Application Security — News

Cloud, mobility and bring-your-own-device (BYOD) computing are providing so many new potential ingress points to your network that it’s getting near impossible to keep up. The solution, as David Braue finds, lies in reconsidering your exposure, revisiting your IAM strategy – and picking your battles carefully.

Information security vendors are telling customers to think in a new way. At the core of their advice is the idea — the admission, if you like — that no matter how good the defences they sell, sooner or later the bad guys will get through.

Oracle on Friday released its February critical patch update for Java 7 two weeks ahead of schedule and days after Apple blocked it for the second time in a month.

Anonymity is an increasingly scarce commodity. Google's latest Transparency Report revealed government requests for data about users of its online services are increasing. It's not hard to find examples of threats to privacy — either intentional or unintentional.

Almost two years after ‘IPv6 day’ in 2011, security professionals cannot confidently manage security threats posed by the replacement to IPv4, according to the SANS Institute's Internet Storm Centre.

With mobile devices now ubiquitous in the workplace, you need to have some level of protection in place. Ashton Mills investigates.

Security researchers are warning businesses and consumers to immediately disable Universal Plug and Play (UPnP) functions on thousands of networked device products after revealing common flaws that can be easily exploited by a remote attacker.

An online survey of IT managers polled more than 2000 companies, each with 500 or more employees, in several countries—Australia, Canada, the United States, Germany, UK, France, Brazil, and India. 225 firms were surveyed in Australia.

Google has opened a private channel in its Google Play app store for Google Apps business customers to distribute Android apps to their employees.

A spoofed version of Garage Band, the free OS X software that costs $4.99 as an iOS app, made a brief appearance on Google Play for $4.98 this week along with Apple's productivity suite, iWork.

Zynga, the embattled games company behind Facebook hit FarmVille, could have a number of its games leaked and made available for free if it does not scuttle an offshoring plan.

A US District Court Judge has frozen the funds of six fake-virus phone operations that have been targeting consumers from English speaking nations, including Australia, for years.

Adobe says “advanced persistent” hackers broke into its software development servers and compromised its code signing certificate procedures to pass off Windows malware as trusted Adobe products.

Tinfoil, a security company that launched its public beta on Wednesday, hopes to weed out web application vulnerabilities -- and the security consultants that fix them -- by helping smaller companies do it themselves.

The success of a CSO and the enterprise’s security strategy depends on awareness at the C-level of not just the threats, but their implications, making communications and building alliances outside IT the key to a CSO’s success. The battle to secure data has become a more vicious and dynamic beast today, according to Mike Rothman, CEO of analyst firm Securosis, who says attackers, including actors who may have “very deep pockets” that tilt the balance of power in their favour. Add these to the chaos of hacktivists, well-organised cybercriminals, social media and Cloud computing, and the challenges that CSOs face in protecting corporate data become clear.

Riot Games, the developer of League of Legends, is warning all its 32 million users to change their passwords after hackers breached its western European, Nordic and eastern European database.

The first is that the delegates don’t seem to have seen it this way. Nobody seemed to doze off early this afternoon after even the third session with a predominantly legal focus (Nick Abrahams of Norton Rose following Bill Caelli following Robert Clark).

Adobe is partially reversing a decision not to patch flaws in Illustrator and Photoshop 5 and earlier following outcry from customers.

Despite Google’s best efforts to prevent malware entering its official market, Google Play, it let 15 data-stealing apps slip by, according to security vendor, McAfee.

Mozilla has asked all certificate authorities (CAs) to revoke subordinate CA certificates currently used for corporate SSL traffic management, offering an amnesty to any CAs that had breached Mozilla's conditions for having their root certificates ship with its products.