Application Attacks Buffer Overflows Cross Site Scripting
- December 20, 2019
F5 Networks is acquiring Shape Security for approximately $1 billion in a move to strengthen its presence in the application security and anti-fraud markets.
- November 01, 2019
Now supporting both Python and Node.js, Application Security Monitoring can identify risk throughout the software development lifecycle for both third-party and native code.
- August 23, 2019
DARPA is still in the early prototype stages of its SSITH program, but the aim is to develop an open source chip able to block hardware attacks and reduce the need for software patches.
- April 22, 2019
BeStorm X, a black-box fuzzer by Beyond Security and Ubiquitous AI, tests IoT devices to identify security weaknesses and vulnerabilities before they're exploited.
- March 19, 2019
A critical WinRAR bug that was exposed after 19 years is already being exploited in targeted attacks in the Middle East and United States, despite the availability of patch.
- February 25, 2019
A WinRAR bug that affects every version of the app over the past 19 years was discovered and patched. But it's unclear if the millions of the app's users will get the needed fix.
- October 22, 2018
A zero-day in jQuery File Upload could affect thousands of projects because the jQuery plugin vulnerability has existed for eight years and actively exploited for at least three years.
- October 15, 2018
The mystery around the Trend Micro apps that were removed from the Mac App Store continues despite Trend Micro's numerous updates on the matter.
- August 31, 2018
News roundup: A new Apache Struts vulnerability was exploited in the wild mere days after it was patched. Plus, Facebook removes app over privacy concerns and more.
- December 29, 2016
A bypass for the patch of a remote code execution vulnerability in the PHPMailer library prompted a second patch release for the popular library used by millions of websites.
- December 07, 2016
A malvertising campaign could put millions at risk of attack as the Stegano exploit kit is being delivered by this new method and is targeting unpatched systems.
- November 08, 2016
Researchers find widespread risk for users of apps with insecure OAuth implementation, which could lead to attackers being able to access the data held within a vulnerable app.
- October 07, 2016
Security researchers said expired domains and abandoned SDKs could present a way to hide malicious activity targeting vulnerable mobile devices.
- October 04, 2016
Cisco Talos discovered a severe flaw in the JPEG 2000 image file-format parser -- which is often used in PDF documents -- that could allow remote code execution on affected systems.
- July 20, 2016
A critical flaw was discovered in the ASN.1 compiler used by leading telecommunications and networking vendors, and the extent of the vulnerability has yet to be determined.
- July 18, 2016
Responsible disclosure wins as researchers roll out branded website for 'httpoxy,' a set of vulnerabilities in server-side web apps that use the HTTP_PROXY variable.
- July 08, 2016
In this Risk & Repeat podcast, SearchSecurity editors discuss a new Google Project Zero report on yet another round of critical Symantec vulnerabilities.
- June 02, 2016
IBM reports 30 'bug poaching' cyber extortion attacks in the past year, as black hat hackers aim to "help" enterprises by exploiting SQL injection vulnerabilities.
- May 27, 2016
Researchers demonstrated an exploit that combines rare attacks on memory deduplication and Rowhammer in order to allow an adversary access to read or write system memory.
- May 19, 2016
The ImageTragick bug raises questions over responsible disclosure, as the flaw in the ImageMagick image-processing library exposes millions of websites to remote code execution.
- March 16, 2016
A security researcher reports Oracle's 30-month-old failed patch for a Java vulnerability, and experts suggest it was an irresponsible disclosure, despite frustration with Oracle's patching process.
- November 10, 2015
Bluebox Security unveiled a troubling study on mobile application threats and also introduced a new product to protect consumer apps on employee-owned devices.
- September 25, 2015
Kaspersky Lab has fixed some of the vulnerabilities in its antivirus products, but a new report from Google Project Zero reveals there's more work to be done.
- May 26, 2015
A newly discovered router vulnerability could leave millions of connected devices open to denial-of-service attacks and remote code execution.
- April 17, 2015
New Web security models use browser behavior and polymorphism to protect against data theft and fraud.
- March 25, 2015
The Ponemon Institute says enterprises are devoting millions of dollars to mobile application development, but barely any of the money is focused on security.
