Breaking News




Source: Veracode.com

Jan 18, 2018
2017 was quite a year for application security. From big breaches to breakthroughs, 2017 featured a lot of scary headlines reflecting the sorry state of application security, but also news about companies moving the needle on AppSec, and regulators waking up to the reality about how data is exposed. Not surprisingly, our most popular 2017 blog posts mirror the trends and headlines – and reveal...


Source: Kaspersky (securelist.com)

Jan 16, 2018
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – at the end of 2014. Since then, the implant’s functionality has been ...

Enlarge (credit: Simon Smith) Applications, operating systems, and firmware all need to be updated to defeat Meltdown and protect against Spectre, two attacks that exploit features of high-performance processors to leak information and undermine system security. The computing industry has been scrambling to respond after news of the problem broke early a few days into the new year. But that ...

When it comes to open source and security, one of the most popular words that pops into the head of security aficionados and professionals is “dread.” Certainly that perception is driven by open source’s reputation – it is seen as fast, easy, low cost and, well, risky. With unknown hands touching the code – and a surprisingly low number of developers maintaining common components – it’s challe...


Source: Ars Technica Security RSS

Jan 12, 2018
Enlarge (credit: Skype) Since its inception, Skype has been notable for its secretive, proprietary algorithm. It's also long had a complicated relationship with encryption: encryption is used by the Skype protocol, but the service has never been clear exactly how that encryption was implemented or exactly which privacy and security features it offers. That changes today in a big way. The new...

Enlarge (credit: Aurich / Getty) As the industry continues to grapple with the Meltdown and Spectre attacks, operating system and browser developers in particular are continuing to develop and test schemes to protect against the problems. Simultaneously, microcode updates to alter processor behavior are also starting to ship. Since news of these attacks first broke, it has been clear that re...

An Athlon 64 purchased in 2007. (credit: Fred) Microsoft has suspended delivering the latest Windows update to certain systems with AMD processors after reports that the update was causing the machines to crash with a blue screen of death when booting. The update contains countermeasures against both the Meltdown and Spectre attacks; although AMD systems are not affected by Meltdown, they're...


Source: Veracode.com

Jan 05, 2018
The industry-wide shift to DevOps practices has changed more than just developer processes. It has also had a major impact on security, including application security testing techniques. Static analysis, for instance, has had to evolve along with development processes. Unlike early versions of static analysis solutions that only assessed completed code at the end of the development cycle, toda...