of the five Java SE vulnerabilities identified in the latest Critical Patch Update are remotely exploitable, and at least one is probably exploitable without the need for authentication.

NSA Releases Java-Based Reverse Engineering Tool

The National Security Agency has open sourced its Ghidra software reverse engineering (SRE) framework.

Flaws Left Unpatched, Unstopped Malware Contribute to Growing IoT Attacks

According to a recent IoT security report from F-Secure, a lack of good password security (or no password at all) combined with unpatched vulnerabilities contribute to 87 percent of all IoT attacks.

IBM Launches Security Testing Service for Blockchain-Based Products

This week IBM's X-Force Red security division announced it has launched a new testing service to help find weaknesses and fix vulnerabilities in Blockchain-based releases.

Researchers Warn of Insecure Online Coding Advice

Several studies have linked the use of open source software and tutorials with the introduction of security vulnerabilities in production code, but a new one finds the same problem with online coding advice.

Colorful Highway Graphhic

Coinbase, Bitfly Say Reorganizations Detected on Ethereum Classic's Blockchain; ETC Devs Deny Claim

On Jan. 5 Coinbase detected a deep chain reorganization on the Ethereum Classic (ETC) blockchain, including a double spend.

AppTrends

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.

Upcoming Events