Tag Archives: Application Security

“Jekyll App” Beats IOS Security Measures

Researchers at Georgia Institute of Technology say they have developed what they call a “Jekyll app” for iOS devices that bypasses Apple’s security measures and can be used for a range of malicious purposes from sending tweets and dialing numbers to operating the camera.

Posted in Application Security, Network Security, Security Management, Uncategorized | Tagged , | Leave a comment

Report: 86% Of All Vulnerabilities Found In Third-Party Programs; SCADA At Particular Risk

Go ahead, patch those Microsoft products all you want. It won’t necessarily make you impervious to attack, according to a new report. A vulnerability review, issued last week by the vulnerability management company Secunia, found that 86 percent of vulnerabilities discovered in the most popular 50 programs in 2012 were in non-Microsoft (or “third-party”) programs, up 8 percent from their … Read more

Posted in Application Security, Security Threats, Uncategorized | Tagged , | 1 Comment

That Really Cool App You Put on Your Smart Phone is Probably Collecting All Sorts of Information – and You Don’t Even Know It

A few weeks ago I warned that mobile applications may not behave the way that users expect them to. (See “App Happy Downloaders May Get More Than They Expect.”) As a follow-up to that post, I talked more in-depth with Domingo Guerra, president and co-founder of Appthority. Guerra’s company has analyzed hundreds of thousands of mobile apps to discover what … Read more

Posted in Mobile Security | Tagged , , , | Leave a comment

App Happy Downloaders May Get More than They Expect

On January 7, Apple announced that customers have downloaded over 40 billion apps, with nearly 20 billion in 2012 alone. The App Store has over 500 million active accounts and had a record-breaking December with over two billion downloads during the month. Apple’s developer community has created over 775,000 apps for iPhone, iPad and iPod touch. The Android app market … Read more

Posted in Application Security | Tagged , , , | 1 Comment

Web Application Vulnerability Statistics Report Released

The exploitation of web application vulnerabilities continues to be one of the leading causes of enterprise data loss, and even in the wake of numerous high profile and well publicized breaches, many organizations have failed to address the most common application flaws, leaving them prime candidates for the next data loss event. iViZ Security, a cloud-based penetration testing service that … Read more

Posted in Application Security | Tagged , , , | 1 Comment

Enterprise Accounting Systems Vulnerable to Hacker Mayhem

Hackers have long targeted systems that hold sensitive and proprietary enterprise data with the intent to make a buck on the black market, but a new exploit proof-of-concept unveiled at the Black Hat security conference in Abu Dhabi on December 6 reveals how hackers may be able to penetrate the heart and soul of an enterprise by manipulating financial accounting … Read more

Posted in Network Security | Tagged , , , , | Leave a comment

SMS Spoofing Attack Leaves Twitter Users Vulnerable

We’ve all seen them. The unsolicited Tweet, direct message, or Facebook posting from a reputable colleague or personal contact that is undoubtedly the result of a compromised account, sometimes utilized for by cybercriminals for general spamming purposes and other times part of an insidious attack employing a malicious link designed to infect a victim’s contacts with malware. One wonders how … Read more

Posted in Application Security | Tagged , , , , | Leave a comment

BYOD, APTs and Applications Top Endpoint Security Concerns

As the information technology landscape changes with the advent of new products and services being adopted by organizations, so do the threat vectors that demand the most attention. According to a new study commissioned by Lumension and conducted by the the Poneman Institute, the mass deployment of mobility solutions for employees along with the escalation of advanced persistent threats (APT) … Read more

Posted in Security Threats | Tagged , , , , | Leave a comment

Researchers Find More Widespread SSL Vulnerabilities

What is a critical security feature in an application worth if it doesn’t provide any security? Not much, according to researchers who uncovered widespread and very exploitable vulnerabilities in Secure Sockets Layer (SSL) implementations during their examination of a selection of non-browser software offerings available in the marketplace. A new report from Stanford University researchers working with a team from … Read more

Posted in Application Security | Tagged , , , | Leave a comment

Widespread SSL Vulnerabilities Identified in Android Applications

That application you just downloaded uses an encrypted connection, so your sensitive data is protected, right? Not necessarily, according to researchers from two German universities who discovered that thousands of applications are leaving users at risk. The problem resides is in how the application developers improperly implement the Secure Sockets Layer (SSL) protocols in the Android API, leaving users vulnerable … Read more

Posted in Data Protection | Tagged , , , , | Leave a comment