Productivity apps and messaging security
- April 02, 2020
This week's Risk & Repeat podcast looks at several security issues Zoom faced over the last week, which led to questions about the company's privacy and security practices.
- April 02, 2020
An ex-NSA hacker reported two zero-day vulnerabilities on his blog Wednesday. One of them can give an attacker control of a user's webcam and microphone. Zoom fixed both flaws quickly.
- November 12, 2019
Microsoft is bringing the Application Guard security container to Office 365 ProPlus this year, which could limit the threat of malicious Office documents for subscribers.
- August 08, 2019
Michael Coates, CEO and co-founder of cloud collaboration security platform Altitude Networks, speaks to industry trends and his transition from CISO to CEO.
- July 12, 2019
Companies and users around the world were impacted by a Zoom conferencing software flaw that could allow threat actors to forcibly join a video call without interaction.
- February 28, 2019
After two previous attempts, Cisco has issued a third patch for a persistent flaw in its Webex platform, which allows privilege escalation attacks on systems running the software.
- October 26, 2018
A remote code execution flaw in Cisco Webex -- called WebExec -- could be an easy vector for insider attacks, and the researchers who found it say it's easier to exploit than detect.
- September 28, 2018
News roundup: The U.N. accidentally exposed credentials on public Trello boards. Plus, Uber is set to pay $148 million settlement following its 2016 data breach cover-up, and more.
- September 21, 2017
An undocumented Word feature found by Kaspersky Lab could lead to system information theft and affects users on both PCs and mobile devices.
- July 11, 2017
Experts said the new Android Samba app from Google supported only unsafe SMBv1 despite susceptibility to WannaCry exploits and unclear demand from users.
- May 19, 2017
News roundup: The new Google Play Protect system aims to improve Android app security. Plus, Google Cloud IoT Core adds layer of device security, and more.
- August 27, 2015
An up-to-date application security program -- as well as knowing how to connect with stakeholders -- is critical to being a successful CISO today, said Renee Guttmann, vice president, Office of the CISO at Accuvant Inc.
- August 11, 2015
Microsoft's August 2015 Patch Tuesday may not be as packed with danger as a typical release, according to one expert, but does include critical bulletins for Microsoft Office and even one for the new Edge browser.
- July 15, 2015
Researchers discovered two more vulnerabilities in Adobe Flash player stemming from the breach of Italian surveillance software vendor Hacking Team.
- June 24, 2015
At RSA Conference 2015, Qualys CTO Wolfgang Kandek said enterprises need to be smart about how they tackle security vulnerabilities because there are simply too many for organizations to handle.
- June 09, 2015
Microsoft's June 2015 Patch Tuesday features eight bulletins, including a critical update for Internet Explorer and Windows Media Player. Plus: Adobe releases fix for 13 Flash vulnerabilities.
- May 08, 2015
News roundup: Contradicting mobile malware statistics published this year prove the mobile malware debate is alive and well. Plus: SAP vulnerabilities; spam-sending Linux malware; criminal attacks leading healthcare threat.
- May 07, 2015
WattsUpDoc, an embedded system security tool used to detect malware in medical devices, is now in beta testing at two major U.S. hospitals.
- March 27, 2015
News roundup: The ban of "booth babes" at RSA Conference 2015 has been met with praise; does it equal an increase of women in infosec? Plus: Cyberthreat data-sharing bill advances; Flash flaw exploited days after patching; new twist on Google Play ...
- March 20, 2015
News roundup: Researchers at the 2015 Pwn2Own exploited every major Web browser, casting doubt on browser security once again. Plus: high-severity OpenSSL update; IE being phased-out in Windows 10; Americans dodging online surveillance.
- February 24, 2015
Macro viruses haven't been popular since the early 2000s, but recent malware discoveries indicate that macro-infected Word and Excel files are on the rise.
- January 23, 2015
News roundup: An of onslaught Adobe, Oracle, OpenSSL, Chrome and Firefox patches highlights the sad state of software security in 2015. Plus, security budgets increasing; HealthCare.gov security woes; false-positive alerts cost millions annually.
- April 17, 2014
When it comes to app risk management, who is ultimately responsible: business leaders or security professionals? A new report weighs in.
- April 08, 2014
The April 2014 Patch Tuesday release features the final Office 2003 and XP security updates, as well as a fix for a recent Word zero-day.
- March 03, 2014
An early proponent of Microsoft SRP, Aaron Turner says application whitelisting has finally taken hold in consumer app stores.
