Application Security
News & Commentary
New OWASP Top 10 List Includes Three New Web Vulns
Jai Vijayan, Freelance writerNews
But dropping cross-site request forgeries from list is a mistake, some analysts say.
By Jai Vijayan Freelance writer, 11/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Let's Take a Page from the Credit Card Industry's Playbook
Ryan Stolte, co-founder and CTO at Bay DynamicsCommentary
Internal security departments would do well to follow the processes of major credit cards.
By Ryan Stolte co-founder and CTO at Bay Dynamics, 11/21/2017
Comment0 comments  |  Read  |  Post a Comment
Researcher Finds Hole in Windows ASLR Security Defense
Kelly Sheridan, Associate Editor, Dark ReadingNews
A security expert found a way to work around Microsoft's Address Space Randomization Layer, which protects the OS from memory-based attacks.
By Kelly Sheridan Associate Editor, Dark Reading, 11/20/2017
Comment1 Comment  |  Read  |  Post a Comment
Businesses Can't Tell Good Bots from Bad Bots: Report
Dark Reading Staff, Quick Hits
Bots make up more than 75% of total traffic for some businesses, but one in three can't distinguish legitimate bots from malicious ones.
By Dark Reading Staff , 11/17/2017
Comment5 comments  |  Read  |  Post a Comment
Terdot Banking Trojan Spies on Email, Social Media
Kelly Sheridan, Associate Editor, Dark ReadingNews
Terdot Banking Trojan, inspired by Zeus, can eavesdrop and modify traffic on social media and email in addition to snatching data.
By Kelly Sheridan Associate Editor, Dark Reading, 11/16/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Uses Neural Networks to Make Fuzz Tests Smarter
Jai Vijayan, Freelance writerNews
Neural fuzzing can help uncover bugs in software better than traditional tools, company says.
By Jai Vijayan Freelance writer, 11/15/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark ReadingNews
Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.
By Kelly Sheridan Associate Editor, Dark Reading, 11/14/2017
Comment4 comments  |  Read  |  Post a Comment
What the NFL Teaches Us about Fostering a Champion Security Team
Richard Henderson, Global Security Strategist, AbsoluteCommentary
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
By Richard Henderson Global Security Strategist, Absolute, 11/14/2017
Comment1 Comment  |  Read  |  Post a Comment
Cloudflare Buys Mobile Firm Neumob
Dark Reading Staff, Quick Hits
The deal will give Cloudflare technology to optimize mobile security, performance.
By Dark Reading Staff , 11/14/2017
Comment0 comments  |  Read  |  Post a Comment
Frequent Software Releases, Updates May Injure App Security
Jai Vijayan, Freelance writerNews
The more frequently you release apps, the more security vulnerabilities you are likely to introduce in the code, a new study confirms.
By Jai Vijayan Freelance writer, 11/13/2017
Comment1 Comment  |  Read  |  Post a Comment
How to Leverage the Rosetta Stone of Information Sharing
Stephen Horvath, Vice President, Strategy & Vision, at Telos CorporationCommentary
A common framework will help in the development of cyber-risk management efforts.
By Stephen Horvath Vice President, Strategy & Vision, at Telos Corporation, 11/13/2017
Comment0 comments  |  Read  |  Post a Comment
Google Updates Chrome to Prevent Unwanted Content, Redirects
Dark Reading Staff, Quick Hits
Changes to Google Chrome aim to prevent users from being redirected to unexpected websites and unwanted content.
By Dark Reading Staff , 11/10/2017
Comment0 comments  |  Read  |  Post a Comment
Why Common Sense Is Not so Common in Security: 20 Answers
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Or, questions vendors need to ask themselves before they write a single word of marketing material.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 11/10/2017
Comment0 comments  |  Read  |  Post a Comment
Siemens Teams Up with Tenable
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
ICS/SCADA vendor further extends its managed security services for critical infrastructure networks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/8/2017
Comment0 comments  |  Read  |  Post a Comment
Data Breach Record Exposure Up 305% from 2016
Kelly Sheridan, Associate Editor, Dark ReadingNews
There have been 3,833 publicly disclosed data breaches in the first nine months of 2017, exposing more than seven billion records.
By Kelly Sheridan Associate Editor, Dark Reading, 11/8/2017
Comment0 comments  |  Read  |  Post a Comment
Windows Defender ATP Extended to iOS, macOS, Android, Linux
Dark Reading Staff, Quick Hits
Microsoft partners will begin rolling out Windows Defender Advanced Threat Protection to macOS, Linux, iOS, and Android devices.
By Dark Reading Staff , 11/8/2017
Comment0 comments  |  Read  |  Post a Comment
Less Than One-Third of People Use Two-Factor Authentication
Kelly Sheridan, Associate Editor, Dark ReadingNews
The number of 2FA users is still lower than expected, but most adopters started voluntarily, researchers found.
By Kelly Sheridan Associate Editor, Dark Reading, 11/7/2017
Comment0 comments  |  Read  |  Post a Comment
How I Infiltrated a Fortune 500 Company with Social Engineering
Joe Gray, Enterprise Security Consultant at Sword & Shield  Enterprise SecurityCommentary
Getting into the company proved surprisingly easy during a contest. Find out how to make your company better prepared for real-world attacks.
By Joe Gray Enterprise Security Consultant at Sword & Shield Enterprise Security, 11/7/2017
Comment0 comments  |  Read  |  Post a Comment
4 Proactive Steps to Avoid Being the Next Data Breach Victim
Joshua Bevitz, Partner at Newmeyer & DillionCommentary
Despite highly publicized data breaches, most companies are not taking the necessary actions to prevent them.
By Joshua Bevitz Partner at Newmeyer & Dillion, 11/7/2017
Comment0 comments  |  Read  |  Post a Comment
When Ransomware Strikes: 7 Steps You Can Take Now to Prepare
Patrick Hill, Atlassian SRE Solutions LeadCommentary
Ransomware is still on the rise. These operational tips can help lessen the blow if you're hit.
By Patrick Hill Atlassian SRE Solutions Lead, 11/6/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Mobile Malware Incidents Hit 100% of Businesses
Dawn Kawamoto, Associate Editor, Dark Reading,  11/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.