Application Security

News & Commentary
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff, Quick Hits
Using DDoS for hire services and possessing firearms as a felon combine to land a New Mexico man 15 years in federal prison.
By Dark Reading Staff , 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
The Risks of Remote Desktop Access Are Far from Remote
Matt Ahrens,  Security Team Leader at CoalitionCommentary
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
By Matt Ahrens Security Team Leader at Coalition, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Tanium's Valuation Reaches $5 Billion With New Investment
Dark Reading Staff, Quick Hits
Tanium has received a $175 million investment from TPG Growth.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
25% of Businesses Targeted with Cryptojacking in the Cloud
Kelly Sheridan, Staff Editor, Dark ReadingNews
New public cloud security report detects a spike in cryptojacking, mismanaged cloud storage, account takeover, and major patches getting overlooked.
By Kelly Sheridan Staff Editor, Dark Reading, 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark ReadingNews
CVSS scores alone are ineffective risk predictors - modeling for likelihood of exploitation also needs to be taken into account.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/15/2018
Comment3 comments  |  Read  |  Post a Comment
Taming the Chaos of Application Security: 'We Built an App for That'
Caleb Sima, Founder, Badkode VenturesCommentary
Want to improve the state of secure software coding? Hide the complexity from developers.
By Caleb Sima Founder, Badkode Ventures, 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
'EFAIL' Email Encryption Flaw Research Stirs Debate
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A newly revealed vulnerability in email encryption is a big problem for a small subset of users.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
Facebook Suspends 200 Apps
Dark Reading Staff, Quick Hits
Thousands of apps have been investigated as Facebook determines which had access to large amounts of user data before its 2014 policy changes.
By Dark Reading Staff , 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
The New Security Playbook: Get the Whole Team Involved
John Commentary
Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.
By John "Lex" Robinson Cybersecurity Strategist at Cofense, 5/11/2018
Comment0 comments  |  Read  |  Post a Comment
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
Adam Shostack, Founder, Stealth StartupCommentary
With the addition of secure enclaves, secure boot, and related features of "Clear," the only ones that will be able to test this code are Apple, well-resourced nations, and vendors who sell jailbreaks.
By Adam Shostack Founder, Stealth Startup, 5/10/2018
Comment0 comments  |  Read  |  Post a Comment
Script Kiddies, Criminals Hacking Video Streams for Fun & Profit
Dark Reading Staff, Quick Hits
Video streams are getting hijacked for 'prestige,' DDoS, and financial gain, a new report found.
By Dark Reading Staff , 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
10 Lessons From an IoT Demo Lab
Curtis Franklin Jr., Senior Editor at Dark Reading
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
Google Security Updates Target DevOps, Containers
Kelly Sheridan, Staff Editor, Dark ReadingNews
The tech giant explains why it's rolling out a new cloud security management tool and an open-source framework for confidential computing.
By Kelly Sheridan Staff Editor, Dark Reading, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
5 Ways to Better Use Data in Security
Steve Zurier, Freelance Writer
Use these five tips to get your security shop thinking more strategically about data.
By Steve Zurier Freelance Writer, 5/5/2018
Comment3 comments  |  Read  |  Post a Comment
Encryption is Necessary, Tools and Tips Make It Easier
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR Requirements Prompt New Approach to Protecting Data in Motion
Rick Bilodeau, Vice President of Marketing, StreamSetsCommentary
The EU's General Data Protection Regulation means that organizations must look at new ways to keep data secure as it moves.
By Rick Bilodeau Vice President of Marketing, StreamSets, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
Survey Shows Sensitive Data Goes Astray in Email
Dark Reading Staff, Quick Hits
Many employees have trouble controlling the release of sensitive information in email.
By Dark Reading Staff , 5/2/2018
Comment0 comments  |  Read  |  Post a Comment
Breaches Drive Consumer Stress over Cybersecurity
Kelly Sheridan, Staff Editor, Dark ReadingNews
As major data breaches make headlines, consumers are increasingly worried about cyberattacks, password management, and data security.
By Kelly Sheridan Staff Editor, Dark Reading, 5/2/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by IrishKanagy
Current Conversations Nice
In reply to: Nice
Post Your Own Reply
More Conversations
PR Newswire
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.