Application Security
News & Commentary
10 Hottest Talks at Black Hat USA 2016
Sean Martin, CISSP | President, imsmartin
The impressive roll call of speakers offers a prime opportunity to learn from the very best of the information security world.
By Sean Martin CISSP | President, imsmartin, 7/25/2016
Comment0 comments  |  Read  |  Post a Comment
Firefox To Start Blocking Invisible Flash Content
Dark Reading Staff, Quick Hits
This move is part of campaign by Mozilla to close the door on Flash completely by 2017.
By Dark Reading Staff , 7/21/2016
Comment0 comments  |  Read  |  Post a Comment
Ubuntu Forums Database Hacked
Dark Reading Staff, Quick Hits
Canonical probe reveals user account details of 2 million stolen, passwords safe.
By Dark Reading Staff , 7/19/2016
Comment0 comments  |  Read  |  Post a Comment
Adobe Fixes 52 Vulnerabilities In Flash
Dark Reading Staff, Quick Hits
Updated version fixes CVEs that allowed remote code execution on affected machines.
By Dark Reading Staff , 7/13/2016
Comment0 comments  |  Read  |  Post a Comment
What I Expect to See At Black Hat 2016: 5 Themes
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Here’s what piques my interest this year.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 7/13/2016
Comment1 Comment  |  Read  |  Post a Comment
SWIFT Boosts Defense Against Cyberattacks
Dark Reading Staff, Quick Hits
Cyber security firms hired, intelligence team set up to ward off future attacks on banks through SWIFT.
By Dark Reading Staff , 7/12/2016
Comment0 comments  |  Read  |  Post a Comment
Profiles Of The Top 7 Bug Hunters From Around the Globe
Sean Martin, CISSP | President, imsmartin
'Super hunters' share a common goal: to find the most high impact valid bugs before a bad guy does.
By Sean Martin CISSP | President, imsmartin, 7/12/2016
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Launches Best Of Black Hat Awards Program; Finalists Selected
Tim Wilson, Editor in Chief, Dark ReadingCommentary
New awards recognize innovation on Black Hat exhibit floor, including startups, emerging companies, and industry thinkers.
By Tim Wilson Editor in Chief, Dark Reading, 7/12/2016
Comment0 comments  |  Read  |  Post a Comment
‘Bug Poachers:’ A New Breed of Cybercriminal
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
As if security researchers don’t have enough to worry about, we now have to contend with extortionists who take advantage of the well-established fact that applications are a ripe target for exploitation.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 6/22/2016
Comment0 comments  |  Read  |  Post a Comment
27% Of Corporate-Connected Apps Are Risky
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Number of apps up by 30x, with many asking for sensitive connections to enterprise.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/13/2016
Comment0 comments  |  Read  |  Post a Comment
IoT Security: Onus On Developers, Security Researchers
Daniel Riedel, CEO, New ContextCommentary
Security teams and DevOps need to team up on 'lean security' processes that make safety a top priority before a product reaches the market.
By Daniel Riedel CEO, New Context, 6/11/2016
Comment0 comments  |  Read  |  Post a Comment
Tenable Network Security CEO Steps Down
Dark Reading Staff, Quick Hits
Ron Gula to stay on as chairman, search on for new chief executive.
By Dark Reading Staff , 6/10/2016
Comment0 comments  |  Read  |  Post a Comment
Cloud Apps Just As Secure As On-Premise Apps, Say InfoSec Pros
Sara Peters, Senior Editor at Dark ReadingNews
Unfortunately, 75% of cloud apps will still fall afoul of the new EU General Data Protection Regulation, according to new studies.
By Sara Peters Senior Editor at Dark Reading, 6/9/2016
Comment0 comments  |  Read  |  Post a Comment
How Many Layers Does Your Email Security Need?
Chris Harget, Senior Product Marketing Manager, TrustwaveNews
At least one more layer than the attacker can defeat. Here’s how to improve your odds by turning on little-used or newer capabilities to block email-targeted malware.
By Chris Harget Senior Product Marketing Manager, Trustwave, 6/6/2016
Comment3 comments  |  Read  |  Post a Comment
How ‘Agile’ Changed Security At Dun & Bradstreet
Vincent Liu, Partner, Bishop FoxCommentary
Chief Security Officer Jon Rose shares the whys and wherefores of integrating agile software development methodology into a traditional security environment.
By Vincent Liu Partner, Bishop Fox, 6/1/2016
Comment1 Comment  |  Read  |  Post a Comment
FBI Report: Deconstructing The Wide Scope Of Internet Crime
Ericka Chickowski, Contributing Writer, Dark Reading
Hottest crimes reported to IC3 last year include ransomware and email scams via business email compromise and all account compromise attacks.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/27/2016
Comment0 comments  |  Read  |  Post a Comment
Ukrainian Pleads Guilty To Stealing Press Releases For Insider Trading
Dark Reading Staff, Quick Hits
In largest known cyber securities fraud to date, hackers and traders made $30 million from unreleased press releases.
By Dark Reading Staff , 5/17/2016
Comment1 Comment  |  Read  |  Post a Comment
Phishing Fraud BECkons: Will You Fall Victim?
Tim Helming, Director of Product Management, DomainToolsCommentary
Why one company got caught in a Business Email Compromise (BEC) Attack -- and how yours can avoid the same fate.
By Tim Helming Director of Product Management, DomainTools, 5/12/2016
Comment2 comments  |  Read  |  Post a Comment
6 Eye-Opening Stats About Endpoint Device Health
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report shows state of endpoint patching and updates among a sample of 2 million devices.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/10/2016
Comment0 comments  |  Read  |  Post a Comment
The 10 Worst Vulnerabilities of The Last 10 Years
Jai Vijayan, Freelance writer
From the thousands of vulns that software vendors disclosed over the past 10 years, a few stand out for being a lot scarier than the rest.
By Jai Vijayan Freelance writer, 5/6/2016
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.