Application Security
News & Commentary
‘Bug Poachers:’ A New Breed of Cybercriminal
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
As if security researchers don’t have enough to worry about, we now have to contend with extortionists who take advantage of the well-established fact that applications are a ripe target for exploitation.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 6/22/2016
Comment0 comments  |  Read  |  Post a Comment
27% Of Corporate-Connected Apps Are Risky
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Number of apps up by 30x, with many asking for sensitive connections to enterprise.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/13/2016
Comment0 comments  |  Read  |  Post a Comment
IoT Security: Onus On Developers, Security Researchers
Daniel Riedel, CEO, New ContextCommentary
Security teams and DevOps need to team up on 'lean security' processes that make safety a top priority before a product reaches the market.
By Daniel Riedel CEO, New Context, 6/11/2016
Comment0 comments  |  Read  |  Post a Comment
Tenable Network Security CEO Steps Down
Dark Reading Staff, Quick Hits
Ron Gula to stay on as chairman, search on for new chief executive.
By Dark Reading Staff , 6/10/2016
Comment0 comments  |  Read  |  Post a Comment
Cloud Apps Just As Secure As On-Premise Apps, Say InfoSec Pros
Sara Peters, Senior Editor at Dark ReadingNews
Unfortunately, 75% of cloud apps will still fall afoul of the new EU General Data Protection Regulation, according to new studies.
By Sara Peters Senior Editor at Dark Reading, 6/9/2016
Comment0 comments  |  Read  |  Post a Comment
How Many Layers Does Your Email Security Need?
Chris Harget, Senior Product Marketing Manager, TrustwaveNews
At least one more layer than the attacker can defeat. Here’s how to improve your odds by turning on little-used or newer capabilities to block email-targeted malware.
By Chris Harget Senior Product Marketing Manager, Trustwave, 6/6/2016
Comment3 comments  |  Read  |  Post a Comment
How ‘Agile’ Changed Security At Dun & Bradstreet
Vincent Liu, Partner, Bishop FoxCommentary
Chief Security Officer Jon Rose shares the whys and wherefores of integrating agile software development methodology into a traditional security environment.
By Vincent Liu Partner, Bishop Fox, 6/1/2016
Comment1 Comment  |  Read  |  Post a Comment
FBI Report: Deconstructing The Wide Scope Of Internet Crime
Ericka Chickowski, Contributing Writer, Dark Reading
Hottest crimes reported to IC3 last year include ransomware and email scams via business email compromise and all account compromise attacks.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/27/2016
Comment0 comments  |  Read  |  Post a Comment
Ukrainian Pleads Guilty To Stealing Press Releases For Insider Trading
Dark Reading Staff, Quick Hits
In largest known cyber securities fraud to date, hackers and traders made $30 million from unreleased press releases.
By Dark Reading Staff , 5/17/2016
Comment1 Comment  |  Read  |  Post a Comment
Phishing Fraud BECkons: Will You Fall Victim?
Tim Helming, Director of Product Management, DomainToolsCommentary
Why one company got caught in a Business Email Compromise (BEC) Attack -- and how yours can avoid the same fate.
By Tim Helming Director of Product Management, DomainTools, 5/12/2016
Comment2 comments  |  Read  |  Post a Comment
6 Eye-Opening Stats About Endpoint Device Health
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report shows state of endpoint patching and updates among a sample of 2 million devices.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/10/2016
Comment0 comments  |  Read  |  Post a Comment
The 10 Worst Vulnerabilities of The Last 10 Years
Jai Vijayan, Freelance writer
From the thousands of vulns that software vendors disclosed over the past 10 years, a few stand out for being a lot scarier than the rest.
By Jai Vijayan Freelance writer, 5/6/2016
Comment5 comments  |  Read  |  Post a Comment
Proof-of-Concept Exploit Sharing Is On The Rise
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Research offers cyber defenders view of which POC exploits are being shared and distributed by threat actors.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 5/5/2016
Comment0 comments  |  Read  |  Post a Comment
The Hidden Flaws Of Commercial Applications
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Open source components in commercial applications are more plentiful than organizations think -- and they're full of long-standing vulnerabilities.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/2/2016
Comment2 comments  |  Read  |  Post a Comment
Stop Building Silos. Security Is Everyone’s Problem
Robert Reeves, CTO & Co-Founder, DaticalCommentary
Yes, it’s true that the speed of DevOps has made security more difficult. But that doesn’t mean accelerated release cycles and secure applications have to be mutually exclusive.
By Robert Reeves CTO & Co-Founder, Datical, 4/29/2016
Comment2 comments  |  Read  |  Post a Comment
10 Questions To Ask Yourself About Securing Big Data
Vincent Weafer, Senior Vice President, Intel Security
Big data introduces new wrinkles for managing data volume, workloads, and tools. Securing increasingly large amounts of data begins with a good governance model across the information life cycle. From there, you may need specific controls to address various vulnerabilities. Here are a set of questions to help ensure that you have everything covered.
By Vincent Weafer Senior Vice President, Intel Security, 4/27/2016
Comment1 Comment  |  Read  |  Post a Comment
Top 10 Web Hacking Techniques For 2015
Ericka Chickowski, Contributing Writer, Dark Reading
The most influential research on vulnerabilities and exploits, as voted on by the security community.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/27/2016
Comment1 Comment  |  Read  |  Post a Comment
10 Tips for Securing Your SAP Implementation
Sean Martin, CISSP | President, imsmartin
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
By Sean Martin CISSP | President, imsmartin, 4/23/2016
Comment0 comments  |  Read  |  Post a Comment
Mea Culpa: Time To Build Security Into Connectivity
Mark Hoover, CEO, Vidder, Inc.Commentary
How those of us who spent decades developing faster, easier, and more scalable networking technology have made the lives of our security counterparts a living hell.
By Mark Hoover CEO, Vidder, Inc., 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
The Perils Of Dynamically Pulling Dependencies
Jonathan King, Security Technologist and Intel Principal Engineer in the Intel Security Office of the CTO
The wide range of functions and broad availability of external packages is a tremendous boon to software development, but keep an eye on the security implications to manage your risk.
By Jonathan King Security Technologist and Intel Principal Engineer in the Intel Security Office of the CTO, 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research – independent consultant Jeremiah Grossman and Black Duck Software’s Mike Pittenger – about the latest wave of vulnerabilities being exploited by online attackers