- December 18, 2012
An attacker can exploit weaknesses in files intended to extend the functionality of Shockwave Player. No practical solution is available, US-CERT said.
- October 04, 2012
Software security expert Gary McGraw provides actionable guidance based on analysis of dozens of software security firms.
- May 16, 2012
Microsoft’s senior director of security engineering says core SDL principles should be at the foundation of critical infrastructure system protection.
- February 16, 2012
An Adobe Systems security update fixed seven critical flaws in Flash Player, including a cross-site scripting vulnerability being actively targeted by attackers.
- February 06, 2012
Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals.
- January 27, 2012
Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach?
- January 26, 2012
Column: Third-party applications are hard to patch and easy to exploit. Is it time to ban some apps, or to take a new approach?
- October 03, 2011
Many firms rely on antivirus and antimalware technologies to address social networking risks, according to a survey by the Ponemon Institute.
- September 20, 2011
One expert says before implementing secure software development benchmarks, take stock of the security of existing applications.
- February 09, 2011
Adobe addressed more than a dozen vulnerabilities in Flash Player and more than two dozen holes in Adobe Reader and Acrobat.
- January 18, 2011
Adobe Systems, Google, Microsoft and others are deploying applications that use sandboxing technology to defend against potential attacks, but savvy hackers know how to bypass it.
- August 17, 2010
Source code analysis vendor Fortify Software will eventually be integrated into HP's Business Technology Optimization application portfolio. Analysts say acquisition was expected.
- July 30, 2010
LAS VEGAS -- Brad Arkin and Adobe Systems Inc. have had to endure a lot of ribbing at Black Hat 2010. Arkin, senior director of product ...
- June 22, 2010
With its popular software increasingly targeted by hackers, Adobe has stepped up efforts to secure its applications.
- June 10, 2010
Check Point said Liquid Machines' ERM capabilities could bolster its data loss prevention (DLP) offering.
- April 14, 2010
Critical vulnerabilities affect Adobe Reader 9.3.1 and earlier versions. Latest round of patches uses new updater.
- February 22, 2010
The SANS Institute and MITRE Corp. issued an update to the CWE/SANS Top 25 Programming Errors List last week, focusing mitigation techniques that could be adopted into the security development lifecycle to ...
- January 07, 2010
Trend Micro discovers malware attempting to exploit Adobe's latest zero-day vulnerability. A patch is due out next week.
- May 18, 2009
Software vendors need better antipiracy plans, but they have to strike a balance to avoid alienating customers and rising support headaches.
- May 15, 2009
The $47 million deal adds Solidcore's whitelisting technology to McAfee's product line up.
- February 24, 2009
In an era of layoffs and company cutbacks, disgruntled employees often leads to data leaks, according to a survey from Symantec and the Ponemon Institute.
- February 24, 2009
"Home brew patch," blocks attempts by hackers to exploit an unpatched buffer overflow vulnerability in Adobe Reader 9.
- February 20, 2009
Attackers are actively targeting a zero-day flaw in Adobe Acrobat Reader software, according to a warning from Symantec.
- December 17, 2008
Poor communication with security researchers fuels inefficiencies, the software maker said.
- July 15, 2008
Oracle released updates to repair dozens of flaws across its product line as part of its quarterly Critical Patch Update.
- June 26, 2008
Mid-sized enterprises lack the money and expertise to implement identity management for Web-based services. Startup Symplified is banking on the software-as-a-service (SaaS) model as a solution.
- March 20, 2008
Application hardening vendors can make life difficult for software pirates, forcing them to turn to more profitable, low-hanging fruit.
- September 06, 2007
Attackers could exploit two flaws in the popular Intuit QuickBooks Online Edition to cause buffer overflows and download or upload files in arbitrary locations, US-CERT warned.
- May 22, 2007
The Microsoft Security Response Center acknowledged that some of the company's May 8 security updates didn't make it to machines running Office 2007 on Windows Vista.
- May 18, 2007
Distributed denial-of-service attacks against Estonian computer systems probably originated from smaller groups in control of botnets rather than the Russian government, experts say.
- October 19, 2005
Attackers have new tools to launch faster, more powerful attacks. Contributor Ed Skoudis offers up some examples, some of which are very clever and very evil.
- January 05, 2005
Updates for ReviewPost and PhotoPost fix several security holes that could be exploited for cross-site scripting and SQL injection attacks.