Security

App Security Topic Center

What you need to know about application security, including the latest on security patches, zero-day vulnerabilities, secure application development and more

Microsoft detects new malware targeting Apple computers

Microsoft has detected a new piece of malware targeting Apple OS X computers that exploits a vulnerability in the Office productivity suite patched nearly three years ago.
Read more...

VMware downplays leaks of source code

Virtualization software vendor VMware today downplayed the seriousness of a source code leak involving the companys ESX hypervisor technology.

Security experts: 600,000+ estimate of Mac botnet likely on target

Security experts could not confirm claims by a little-known Russian antivirus company that more than 600,000 Macs have been infected with a zero-day-exploiting Trojan, but they said the number was within reason.

Microsoft slates critical Windows, Office, IE patches next week, including 'head-scratcher'

Microsoft said it would issue six security updates next week, four of them critical, to patch 11 bugs in Windows, Internet Explorer, Office, SQL Server and its virtual private networking platform.

Report about hack threat to Tibetan activists used as lure in malware attack

Hackers are using a recent report about cyberthreats to Tibetan activists as a lure in a new attack against pro-Tibet organizations that distributes Windows and Mac malware, researchers from security vendor AlienVault said.

We need good code, says Diffie at Black Hat Europe

Cryptographer Whitfield Diffie reckons one of the most important things for good cryptography and security in the age of the Internet is good code.

Tips for developing a mobile device management strategy

As more employees bring personal devices to work, companies want to strike a balance between being agents of change and adaptation to mobile technology and safeguarding data. Rolling out mobile device management often means choosing unpopular rules.

Google ships Chrome 17, touts more malware alerts and page preloads

Google patched 20 vulnerabilities in the desktop edition of Chrome and added new anti-malware download warnings to version 17.

Google reveals Android malware 'Bouncer,' scans all apps

Google yesterday unveiled an automated system that scans Android apps for potential malware or unauthorized behavior, a move critics have long called the company to make.

Ice IX banking Trojan steals info that enables fraudsters to hijack phone calls

New variants of the Ice IX online banking Trojan program are tricking victims into exposing their telephone numbers so that fraudsters can divert post-transaction verification phone calls made by banks to phone numbers under their control, security researchers said.

Getting Validation at RSA

Our manager talks to colleagues and attends various breakout sessions and talks, where he might learn something new or (even better) get validation for his security program and priorities.

Security Manager's Journal: When executives want to be above the law

Security policies work best when they apply equally to everyone in the company. Of course, there are always some people who think they should be exceptions.

5 free Android security apps: Keep your smartphone safe

If you want to keep your Android smartphone safe, these free security apps from the likes of Symantec, AVG, Avast and more will not only keep malware away but help find your phone when it's missing.

Kenneth Van Wyk: Your 2012 security action plan

One very effective way to improve your organization's security is to work more closely with its software developers.

Mobile app security: 5 ways to protect your smartphone

Smartphones and mobile apps, particularly in the Android family, are becoming more susceptible to hackers. Bill Snyder of CIO.com highlights five easy ways to fortify your mobile apps against the bad guys.

Security Manager's Journal: Software security comes down to checking inputs

Our manager is surprised how little his company's developers know about making their software safer.

Adobe Flash's security woes: How to protect yourself

Experts disagree whether Adobe's security is 'immature' or Flash's popularity makes it a hackers' target

Six Steps to Pull App Security Back to the Future

OWASP will host its 2009 AppSec DC conference next week, hoping to arm IT security practitioners with knowledge to improve application security. For a taste of what to expect, organization member Matt Fisher discusses what's wrong with app security today and six ways to make it better.

How to Achieve More 'Agile' Application Security

Application security has become a critical component of all software development efforts. It includes all measures taken throughout the software development lifecycle to prevent programming flaws from being exploited. The flaws that creep in during the requirements, design, development, deployment, upgrades, or maintenance stages of applications become the basis of cyber attacks.

Filling the Gaps in Application Security