Application Security
News & Commentary
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment6 comments  |  Read  |  Post a Comment
5 New Vulnerabilities Uncovered In SAP
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015
Comment0 comments  |  Read  |  Post a Comment
Newly Discovered 'Master' Cyber Espionage Group Trumps Stuxnet
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The so-called Equation Group epitomizes the goal of persistence in cyber spying--reprogramming hard drives and hacking other targets such as air-gapped computers--and points to possible US connection.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2015
Comment13 comments  |  Read  |  Post a Comment
Antivirus Tools Slow To Respond To New Threats, Another Study Confirms
Jai Vijayan, Freelance writerNews
A 10-month study of four scanning tools by Damballa highlights some familiar weaknesses.
By Jai Vijayan Freelance writer, 2/13/2015
Comment1 Comment  |  Read  |  Post a Comment
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Jeff Schilling, CSO, FirehostCommentary
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
By Jeff Schilling CSO, Firehost, 2/11/2015
Comment2 comments  |  Read  |  Post a Comment
Scan Finds 'Ghost' Haunting Critical Business Applications
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Some 41% of enterprise applications using GNU C Library (glibc) employ the Ghost-ridden 'gethostbyname' function, Veracode discovers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/5/2015
Comment2 comments  |  Read  |  Post a Comment
Apple iOS Now Targeted In Massive Cyber Espionage Campaign
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Attack campaign tied to Russia now zeroing in on mobile user's iPhones, iPads.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/4/2015
Comment4 comments  |  Read  |  Post a Comment
'Ghost' Not So Scary After All
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The latest open-source Linux vulnerability is serious but some security experts say it's not that easy to abuse and use in an attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/28/2015
Comment5 comments  |  Read  |  Post a Comment
Diverse White Hat Community Leads To Diverse Vuln Disclosures
Sara Peters, Senior Editor at Dark ReadingNews
Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.
By Sara Peters Senior Editor at Dark Reading, 1/22/2015
Comment6 comments  |  Read  |  Post a Comment
What Government Can (And Can’t) Do About Cybersecurity
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
By Jeff Williams CTO, Aspect Security & Contrast Security, 1/22/2015
Comment18 comments  |  Read  |  Post a Comment
Facebook Messenger: Classically Bad AppSec
Daniel Riedel, CEO, New ContextCommentary
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
By Daniel Riedel CEO, New Context, 1/21/2015
Comment2 comments  |  Read  |  Post a Comment
The Truth About Malvertising
Peter Zavlaris, Analyst, RiskIQCommentary
Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats.
By Peter Zavlaris Analyst, RiskIQ, 1/16/2015
Comment7 comments  |  Read  |  Post a Comment
4 Mega-Vulnerabilities Hiding in Plain Sight
Giora Engel, VP Product & Strategy, LightCyberCommentary
How four recently discovered, high-impact vulnerabilities provided “god mode” access to 90% of the Internet for 15 years, and what that means for the future.
By Giora Engel VP Product & Strategy, LightCyber, 1/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Nation-State Cyberthreats: Why They Hack
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
All nations are not created equal and, like individual hackers, each has a different motivation and capability.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/8/2015
Comment10 comments  |  Read  |  Post a Comment
Privacy By Design: Protect User Data From 'Get-Go'
Henry Kenyon, News
International effort seeks to bake in consumer privacy options.
By Henry Kenyon , 1/5/2015
Comment0 comments  |  Read  |  Post a Comment
4 Infosec Resolutions For The New Year
Lysa Myers, Security Researcher, ESETCommentary
Don’t look in the crystal ball, look in the mirror to protect data and defend against threats in 2015.
By Lysa Myers Security Researcher, ESET, 12/30/2014
Comment9 comments  |  Read  |  Post a Comment
20 Startups To Watch In 2015
Ericka Chickowski, Contributing Writer, Dark Reading
Check our list of security startups sure to start (or continue) making waves in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/29/2014
Comment6 comments  |  Read  |  Post a Comment
A 2014 Lookback: Predictions vs. Reality
TK Keanini, CTO, LancopeCommentary
It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.
By TK Keanini CTO, Lancope, 12/29/2014
Comment5 comments  |  Read  |  Post a Comment
Attackers Leverage IT Tools As Cover
Jai Vijayan, Freelance writerNews
The line between attack and defense tools has blurred.
By Jai Vijayan Freelance writer, 12/26/2014
Comment0 comments  |  Read  |  Post a Comment
Security News No One Saw Coming In 2014
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
By John B. Dickson CISSP, Principal, Denim Group, 12/22/2014
Comment12 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9676
Published: 2015-02-27
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

CVE-2014-9682
Published: 2015-02-27
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

CVE-2015-0655
Published: 2015-02-27
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

CVE-2015-0884
Published: 2015-02-27
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

CVE-2015-0885
Published: 2015-02-27
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.