Application Security
News & Commentary
Microsoft Rolls Out AI-based Security Risk Detection Tool
Kelly Sheridan, Associate Editor, Dark ReadingNews
Microsoft Security Risk Detection leverages artificial intelligence to root out bugs in software before it's released.
By Kelly Sheridan Associate Editor, Dark Reading, 7/21/2017
Comment0 comments  |  Read  |  Post a Comment
Using DevOps to Move Faster than Attackers
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
DevOps & Security: Butting Heads for Years but Integration is Happening
Zeus Kerravala, Founder and Principal Analyst, ZK ResearchCommentary
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
By Zeus Kerravala Founder and Principal Analyst, ZK Research, 7/20/2017
Comment5 comments  |  Read  |  Post a Comment
4 Steps to Securing Citizen-Developed Apps
Mike Lemire, Compliance & Information Security Officer at  Quick BaseCommentary
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
By Mike Lemire Compliance & Information Security Officer at Quick Base, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Dow Jones Data Leak Results from an AWS Configuration Error
Kelly Sheridan, Associate Editor, Dark ReadingNews
Security pros expect to see more incidents like the Dow Jones leak, which exposed customers' personal information following a public cloud configuration error.
By Kelly Sheridan Associate Editor, Dark Reading, 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
Apple iOS Malware Growth Outpaces that of Android
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
SIEM Training Needs a Better Focus on the Human Factor
Justin Henderson, SANS Instructor and CEO of H & A Security SolutionsCommentary
The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
By Justin Henderson SANS Instructor and CEO of H & A Security Solutions, 7/18/2017
Comment1 Comment  |  Read  |  Post a Comment
AsTech Offers a $5 Million Security Breach Warranty
Dark Reading Staff, Quick Hits
AsTech expands its warranty program with a guarantee it will find Internet application vulnerabilities or it will pay up to $5 million if there is a breach.
By Dark Reading Staff , 7/14/2017
Comment0 comments  |  Read  |  Post a Comment
Study: Backdoors Found on 73% of Compromised Websites
Dark Reading Staff, Quick Hits
No such thing as 'too small to hack,' according to research from SMB security provider SiteLock.
By Dark Reading Staff , 7/13/2017
Comment0 comments  |  Read  |  Post a Comment
How Security Pros Can Help Protect Patients from Medical Data Theft
Reza Chapman, Managing Director, Cybersecurity, for Accenture's Global  Healthcare BusinessCommentary
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
By Reza Chapman Managing Director, Cybersecurity, for Accenture's Global Healthcare Business, 7/13/2017
Comment0 comments  |  Read  |  Post a Comment
Dealing with Due Diligence
Eldon Sprickerhoff, Founder and Chief Security Strategist,  eSentireCommentary
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
By Eldon Sprickerhoff Founder and Chief Security Strategist, eSentire, 7/12/2017
Comment2 comments  |  Read  |  Post a Comment
New SQL Injection Tool Makes Attacks Possible from a Smartphone
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Recorded Future finds new hacking tool that's cheap and convenient to carry out that old standby attack, SQL injection.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/12/2017
Comment0 comments  |  Read  |  Post a Comment
Web App Vulnerabilities Decline 25% in 12 Months
Dawn Kawamoto, Associate Editor, Dark ReadingNews
WhiteHat Security's annual Web app report shows the average number of vulns in a Web app is down from four to three.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/11/2017
Comment0 comments  |  Read  |  Post a Comment
How Code Vulnerabilities Can Lead to Bad Accidents
Jeff Williams, CTO, Contrast SecurityCommentary
The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.
By Jeff Williams CTO, Contrast Security, 7/10/2017
Comment0 comments  |  Read  |  Post a Comment
The SOC Is DeadLong Live the SOC
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
The Growing Danger of IP Theft and Cyber Extortion
Robert McFarlane, Chief Revenue OfficerCommentary
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
By Robert McFarlane Chief Revenue Officer, 7/6/2017
Comment1 Comment  |  Read  |  Post a Comment
Symantec to Buy 'Browser Isolation' Firm Fireglass
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Fireglass's emerging Web security technology will become modular component in Symantec's Integrated Cyber Defense Platform.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/6/2017
Comment1 Comment  |  Read  |  Post a Comment
The Problem with Data
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 7/3/2017
Comment1 Comment  |  Read  |  Post a Comment
8 Things Every Security Pro Should Know About GDPR
Jai Vijayan, Freelance writer
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
By Jai Vijayan Freelance writer, 6/30/2017
Comment1 Comment  |  Read  |  Post a Comment
Why Enterprise Security Needs a New Focus
Kirsten Bay, President and CEO, Cyber adAPTCommentary
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
By Kirsten Bay President and CEO, Cyber adAPT, 6/29/2017
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Lacework
Current Conversations Well said. 
In reply to: Re: security adoption
Post Your Own Reply
Posted by [email protected]
Current Conversations Hi, On the subject of Cybersecurity Conferences, this link might be of interest: (Events in Las Vegas) > https://infosec-conferences.com/events/cybersecurity-conferences-las-vegas/ Thanks
In reply to: Might be of interest to your readers
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, you were supposed to display UNICODE characters!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.