Application Security

News & Commentary
New Google+ Breach Will Lead to Early Service Shutdown
Dark Reading Staff, Quick Hits
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
By Dark Reading Staff , 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
Bringing Compliance into the SecDevOps Process
Joe Ward, Senior Security Analyst, Bishop FoxCommentary
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
By Joe Ward Senior Security Analyst, Bishop Fox, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Evidence in Starwood/Marriott Breach May Point to China
Dark Reading Staff, Quick Hits
Attackers used methods, tools previously used by known Chinese hackers.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Quora Breach Exposes Information of 100 Million Users
Dark Reading Staff, Quick Hits
The massive breach has exposed passwords for millions who didn't remember having a Quora account.
By Dark Reading Staff , 12/4/2018
Comment0 comments  |  Read  |  Post a Comment
First Lawsuits Filed in Starwood Hotels' Breach
Dark Reading Staff, Quick Hits
Class-action suits have been filed on behalf of guests and shareholders, with more expected.
By Dark Reading Staff , 12/3/2018
Comment0 comments  |  Read  |  Post a Comment
Massive Starwood Hotels Breach Hits 500 Million Guests
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/30/2018
Comment1 Comment  |  Read  |  Post a Comment
New Report Details Rise, Spread of Email-based Attacks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Criminals are diversifying their target list and tactics in a continuing effort to keep email a valuable attack vector against enterprise victims.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/29/2018
Comment0 comments  |  Read  |  Post a Comment
Atrium Health Breach Exposes 2.65 Million Patient Records
Dark Reading Staff, Quick Hits
Supplier that handles billing and online payments for health-care provider became aware of incident Oct. 1.
By Dark Reading Staff , 11/28/2018
Comment0 comments  |  Read  |  Post a Comment
Data Breach Threats Bigger Than Ever
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
A quarter of IT and security leaders expect a major data breach in the next year.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/28/2018
Comment0 comments  |  Read  |  Post a Comment
Another Microsoft MFA Outage Affects Multiple Services
Dark Reading Staff, Quick Hits
Once again, multifactor authentication issues have caused login problems for users across Office 365 and Azure, among other services.
By Dark Reading Staff , 11/27/2018
Comment0 comments  |  Read  |  Post a Comment
8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
JD Sherry, Chief Revenue Officer, Remediant, Inc.Commentary
Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.
By JD Sherry Chief Revenue Officer, Remediant, Inc., 11/27/2018
Comment0 comments  |  Read  |  Post a Comment
USPS Web Vuln Exposes Data of 60 Million
Dark Reading Staff, Quick Hits
The US Postal Service recently fixed a security bug that allowed any USPS.com account holder to view or change other users' data.
By Dark Reading Staff , 11/26/2018
Comment0 comments  |  Read  |  Post a Comment
Paper Trail Absence May Still Plague 2020 Election
Dark Reading Staff, Quick Hits
The recommendation for paper ballots may go unheeded in all or part of at least 6 states in the next national election.
By Dark Reading Staff , 11/25/2018
Comment0 comments  |  Read  |  Post a Comment
Report: Tens of Thousands of E-Commerce Sites at Heightened Security Risk
Dark Reading Staff, Quick Hits
Report delivered at Payment Card Industry Security Standards Council meeting flags issues in deployments of Magento, a popular e-commerce platform.
By Dark Reading Staff , 11/20/2018
Comment0 comments  |  Read  |  Post a Comment
Leaderboard Shows Adoption of DMARC Email Security Protocol
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new tool from the Global Cyber Alliance shows where companies and organizations are adopting Domain-based Message Authentication, Reporting & Conformance.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/20/2018
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities Dip 7%, but Researchers Are Cautious
Kelly Sheridan, Staff Editor, Dark ReadingNews
Risk Based Security reports 16,172 bugs disclosed through the end of October, but researchers warn things may change.
By Kelly Sheridan Staff Editor, Dark Reading, 11/19/2018
Comment2 comments  |  Read  |  Post a Comment
Instagram Privacy Tool Exposed Passwords
Dark Reading Staff, Quick Hits
The 'Download Your Data' tool, intended to improve users' privacy, actually became a privacy risk.
By Dark Reading Staff , 11/19/2018
Comment1 Comment  |  Read  |  Post a Comment
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The public/private task force takes early steps toward securing the end-to-end supply chain.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff, Quick Hits
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
By Dark Reading Staff , 11/16/2018
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by daniellee7
Current Conversations good
In reply to: Re: home
Post Your Own Reply
Posted by mousemicky800
Current Conversations Very Helpful
In reply to: home
Post Your Own Reply
More Conversations
PR Newswire
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
CVE-2018-20051
PUBLISHED: 2018-12-10
Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on.
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.