Application Security
News & Commentary
4 Reasons the Vulnerability Disclosure Process Stalls
Lawrence Munro, Worldwide Vice President of SpiderLabs at TrustwaveCommentary
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
By Lawrence Munro Worldwide Vice President of SpiderLabs at Trustwave, 5/24/2017
Comment1 Comment  |  Read  |  Post a Comment
Staying a Step Ahead of Internet Attacks
Markus Jakobsson, Chief Scientist at AgariCommentary
There's no getting around the fact that targeted attacks - like phishing - will happen. But you can figure out the type of attack to expect next.
By Markus Jakobsson Chief Scientist at Agari, 5/23/2017
Comment0 comments  |  Read  |  Post a Comment
With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?
Grant Elliott, CEO and Co-Founder of OstendioCommentary
Technology alone won't keep you safe. Fully engaged employees should be your first line of defense.
By Grant Elliott CEO and Co-Founder of Ostendio, 5/23/2017
Comment3 comments  |  Read  |  Post a Comment
All Generations, All Risks, All Contained: A How-To Guide
Stan Black, CSO, CitrixCommentary
Organizations must have a security plan that considers all of their employees.
By Stan Black CSO, Citrix, 5/18/2017
Comment1 Comment  |  Read  |  Post a Comment
Why We Need a Data-Driven Cybersecurity Market
David Damato, Chief Security Officer, TaniumCommentary
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
By David Damato Chief Security Officer, Tanium, 5/17/2017
Comment0 comments  |  Read  |  Post a Comment
The Wide-Ranging Impact of New York's Cybersecurity Regulations
Mark Sangster, VP and industry security strategist, eSentireCommentary
New York's toughest regulations yet are now in effect. Here's what that means for your company.
By Mark Sangster VP and industry security strategist, eSentire, 5/16/2017
Comment0 comments  |  Read  |  Post a Comment
How Many People Does It Take to Defend a Network?
Joshua Douglas, Chief Strategy Officer for Raytheon Foreground SecurityCommentary
The question is hard to answer because there aren't enough cybersecurity pros to go around.
By Joshua Douglas Chief Strategy Officer for Raytheon Foreground Security, 5/16/2017
Comment2 comments  |  Read  |  Post a Comment
What Developers Don't Know About Security Can Hurt You
Peter Chestna, Director of Developer Engagement, VeracodeCommentary
Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset.
By Peter Chestna Director of Developer Engagement, Veracode, 5/11/2017
Comment0 comments  |  Read  |  Post a Comment
Businesses Not Properly Securing Microsoft Active Directory
Kelly Sheridan, Associate Editor, Dark ReadingNews
Businesses overlook key security aspects of AD, leaving sensitive data open to external and internal attacks, new study shows.
By Kelly Sheridan Associate Editor, Dark Reading, 5/10/2017
Comment0 comments  |  Read  |  Post a Comment
Your IoT Baby Isn't as Beautiful as You Think It Is
Andrew Howard, Chief Technology Officer for Kudelski SecurityCommentary
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
By Andrew Howard Chief Technology Officer for Kudelski Security, 5/10/2017
Comment0 comments  |  Read  |  Post a Comment
Android App Permission in Google Play Contains Security Flaw
Dark Reading Staff, Quick Hits
Android's app permission mechanisms could allow malicious apps in Google Play to download directly onto the device.
By Dark Reading Staff , 5/9/2017
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Releases Emergency Patch For RCE Vuln
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Flaw in Microsoft Malware Protection Engine called 'crazy bad' by researchers who discovered it.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/9/2017
Comment0 comments  |  Read  |  Post a Comment
Google Ratchets Up OAuth Policies in Wake of Phishing Attacks
Dark Reading Staff, Quick Hits
Google says it responded to the widespread Google Docs phishing campaign within one hour of detecting it.
By Dark Reading Staff , 5/8/2017
Comment0 comments  |  Read  |  Post a Comment
Why Cyber Attacks Will Continue until Prevention Becomes a Priority
Todd Thibodeaux, President & CEO, CompTIACommentary
Organizations must rethink their security measures. Focus on training, getting rid of old tech, and overcoming apathy.
By Todd Thibodeaux President & CEO, CompTIA, 5/8/2017
Comment0 comments  |  Read  |  Post a Comment
Google Docs Phishing Attack Abuses Legitimate Third-Party Sharing
Dark Reading Staff, Quick Hits
Phishing messages appear nearly identical to legitimate requests to share Google documents, because in many ways, they are.
By Dark Reading Staff , 5/3/2017
Comment0 comments  |  Read  |  Post a Comment
7 Steps to Fight Ransomware
G. Mark Hardy, Instructor for SANS and President of National Security CorporationCommentary
Perpetrators are shifting to more specific targets. This means companies must strengthen their defenses, and these strategies can help.
By G. Mark Hardy Instructor for SANS and President of National Security Corporation, 5/3/2017
Comment2 comments  |  Read  |  Post a Comment
Getting Threat Intelligence Right
Vikram Phatak, Chief Executive Officer of NSS LabsCommentary
Are you thinking of implementing or expanding a threat intelligence program? These guidelines will help you succeed.
By Vikram Phatak Chief Executive Officer of NSS Labs, 5/2/2017
Comment0 comments  |  Read  |  Post a Comment
What's in a Name? Breaking Down Attribution
Jonathan Couch, Senior VP of Strategy, ThreatQuotientCommentary
Here's what you really need to know about adversaries.
By Jonathan Couch Senior VP of Strategy, ThreatQuotient, 5/2/2017
Comment0 comments  |  Read  |  Post a Comment
Facebook Spam Botnet Promises 'Likes' for Access Tokens
Kelly Sheridan, Associate Editor, Dark ReadingNews
Facebook users can fuel a social spam botnet by providing verified apps' access tokens in exchange for "likes" and comments.
By Kelly Sheridan Associate Editor, Dark Reading, 4/27/2017
Comment0 comments  |  Read  |  Post a Comment
OWASP Top 10 Update: Is It Helping to Create More Secure Applications?
Chris Eng, VP Research, Veracode, Commentary
What has not been updated in the new Top 10 list is almost more significant than what has.
By By Chris Eng , 4/27/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by joye121
Current Conversations good information :)
In reply to: thanks
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.