- July 01, 2014
A new online archive is allowing researchers to anonymously submit and expose cross-site scripting vulnerabilities uncovered across the Web.
- May 01, 2014
Microsoft's out-of-band patch for the 'use-after-free' IE zero day offered a fix for Windows XP, which is now being actively targeted.
- April 28, 2014
The IE zero-day, first spotted by FireEye, is being actively exploited in the wild. US-CERT recommends avoiding IE until a fix is released.
- February 14, 2014
FireEye first reported that the zero-day exploit affecting IE 9 and 10 is part of a watering hole attack utilizing the U.S. VFW's website.
- July 09, 2013
Seattle-based application security company IOActive has uncovered significant vulnerabilities in Digital Alert Systems' DASDEC.
- May 31, 2013
A report by iViZ Security Inc. found that overall vulnerabilities in security products in 2012 rose sharply.
- January 21, 2013
Oracle continues to encounter security issues with Java as the Java 7, Update 11 release is found to have two significant vulnerabilities.
- November 09, 2012
Zero-day exploit Zero-day exploit was added to a custom version of the Black Hole attack toolkit, according to a Russian-based security firm Group IB.
- September 26, 2012
A Java sandbox flaw could allow malicious code to run on any system running Java 5, 6, or 7. Users are advised to disable the Java browser plugin.
- September 19, 2012
Vulnerabilities in HTML 5 make it an emerging threat; however, SQL injection and XSS remain among the top attacks.
- August 29, 2012
Basic Java sandboxing has been around since 1995, but flaws in the Java virtual machine are highly targeted. Experts are calling on Oracle to do more.
- June 21, 2012
Hacktivist group UGNazi says it caused multiple Twitter outages Thursday. Update: Twitter says a "cascading bug" was to blame.
- December 21, 2011
Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.
- August 04, 2011
Black Hat 2011: A free Microsoft .NET application security tool helps programmers reverse-engineer .NET applications to manipulate and control them.
- June 06, 2011
Adobe issued an update Sunday repairing the Flash Player flaw in the wake of targeted email attacks attempting to exploit the flaw.
- April 20, 2011
The latest study of application code by Veracode found many applications submitted by software makers are of “unacceptable security quality.”
- March 28, 2011
Attack enabled hackers to gain access to various databases containing account credentials associated with the website.
- January 06, 2011
Adobe is responding to a new method that breaks a security feature and prevents Flash files from passing data to remote systems; it is classified as "moderate" security threat.
- September 21, 2010
A cross-site scripting Twitter attack could have been exploited to spread dangerous malware and steal user data, experts said.
- July 01, 2010
Get updates on the latest happenings at the Black Hat 2010 conference with breaking news stories, and exclusive video and podcasts.
- March 25, 2010
Using a fuzzing method, researcher Charlie Miller of Independent Security Evaluators found flaws in Apple, Microsoft and Adobe Acrobat.
- January 15, 2010
Roundup: Get the latest news on social networking security and stay up to date on the tactics, methods and techniques that cybercriminals are using to break into Twitter, Facebook, and other social network accounts to steal data.
- December 16, 2009
In addition to the browsers, Adobe Systems' PDF software as well as its Flash and Shockwave players made the annual list.
- September 16, 2009
Security experts point to online advertising campaigns that distributed faulty code to affiliates as the source of spikes in SQL injection attacks.
- September 15, 2009
A new report from the SANS Institute calls flaws in client-side applications often the most ignored by IT professionals.
- August 28, 2009
Attackers forced Apache to shut down its website for several hours Friday morning, using a compromised SSH key to gain access to one of its servers.
- August 18, 2009
Security experts see the secure software development lifecycle improving, but legacy applications and Web server flaws continue to offer a rich treasure trove for attackers.
- July 29, 2009
Rogueware fake antivirus strains are increasing at a stunning rate. Panda Security reports that this cyber crime bilks users out of about $34 million every month.
- March 19, 2009
Experts praise the IE 8 security features, but say browser makers have a long way to go in preventing the browser from being a hacker's favorite mode of attack.
- February 20, 2009
Attackers are actively targeting a zero-day flaw in Adobe Acrobat Reader software, according to a warning from Symantec.
