Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 Application Security

Malicious Android application loots bank login data

March 19, 2012

Criminals are lessening their reliance on the PC. The latest proof is a rogue Android application that seeks to steal Spanish banking credentials through a man-in-the-middle-style attack.
 

Case study: An educated decision

March 01, 2012

Web applications remain a primary vector for attack, and the higher education space remains fertile ground for successful breaches. That's why West Virginia University wanted to take a proactive approach.
 

Code surety: Secure by design

Deb Radcliff March 01, 2012

More-than-decade-old bugs still plague web applications, and the challenge is only growing for programs migrating to the cloud. But new frameworks and heightened awareness can mitigate the threat.
 

Juniper Networks acquires Mykonos Software

February 22, 2012

Juniper Networks has acquired Mykonos Software, a privately held company which offers tools and services to secure websites and web applications against hackers.
 

Google Wallets app flaw could lead to compromise

February 14, 2012

Google has temporarily disabled the creation of prepaid payment cards while it investigates two security flaws in Google Wallet accounts on Android phones.
 

An educated decision: Network smarts at WVU

February 03, 2012

West Virginia University was looking to protect student and staff data. It found a software solution to assist in the process, reports Greg Masters.
 

Keep taking the tablets...

David Harley, ESET senior research fellow • January 25, 2012

Taking your Android's pulse before you give it access to your health records.
 

New Java exploit one of many impacting firms

December 01, 2011

A new exploit, which has made its way into the Metasploit framework, underscores the danger posed by Java vulnerabilities, which are responsible for many of today's enterprise malware threats.
 

Australian gov't wins U.S. security award from SANS

Darren Pauli, editor, SC Magazine, Australia/New Zealand October 27, 2011

An Australian government agency that instituted patching, whitelisting and account control as the foundation of its targeted attack defense took home a U.S. award from the SANS Institute.
 

Industry remembers security heavyweight Schultz

October 04, 2011

Gene Schultz, who died on Sunday at the age of 65, is remembered as one of the most accomplished and respected professionals in the field of cybersecurity.
 

Video: The "Bring Your Own Device" conundrum

September 27, 2011

SC Magazine Executive Editor Dan Kaplan sits down with a Juniper security executive to learn why the trend of mobility and data migration should be a top concern for security professionals, and how they can institute best practices to deal with the new risk.
 

Sponsored video: Tom Reilly of HP on security investment

September 22, 2011

SC Magazine Editor-in-Chief Illena Armstrong sits down with Tom Reilly, VP and general manager, HP Enterprise Security Products, to discuss how corporations' increased reliance on virtualization, applications and mobile devices create new surface areas for attack, and what CSOs must do to make the business case for information security and risk management funding.
 

Apple delivers iOS patch for jailbreak flaw

July 15, 2011

Apple on Friday issued an update for its iOS mobile operating system, addressing a security flaw being used to jailbreak iPad, iPhone and iPod Touch devices.
 

Apple readying fix for iOS flaw used to jailbreak devices

July 07, 2011

Apple on Thursday said it is working to fix a security flaw in its iOS mobile operating system that soon could be used by criminals to gain access to users' devices.
 

New iPad 2 jailbreak tool leverages iOS flaw

July 06, 2011

A new, web-based jailbreaking tool available for the iPad 2 leverages a vulnerability in the way Apple's mobile operating system, iOS, handles PDF files.
 

Smartphones safer than desktops, but not without risks

June 28, 2011

Apple's iOS and Google's Android mobile platforms are more secure than traditional desktop operating systems though both are still vulnerable to many types of attacks, according to a new report.
 

"LulzSec" uses zero-day on PBS, promises more attacks

May 31, 2011

There is a new cybervigilante group in town, and its name is LulzSec. Its technical ability became known over the weekend with the infiltration and subsequent defacement of PBS.org.
 

Debate: Mobile app stores should test and certify before making apps available to customers.

May 02, 2011

Debate: Mobile app stores should test and certify before making apps available to customers.
 

New report finds most applications don't pass security tests

April 20, 2011

A new report from Veracode paints a grim picture of the security built into application software.
 

Hackers breach Nasdaq; trading systems not affected

February 07, 2011

Nasdaq OMX, the company that runs the world's largest electronic stock exchange, said it detected suspicious files on its U.S. servers.
 

Web applications remain a pressing concern

November 17, 2010

Vulnerabilities in web applications remain the preferred entryway for crooks seeing valuable company information, Rob Lamb, vice president of IBM security products, said Wednesday at SC Congress Canada in Toronto.
 

Mobile application threat not here yet, but it's on the way

November 16, 2010

The mobile application threat space still is in its infancy, but organizations should be planning for the possibility of things heating up in the near future, said the security director of a major bank in Canada.
 

Defense in depth: building a holistic security infrastructure

Carl Herberger, vice president of information security and compliance services, Evolve IP November 02, 2010

Organizations must consider security at the network, application, host and data layers to most effectively protect against threats.
 

Microsoft to issue ASP.net patch out of cycle on Tuesday

September 27, 2010

Microsoft on Tuesday will make available a patch for a zero-day vulnerability affecting ASP.net.
 

Microsoft confirms ASP.NET flaw, issues workaround

September 20, 2010

Microsoft late Friday issued a security advisory confirming the existence of an unpatched vulnerability that affects web applications built on ASP.NET.
 

Automated web attacks: Interview with Amichai Shulman, co-founder and CTO of Imperva

September 16, 2010

In a conversation with SC Magazine Deputy Editor Dan Kaplan, Amichai Shulman, co-founder and CTO of Imperva, introduces a new research initiative underway and addresses the automated methods now used by attackers to compromise legitimate websites.
 

No reason to keep application security in the backseat

Chris Wysopal, CTO, Veracode September 13, 2010

A computer expert draws on three case studies to dispel myths surrounding the protection and prevention of vulnerable code.
 

Microsoft releases new tool to defend against DLL attack

September 01, 2010

As Microsoft continues to probe the DLL "preloading" vulnerability, it released a "Fix It" that organizations can use to configure their applications from being open to attack.
 

Visa releases best practices for installing payment apps

August 24, 2010

Visa on Tuesday announced best practices for companies to use when implementing, installing and managing programs that process payment applications. The guidance will complement the existing Payment Application Data Security Standard (PA-DSS), which prescribes 14 requirements for software developers that build programs that process credit card payments. The Visa payment application best practices, developed in conjunction with the SANS Institute, include 10 guidelines and can be downloaded here. They are meant for vendors, integrators and resellers. — DK
 

DLL hijacking issue prompts Microsoft advisory, tool

August 24, 2010

Microsoft is alerting the public about a new vector that can be used to infect PCs when an application is tricked into loading a malicious library. The major question is: What applications are vulnerable?
 
Popular Topics
4G-war Account Information Advanced Persistent Threat Adware Anonymous Apple Threats Botnets Data Breach Data Breaches Data Leakage Encryption Government Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws