Application Security
News & Commentary
New Phishing Campaign Leverages Google Drive
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers believe technique is geared to take over Google SSO accounts.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment1 Comment  |  Read  |  Post a Comment
Dmail Makes Gmail Vanish
Thomas Claburn, Editor at Large, Enterprise MobilityNews
You can make Gmail messages self-destruct with a Chrome browser extension.
By Thomas Claburn Editor at Large, Enterprise Mobility, 7/25/2015
Comment4 comments  |  Read  |  Post a Comment
Twitter Security Pro: Encryption Isn't Enough
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Companies need to focus on developing secure coding practices and security education.
By Thomas Claburn Editor at Large, Enterprise Mobility, 7/23/2015
Comment2 comments  |  Read  |  Post a Comment
Spam Hits 12-Year Low, Symantec Report Finds
Larry Loeb, Blogger, InformationweekCommentary
While cyber-attacks grab all the headlines, the amount of spam hitting the in-boxes of the corporate world is actually at its lowest level in 12 years, according to Symantec.
By Larry Loeb Blogger, Informationweek, 7/18/2015
Comment4 comments  |  Read  |  Post a Comment
Mobile App Security: 4 Critical Issues
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 7/17/2015
Comment3 comments  |  Read  |  Post a Comment
U.S. Vuln Research, Pen Test Firms Protest Impending Export Controls
Sara Peters, Senior Editor at Dark ReadingNews
American security companies have the most to lose from new rules that would restrict the export of tools and information about network surveillance and 'intrusion software.'
By Sara Peters Senior Editor at Dark Reading, 7/16/2015
Comment0 comments  |  Read  |  Post a Comment
4 Lasting Impacts Of The Hacking Team Leaks
Sara Peters, Senior Editor at Dark ReadingNews
Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash.
By Sara Peters Senior Editor at Dark Reading, 7/15/2015
Comment7 comments  |  Read  |  Post a Comment
Mozilla Kills Flash On Firefox As Adobe Rushes Patch
Nathan Eddy, Freelance WriterNews
It's another nail in the coffin for Adobe's Flash platform as Mozilla disables it from running on the company's Firefox Web browser.
By Nathan Eddy Freelance Writer, 7/14/2015
Comment12 comments  |  Read  |  Post a Comment
Cloud & The Security Skills Gap
David Holmes, World-Wide Security Evangelist, F5CommentaryVideo
F5 Network security evangelist David Holmes tells how cloud outsourcing can help companies fill the talent gap in three critical areas of enterprise security.
By David Holmes World-Wide Security Evangelist, F5, 7/6/2015
Comment0 comments  |  Read  |  Post a Comment
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Android Malware On The Rise
Sara Peters, Senior Editor at Dark ReadingNews
By the end of 2015, researchers expect the number of new Android malware strains to hit 2 million.
By Sara Peters Senior Editor at Dark Reading, 7/1/2015
Comment1 Comment  |  Read  |  Post a Comment
CSA Announces New Working Group For Cloud Security API Standards
Ericka Chickowski, Contributing Writer, Dark ReadingNews
CipherCloud, Deloitte, InfoSys, Intel Security and SAP all on board to start developing vendor-neutral guidelines that could further accelerate CASB growth
By Ericka Chickowski Contributing Writer, Dark Reading, 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
What Do You Mean My Security Tools Don’t Work on APIs?!!
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
SAST and DAST scanners haven’t advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
By Jeff Williams CTO, Aspect Security & Contrast Security, 6/25/2015
Comment9 comments  |  Read  |  Post a Comment
Linux Foundation Funds Internet Security Advances
Charles Babcock, Editor at Large, CloudNews
The Linux Foundation's Core Infrastructure Initiative has selected three security-oriented projects to receive a total of $500,000 in funding.
By Charles Babcock Editor at Large, Cloud, 6/25/2015
Comment2 comments  |  Read  |  Post a Comment
User Monitoring Not Keeping Up With Risk Managers' Needs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
Government, Healthcare Particularly Lackluster In Application Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Veracode's State of Software Security Report lays out industry-specific software security metrics.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/23/2015
Comment2 comments  |  Read  |  Post a Comment
What You Probably Missed In Verizon's Latest DBIR
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Tune in to Dark Reading Radio at 1pm ET/11am Pacific on Wednesday, June 24, when Verizon Data Breach Investigations Report co-author Marc Spitler discusses some of the possibly lesser-noticed nuggets in the industry's popular report on real-world attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/22/2015
Comment1 Comment  |  Read  |  Post a Comment
9 Questions For A Healthy Application Security Program
Patrick Thomas, Senior Security Consultant, Cisco Security SolutionsCommentary
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
By Patrick Thomas Senior Security Consultant, Cisco Security Solutions, 6/19/2015
Comment1 Comment  |  Read  |  Post a Comment
Houston Astros' Breach A 'Wake-Up Call' On Industrial Cyber Espionage
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The St. Louis Cardinals' alleged breach of the Astros' proprietary database raises concern over the possibility of US companies hacking their rivals for intel.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/18/2015
Comment0 comments  |  Read  |  Post a Comment
Cyberspies Stole Legit Digital Certificates To Mask Their Malware
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Duqu 2.0 nation-state attackers used pilfered Foxconn hardware driver certs to sign spying malware that hit negotiators in Iranian nuclear pact discussions, Kaspersky Lab -- and now, an ICS/SCADA hardware vendor.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/15/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7912
Published: 2015-07-29
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory c...

CVE-2014-7913
Published: 2015-07-29
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corru...

CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

CVE-2015-2979
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!