Application Security
News & Commentary
7 Steps to Transforming Yourself into a DevSecOps Rockstar
Ericka Chickowski, Contributing Writer, Dark Reading
Security practitioners at one education software firm offer lessons learned from merging DevOps with security.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/23/2017
Comment0 comments  |  Read  |  Post a Comment
Phishing Your Employees for Schooling & Security
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
Your education program isn't complete until you test your users with fake phishing emails.
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 3/22/2017
Comment11 comments  |  Read  |  Post a Comment
The True State of DevSecOps
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Automation improving, but security needs to find ways to slide into DevOps workflow and toolchain.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/21/2017
Comment0 comments  |  Read  |  Post a Comment
New Wave of Security Acquisitions Signals Start of Consolidation Trend
Steve Zurier, Freelance Writer
A dozen recent high-profile deals reflect cybersecurity vendors' hopes of expanding their offerings with next-generation technology, ideas, and talent.
By Steve Zurier Freelance Writer, 3/20/2017
Comment0 comments  |  Read  |  Post a Comment
ERP Attack Risks Come into Focus
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New highly critical SAP vulnerability highlights dangers against critical business software.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/16/2017
Comment0 comments  |  Read  |  Post a Comment
Google Removes Chamois Apps Botnet from Play Store
Dark Reading Staff, Quick Hits
Google has eliminated Chamois apps, which installed invisible apps and downloaded unwanted plugins without victims' knowledge.
By Dark Reading Staff , 3/16/2017
Comment1 Comment  |  Read  |  Post a Comment
Twitter Counter Hack Uses Familiar Attack Mode
Steve Zurier, Freelance WriterNews
Experts advise users to be more aware of the potential downside of third-party apps.
By Steve Zurier Freelance Writer, 3/15/2017
Comment0 comments  |  Read  |  Post a Comment
Security in the Age of Open Source
Mike Pittenger, Vice President, Security Strategy at Black Duck SoftwareCommentary
Dramatic changes in the use of open source software over the past decade demands major changes in security testing regimens today. Here's what you need to know and do about it.
By Mike Pittenger Vice President, Security Strategy at Black Duck Software, 3/15/2017
Comment0 comments  |  Read  |  Post a Comment
WhatsApp, Telegram Flaw Gives Hackers Full Account Access
Kelly Sheridan, Associate Editor, InformationWeekQuick Hits
A new vulnerability discovered in popular messaging services like WhatsApp and Telegram lets hackers assume complete control over accounts.
By Kelly Sheridan Associate Editor, InformationWeek, 3/15/2017
Comment2 comments  |  Read  |  Post a Comment
The Industrial Revolution of Application Security
Mike D. Kail, Chief Innovation Officer, CybricCommentary
DevOps is driving big changes in the industry, but a cultural shift is needed.
By Mike D. Kail Chief Innovation Officer, Cybric, 3/14/2017
Comment0 comments  |  Read  |  Post a Comment
What Your SecOps Team Can (and Should) Do
Chris Crowley, Independent Consultant at Montance, LLCCommentary
If your organization has all of these pieces in place, congratulations!
By Chris Crowley Independent Consultant at Montance, LLC, 3/13/2017
Comment0 comments  |  Read  |  Post a Comment
IoT & Liability: How Organizations Can Hold Themselves Accountable
Richard Henderson, Global Security Strategist, AbsoluteCommentary
To avoid a lawsuit, your company needs to better understand the state of your infrastructure and the devices and applications within it. Here are five areas on which to focus.
By Richard Henderson Global Security Strategist, Absolute, 3/10/2017
Comment0 comments  |  Read  |  Post a Comment
Financial Institutions Less AppSec-Savvy Than You'd Think
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New study shows banks all have policies in place, but lack metrics and good third-party software controls.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/10/2017
Comment3 comments  |  Read  |  Post a Comment
Securing Todays 'Elastic Attack Surface'
Amit Yoran, Chairman & CEO, Tenable Network SecurityCommentary
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
By Amit Yoran Chairman & CEO, Tenable Network Security, 3/9/2017
Comment1 Comment  |  Read  |  Post a Comment
In a Cybersecurity Vendor War, the End User Loses
Morey Haber, VP, Technology, BeyondTrustCommentary
When vulnerability information is disclosed without a patch available, users are the ones really being punished.
By Morey Haber VP, Technology, BeyondTrust, 3/8/2017
Comment3 comments  |  Read  |  Post a Comment
A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
A researcher gives us a glimpse into what happened when he found a problem with an IoT device.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 3/7/2017
Comment2 comments  |  Read  |  Post a Comment
Veracode Snapped Up by CA Technologies in $614 Million Deal
Dark Reading Staff, Quick Hits
CA acquisition of app security firm to close in the first quarter of fiscal year 2018.
By Dark Reading Staff , 3/6/2017
Comment0 comments  |  Read  |  Post a Comment
Users Can Now Time Their Windows 10 Updates
Dark Reading Staff, Quick Hits
Microsoft gives option to users to fix security update schedule within three days of notification.
By Dark Reading Staff , 3/6/2017
Comment1 Comment  |  Read  |  Post a Comment
HackerOne Offers Free Service for Open Source Projects
Dark Reading Staff, Quick Hits
Service aims to provide efficient security programs but projects must meet certain rules to qualify for it.
By Dark Reading Staff , 3/3/2017
Comment4 comments  |  Read  |  Post a Comment
Three Years after Heartbleed, How Vulnerable Are You?
Jeff Luszcz, Vice President of Product Management at Flexera  SoftwareCommentary
You may have a problem lurking in your open source components and not know it. Start making a list...
By Jeff Luszcz Vice President of Product Management at Flexera Software, 3/2/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by CNACHREINER981
Current Conversations Thank you! ^_^
In reply to: 192.168.0.1">Re: 192.168.0.1
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.