- February 18, 2009
Security researchers Joanna Rutkowska and colleague Rafal Wojtczuk, discovered new Intel bugs that would allow attackers to bypass Intel Trusted Execution Technology.
- February 11, 2009
F-Secure confirmed the breach of a low-level database server containing virus statistical information.
- February 09, 2009
Customer email addresses and up to 25,000 activation codes were exposed on a server for 10 days, the antivirus vendor said.
- February 09, 2009
- January 08, 2009
Two security researchers say that most phishers fail to earn big money for their work.
- December 24, 2008
An NSS Labs test of six business products yield disappointing results.
- December 17, 2008
The latest update also phases out support of Firefox 2.
- November 26, 2008
Web application security expert Ryan Barnett would like to see every company use a Web application firewall. But Barnett, director of security at Web application firewall vendor Breach Security Inc., knows that companies need to use more than just ...
- October 08, 2008
Security researchers released details of the clickjacking attacks, warning of the seriousness of the problem because they have discovered multiple variants on the Web.
- August 04, 2008
Web security vendors Zscaler Inc., Purewire Inc. enter growing Software as a Service (SaaS) space dominated by appliance vendors
- July 02, 2008
A cross-site scripting filter and additional security features for developers will help defend against attacks.
- June 25, 2008
Microsoft's security advisory will help raise awareness about secure software coding, but it won't stop the onslaught of SQL injection attacks, experts say.
- June 24, 2008
On the heels of a tidal wave of SQL injection attacks in recent months, Microsoft issued an advisory to identify tools that could help stave off the attacks.
- May 29, 2008
Security researchers said the threat is minimal, because attacks in the wild are targeting previous versions of Adobe's media player.
- May 21, 2008
Researchers are uncovering a wave of SQL injection attacks, suggesting that attackers are finding it easy to compromise new targets.
- May 14, 2008
Noted network security researcher Dan Kaminsky, director of penetration testing at IOActive, shares his research on Web-based attack techniques.
- May 06, 2008
Websites suspected of spreading malicious programs or spamming and phishing campaigns will be highlighted in search results.
- April 30, 2008
Security experts are watching massive numbers of automated SQL injection attacks from Chinese domains. Attackers use simple search engine queries to build a list of targets.
- April 21, 2008
A researcher has discovered a new hacking technique that exploits a programming vulnerability common in many applications.
- February 13, 2008
Cybercriminals are conducting Web-based attacks to bypass traditional protection technologies. With most security vendors unable to solve the problem, companies need to rethink their security strategy.
- October 09, 2007
Security experts Eugene Kaspersky and Gadi Evron explain how the Russian economy and lax police work helped make it a malware hotbed.
- March 20, 2007
An explosion of AJAX-based applications has increased the damage that cross-site scripting (XSS) attacks can inflict on machines. A new tool uses XSS flaws to create a botnet.
- December 26, 2005
Security experts say virus writers will turn their attention to spyware in the year ahead, victimizing many still-unsuspecting users. Application-specific attacks, phishing and data exposures will also plague security pros.
- October 19, 2005
Attackers have new tools to launch faster, more powerful attacks. Contributor Ed Skoudis offers up some examples, some of which are very clever and very evil.
- October 13, 2005
Attackers could launch malicious code by exploiting a security hole in Veritas NetBackup servers and clients. But Symantec has released a fix.
- July 29, 2004
The second of a two-part interview with SPI Dynamics CTO Caleb Sima tells what you should fear, why and what you can do to mitigate your risk.
- June 22, 2004
A vulnerability in Symantec Enterprise Firewall, Gateway Security and the VelociRaptor operating system could be exploited to poison the DNS cache.
- May 24, 2004
Building cars with gas tanks that explode on impact wasn't a good idea, and automakers eventually phased that feature out of their products. Software vendors could learn a lesson from that mistake, and deal with their own particular built-in ...
- May 11, 2004
An IBM researcher's found a way to lift passcodes and other sensitive data by recording the sound of keystrokes.
- July 01, 2003
Internet Security Systems Inc. released its first Catastrophic Risk Index, a list of exploitable vulnerabilities that IT system and network administrators need to be aware of.
- October 30, 2002
Buffer overflows are common programming errors that often open gaping holes in applications that attackers can exploit to their advantage.