Application Security
News & Commentary
The Security Of Applications And CISOs' Sanity, With Veracode's Chris Wysopal
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Veracode's Chris Wysopal visits the Dark Reading News Desk at Black Hat to discuss application security, what CISOs' top priorities are, and what they should be.
By Sara Peters Senior Editor at Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
What Drives A Developer To Use Security Tools -- Or Not
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
National Science Foundation (NSF)-funded research by Microsoft Research, NC State, and UNC-Charlotte sheds light on what really makes a software developer scan his or her code for security bugs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/24/2015
Comment10 comments  |  Read  |  Post a Comment
IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
Unpatched 'Tpwn' Mac OS X Bug Could Grant Root Privileges
Sara Peters, Senior Editor at Dark ReadingNews
Researchers beginning to find more cracks in Mac operating systems.
By Sara Peters Senior Editor at Dark Reading, 8/18/2015
Comment1 Comment  |  Read  |  Post a Comment
An Apple Fanboi Writing Malware For Mac OSX
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Patrick Wardle, director of research for Synack, spoke about his "Writing Bad@$$ Malware for OS X" session at the Dark Reading News Desk at Black Hat.
By Sara Peters Senior Editor at Dark Reading, 8/18/2015
Comment3 comments  |  Read  |  Post a Comment
RASP: A False Sense of Security For Apps & Data
Mark Carrizosa, VP of Security, Soha SystemsCommentary
Betting on a single runtime tool like RASP is not the solution for eliminating application security risk.
By Mark Carrizosa VP of Security, Soha Systems, 8/17/2015
Comment7 comments  |  Read  |  Post a Comment
Black Hat, Data Science, Machine Learning, and… YOU!
Jeremiah Grossman, Commentary
The time has come for security pros to start honing in on their machine learning skills. Here’s why.
By Jeremiah Grossman , 8/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Reuters: Kaspersky Denies Sabotaging Competitors' AV
Dark Reading Staff, Quick Hits
Two former employees told Reuters that Kaspersky Lab tried to trick rival anti-virus firms' software into flagging more false positives
By Dark Reading Staff , 8/14/2015
Comment0 comments  |  Read  |  Post a Comment
Mad World: The Truth About Bug Bounties
Katie Moussouris, Chief Policy Officer, HackerOneCommentary
What Oracle CSO Mary Ann Davidson doesn’t get about modern security vulnerability disclosure.
By Katie Moussouris Chief Policy Officer, HackerOne, 8/13/2015
Comment5 comments  |  Read  |  Post a Comment
Software Security Is Hard But Not impossible
Jason Schmitt, VP & General Manager, Fortify, HP Enterprise Security ProductsCommentary
New Interactive Application Security Testing products produce an interesting result under the right conditions, but they can’t, by themselves, find all the security vulnerabilities you need to fix.
By Jason Schmitt VP & General Manager, Fortify, HP Enterprise Security Products, 8/12/2015
Comment2 comments  |  Read  |  Post a Comment
Windows 10 Gets Patch Tuesday Treatment, With 4 Critical Bugs Fixed
Dark Reading Staff, Quick Hits
Office, Edge, Internet Explorer, and graphics components all ripe for remote code execution.
By Dark Reading Staff , 8/12/2015
Comment1 Comment  |  Read  |  Post a Comment
Data Protection: The 98 Percent Versus The 2 Percent
Jeff Schilling, CSO, FirehostCommentary
Four steps for defending your most sensitive corporate information from the inside out.
By Jeff Schilling CSO, Firehost, 8/11/2015
Comment0 comments  |  Read  |  Post a Comment
Risk of Data Loss From Non-Jailbroken iOS Devices Real, Security Firm says
Jai Vijayan, Freelance writerNews
Data from the Hacking Team reveals actively used exploit for breaking into and stealing data from registered iOS systems, FireEye says.
By Jai Vijayan Freelance writer, 8/7/2015
Comment0 comments  |  Read  |  Post a Comment
New SMB Relay Attack Steals User Credentials Over Internet
Fahmida Y. Rashid, Contributing Editor, Dark ReadingNews
Researchers found a twist to an older vulnerability that lets them launch SMB relay attacks from the Internet.
By Fahmida Y. Rashid Contributing Editor, Dark Reading, 8/5/2015
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Preps Week Of Show Coverage At Black Hat USA
Tim Wilson, Editor in Chief, Dark ReadingCommentary
If you want to know what's happening in Las Vegas this week at Black Hat, Dark Reading's got the scoop.
By Tim Wilson Editor in Chief, Dark Reading, 8/3/2015
Comment0 comments  |  Read  |  Post a Comment
Dark Reading News Desk Comes To You Live From Black Hat
Sara Peters, Senior Editor at Dark ReadingCommentary
Live video coverage from Las Vegas Wednesday and Thursday
By Sara Peters Senior Editor at Dark Reading, 8/3/2015
Comment3 comments  |  Read  |  Post a Comment
New Phishing Campaign Leverages Google Drive
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers believe technique is geared to take over Google SSO accounts.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment2 comments  |  Read  |  Post a Comment
Dmail Makes Gmail Vanish
Thomas Claburn, Editor at Large, Enterprise MobilityNews
You can make Gmail messages self-destruct with a Chrome browser extension.
By Thomas Claburn Editor at Large, Enterprise Mobility, 7/25/2015
Comment6 comments  |  Read  |  Post a Comment
Twitter Security Pro: Encryption Isn't Enough
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Companies need to focus on developing secure coding practices and security education.
By Thomas Claburn Editor at Large, Enterprise Mobility, 7/23/2015
Comment2 comments  |  Read  |  Post a Comment
Spam Hits 12-Year Low, Symantec Report Finds
Larry Loeb, Blogger, InformationweekCommentary
While cyber-attacks grab all the headlines, the amount of spam hitting the in-boxes of the corporate world is actually at its lowest level in 12 years, according to Symantec.
By Larry Loeb Blogger, Informationweek, 7/18/2015
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4497
Published: 2015-08-29
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token...

CVE-2015-4498
Published: 2015-08-29
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point i...

CVE-2014-9651
Published: 2015-08-28
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."

CVE-2015-1171
Published: 2015-08-28
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.

CVE-2015-2987
Published: 2015-08-28
Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.