A developer warns that Dropbox gains wide-ranging access to Apple's OS X operating system using a SQL trick that some equate to hacking users' systems. Here's why giving a desktop app unusual access to Apple's privacy settings poses a security risk.
Microsoft has released a slew of security fixes to patch critical vulnerabilities, including in its IE and Edge browsers. One zero-day flaw, fixed via a Microsoft Office patch, has been exploited in the wild for more than two years.
The process of managing software vulnerabilities inside the enterprise is complicated by the sheer number of patches that must be assessed, applied, tested and rolled out, says Wolfgang Kandek of Qualys, who offers suggestions on how to better focus those efforts.
Google Project Zero researcher Tavis Ormandy has once again found major vulnerabilities in Symantec's security products. Symantec has released updates, but not all will install automatically - some vulnerable products must be manually updated.
Apple has removed from its App Store a $0.99 security tool developed by well-known researcher Stefan Esser that he says could quickly detect if an iPhone may have been hacked. What is the back-story behind this move?
Verizon's annual Data Breach Investigations Report has triggered an avalanche of criticism that researchers made critical errors when studying and reporting on the top 10 most frequently exploited software vulnerabilities.
It's been a half-year now since Art Gilliland stepped into the role of CEO at startup security company Skyport Systems. What lessons has he learned from the marketplace, and where does he expect Skyport to make its mark? Find out in this video interview.
What are some of the challenges practitioners will face as they attempt to look at emerging technologies, including CASB? How effective is the MSSP paradigm in addressing the skills gap? Expert security practitioner Manish Dave shares insights.
Security experts warn enterprises to patch the serious "glibc" domain name system flaw now, with one likening it to a "skeleton key" that could be used against all systems and Internet of Things devices that run Linux.
The Gartner Magic Quadrant is one of the most influential research tools that IT buyers use to evaluate vendors and keep pace with the accelerating shift from Mobile Device Management activity to Enterprise Mobility Management (EMM) strategy.
Ten years ago the smart phone, and a few years later the tablet, changed...
Millions of Android devices - as well as desktops and servers - are at risk from a newly disclosed flaw in the Linux kernel that a malware-wielding attacker could exploit to seize full control of the device.
Hundreds of millions of PCs are at risk of being remotely exploited, after a security researcher released proof-of-concept exploit code for separate, newly discovered flaws in software preinstalled on systems by Dell, Lenovo and Toshiba.
Applications are a primary target for cyber-attacks. Historically, Web Application Firewalls (WAFs) have been a popular choice for protecting production applications from attack. But they have limitations, and advice on how to bypass a WAF is readily available.
Download this informative white paper to...
Ireland's Cyber Crime Conference in Dublin drew a capacity crowd for a full day of security briefings, networking, hotly contested capture-the-flag and secure-coding challenges, as well as a chance to sharpen one's lock-picking skills.