Application
Security Trends

Traditional security is well past its expiration date.
Learn about the latest trends in AppSec in these posts,
from DevOps to SAST and everything in between.

Black Friday Breach Nightmare: At Least 45 Million Target Customers Affected

Target’s famous bullseye logo attracted some malicious arrows over the holiday shopping season as the national retail chain was the target of a major data breach that may be much more serious than first thought as details emerge. The data breach will potentially affect hundreds of thousands, perhaps millions, of Target customers that shopped in-store

Read More »

Dept. of Energy Breach: What Went Wrong & Key Takeaways

The Department of Energy (DOE) has released more details about the July 2013 DOE Employee Data Repository (DOEInfo) incident in which the Personal Identifiable Information (PII) of at least 100,000 past and current federal employees – but possibly as high as 150,000 – was exposed.   According to the 28-page review conducted by Gregory H.

Read More »

Application Security News – December 9 – 15, 2013

In this week’s AppSec digest, NSA agents spy on World of Warcraft Orcs, Facebook acts like a Nosy Nancy, Gmail auto-downloads all your advertise – I mean images, and CryptoLocker copycats emerge. Get informed about the latest news in security and start your week out fresh.

Read More »

Balloon Pop 2 Taken Off Android Play Store – WhatsApp Snooping Exposed

Mobile malware has come a long way in recent years. The latest exploit was exposed this week when the popular “Balloon Pop 2”, played and enjoyed by thousands of Android users, was found to contain a malicious code that enabled eavesdropping on WhatsApp conversations. Google has taken the game off its Play Store app market.

Read More »

5 Recommendations From Top CISO’s For A More Secure Future

19 of the top CISO’s and security executives from around the world came together to give their advice on what security teams should be focusing on in the New Year. This week, the Security for Business Innovation Council (SBIC) released an in-depth report expounding on the suggestions. The major industry thought leaders included FedEx CISO and VP

Read More »

Faux Google SSL Certificates Issued By Finance Ministry in France

Google spoke out this week after security engineers discovered fake SSL certificates linked to a French government agency earlier this month. On December 3rd, security engineers found that a government agency in France was using unauthorized digital certificates on various Google domains, including Gmail, which allowed the agency to act as man-in-the-middle of private domains

Read More »

Cache of 2 Million Account Details For Facebook, Google, Yahoo Users Discovered

Some two million accounts on several of the most widely visited social media networks, email providers and websites were just discovered on a server with a bogus IP in the Netherlands. Hackers stole login usernames and passwords for Facebook, LinkedIn, Google, Twitter and various other popular sites.

Read More »

This Week In Application Security News: Nov. 25 – Dec. 1

Winner of the ‘Worst Week’ award goes to James Howells, who this week realized he threw away a hard drive with 7,500 Bitcoins worth over $7.5 million in current BTC value. Read about his million dollar fumble, the still-unfolding Vodafone breach, new NSA snooping and more in this week’s edition of The Week in AppSec.

Read More »

Jump to Category