Application Security
News & Commentary
Malware Author Stamped Code 'For Targeted Attacks Only'
Sara Peters, Senior Editor at Dark ReadingNews
When the Microsoft Word Intruder Office malware creation kit got too high-profile, the developer changed terms of service, Sophos report says.
By Sara Peters Senior Editor at Dark Reading, 9/2/2015
Comment0 comments  |  Read  |  Post a Comment
Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy
Mark Weinstein, CEO, MeWe.comCommentary
You can read all you want about Windows 10 powerful new privacy features, but that doesn’t mean you have them.
By Mark Weinstein CEO, MeWe.com, 9/2/2015
Comment5 comments  |  Read  |  Post a Comment
Cyberspies Impersonate Security Researcher
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
'Rocket Kitten' pro-Iranian regime hackers focusing more on targeting individuals for geopolitical espionage.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/1/2015
Comment2 comments  |  Read  |  Post a Comment
The Security Of Applications And CISOs' Sanity, With Veracode's Chris Wysopal
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Veracode's Chris Wysopal visits the Dark Reading News Desk at Black Hat to discuss application security, what CISOs' top priorities are, and what they should be.
By Sara Peters Senior Editor at Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
What Drives A Developer To Use Security Tools -- Or Not
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
National Science Foundation (NSF)-funded research by Microsoft Research, NC State, and UNC-Charlotte sheds light on what really makes a software developer scan his or her code for security bugs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/24/2015
Comment10 comments  |  Read  |  Post a Comment
IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
Unpatched 'Tpwn' Mac OS X Bug Could Grant Root Privileges
Sara Peters, Senior Editor at Dark ReadingNews
Researchers beginning to find more cracks in Mac operating systems.
By Sara Peters Senior Editor at Dark Reading, 8/18/2015
Comment1 Comment  |  Read  |  Post a Comment
An Apple Fanboi Writing Malware For Mac OSX
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Patrick Wardle, director of research for Synack, spoke about his "Writing Bad@$$ Malware for OS X" session at the Dark Reading News Desk at Black Hat.
By Sara Peters Senior Editor at Dark Reading, 8/18/2015
Comment3 comments  |  Read  |  Post a Comment
RASP: A False Sense of Security For Apps & Data
Mark Carrizosa, VP of Security, Soha SystemsCommentary
Betting on a single runtime tool like RASP is not the solution for eliminating application security risk.
By Mark Carrizosa VP of Security, Soha Systems, 8/17/2015
Comment7 comments  |  Read  |  Post a Comment
Black Hat, Data Science, Machine Learning, and… YOU!
Jeremiah Grossman, Commentary
The time has come for security pros to start honing in on their machine learning skills. Here’s why.
By Jeremiah Grossman , 8/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Reuters: Kaspersky Denies Sabotaging Competitors' AV
Dark Reading Staff, Quick Hits
Two former employees told Reuters that Kaspersky Lab tried to trick rival anti-virus firms' software into flagging more false positives
By Dark Reading Staff , 8/14/2015
Comment0 comments  |  Read  |  Post a Comment
Mad World: The Truth About Bug Bounties
Katie Moussouris, Chief Policy Officer, HackerOneCommentary
What Oracle CSO Mary Ann Davidson doesn’t get about modern security vulnerability disclosure.
By Katie Moussouris Chief Policy Officer, HackerOne, 8/13/2015
Comment5 comments  |  Read  |  Post a Comment
Software Security Is Hard But Not impossible
Jason Schmitt, VP & General Manager, Fortify, HP Enterprise Security ProductsCommentary
New Interactive Application Security Testing products produce an interesting result under the right conditions, but they can’t, by themselves, find all the security vulnerabilities you need to fix.
By Jason Schmitt VP & General Manager, Fortify, HP Enterprise Security Products, 8/12/2015
Comment2 comments  |  Read  |  Post a Comment
Windows 10 Gets Patch Tuesday Treatment, With 4 Critical Bugs Fixed
Dark Reading Staff, Quick Hits
Office, Edge, Internet Explorer, and graphics components all ripe for remote code execution.
By Dark Reading Staff , 8/12/2015
Comment1 Comment  |  Read  |  Post a Comment
Data Protection: The 98 Percent Versus The 2 Percent
Jeff Schilling, CSO, FirehostCommentary
Four steps for defending your most sensitive corporate information from the inside out.
By Jeff Schilling CSO, Firehost, 8/11/2015
Comment0 comments  |  Read  |  Post a Comment
Risk of Data Loss From Non-Jailbroken iOS Devices Real, Security Firm says
Jai Vijayan, Freelance writerNews
Data from the Hacking Team reveals actively used exploit for breaking into and stealing data from registered iOS systems, FireEye says.
By Jai Vijayan Freelance writer, 8/7/2015
Comment0 comments  |  Read  |  Post a Comment
New SMB Relay Attack Steals User Credentials Over Internet
Fahmida Y. Rashid, Contributing Editor, Dark ReadingNews
Researchers found a twist to an older vulnerability that lets them launch SMB relay attacks from the Internet.
By Fahmida Y. Rashid Contributing Editor, Dark Reading, 8/5/2015
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Preps Week Of Show Coverage At Black Hat USA
Tim Wilson, Editor in Chief, Dark ReadingCommentary
If you want to know what's happening in Las Vegas this week at Black Hat, Dark Reading's got the scoop.
By Tim Wilson Editor in Chief, Dark Reading, 8/3/2015
Comment0 comments  |  Read  |  Post a Comment
Dark Reading News Desk Comes To You Live From Black Hat
Sara Peters, Senior Editor at Dark ReadingCommentary
Live video coverage from Las Vegas Wednesday and Thursday
By Sara Peters Senior Editor at Dark Reading, 8/3/2015
Comment3 comments  |  Read  |  Post a Comment
New Phishing Campaign Leverages Google Drive
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers believe technique is geared to take over Google SSO accounts.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1291
Published: 2015-09-03
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web s...

CVE-2015-1292
Published: 2015-09-03
The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.

CVE-2015-1293
Published: 2015-09-03
The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVE-2015-1294
Published: 2015-09-03
Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an...

CVE-2015-1295
Published: 2015-09-03
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC m...

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.