Application Security

News & Commentary
2018's Most Common Vulnerabilities Include Issues New and Old
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/18/2019
Comment0 comments  |  Read  |  Post a Comment
GDPR Suit Filed Against Amazon, Apple
Dark Reading Staff, Quick Hits
An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.
By Dark Reading Staff , 1/18/2019
Comment0 comments  |  Read  |  Post a Comment
PCI Council Releases New Software Framework for DevOps Era
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/18/2019
Comment0 comments  |  Read  |  Post a Comment
New Attacks Target Recent PHP Framework Vulnerability
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/17/2019
Comment0 comments  |  Read  |  Post a Comment
Online Fraud: Now a Major Application Layer Security Problem
Ting-Fang Yen, Research Scientist, DataVisor, Inc.Commentary
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
By Ting-Fang Yen Research Scientist, DataVisor, Inc., 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
Former IBM Security Execs Launch Cloud Data Security Startup
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sonrai Security, the brainchild of two execs from IBM Security and Q1 Labs, debuts with $18.5 million in Series A funding.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook Faces Action From German Watchdog
Dark Reading Staff, Quick Hits
German antitrust regulators prepare to require changes from Facebook regarding privacy and personal information.
By Dark Reading Staff , 1/14/2019
Comment1 Comment  |  Read  |  Post a Comment
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
Among the problems: TLS certificates are expiring and websites are becoming inaccessible.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/11/2019
Comment2 comments  |  Read  |  Post a Comment
Who Takes Responsibility for Cyberattacks in the Cloud?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new CSA report addresses the issue of breach responsibility as more organizations move ERP application data the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 1/11/2019
Comment2 comments  |  Read  |  Post a Comment
New Software Side-Channel Attack Raises Risk for Captured Crypto
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The new attack hits operating systems, not chips, and may give criminals the keys to a company's cryptography.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Container Deployments Bring Security Woes at DevOps Speed
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
Cutting Through the Jargon of AI & ML: 5 Key Issues
John Omernik, Distinguished Technologist, MapRCommentary
Ask the tough questions before you invest in artificial intelligence and machine learning technology. The security of your enterprise depends on it.
By John Omernik Distinguished Technologist, MapR, 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
Security at the Speed of DevOps: Maturity, Orchestration, and Detection
Kamal Shah, CEO at StackRoxCommentary
Container and microservices technologies, including the orchestrator Kubernetes, create an extraordinary opportunity to build infrastructure and applications that are secure by design.
By Kamal Shah CEO at StackRox, 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
Whitfield Diffie Joins Quantum Xchange Advisory Board
Dark Reading Staff, Quick Hits
The noted cryptography expert has joined the advisory board of the quantum key exchange provider.
By Dark Reading Staff , 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Security Matters When It Comes to Mergers & Acquisitions
Matt Rose, Global Director Application Security Strategy, at CheckmarxCommentary
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.
By Matt Rose Global Director Application Security Strategy, at Checkmarx, 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Akamai Streamlines Identity Management with Janrain Acquisition
Dark Reading Staff, Quick Hits
Akamai plans to combine Janrain's Identity Cloud with its Intelligent Platform to improve identity management.
By Dark Reading Staff , 1/7/2019
Comment0 comments  |  Read  |  Post a Comment
Threat of a Remote Cyberattack on Today's Aircraft Is Real
Bruce Jackson, President and Managing Director of Air InformaticsCommentary
We need more stringent controls and government action to prevent a catastrophic disaster.
By Bruce Jackson President and Managing Director of Air Informatics, 1/7/2019
Comment2 comments  |  Read  |  Post a Comment
Start Preparing Now for the Post-Quantum Future
Tim Hollebeek, Industry and Standards Technical Strategist at DigiCertCommentary
Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.
By Tim Hollebeek Industry and Standards Technical Strategist at DigiCert, 12/28/2018
Comment3 comments  |  Read  |  Post a Comment
Toxic Data: How 'Deepfakes' Threaten Cybersecurity
Dirk Kanngiesser, Co-founder & CEO, CryptowerkCommentary
The joining of 'deep learning' and 'fake news' makes it possible to create audio and video of real people saying words they never spoke or things they never did.
By Dirk Kanngiesser Co-founder & CEO, Cryptowerk, 12/27/2018
Comment0 comments  |  Read  |  Post a Comment
2018: The Year Machine Intelligence Arrived in Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Machine intelligence, in its many forms, began having a significant impact on cybersecurity this year setting the stage for growing intelligence in security automation for 2019.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/27/2018
Comment10 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He just showed up at my doorstep one day without a geotag."
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.