Application Security
News & Commentary
Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy
Mark Weinstein, CEO, MeWe.comCommentary
You can read all you want about Windows 10 powerful new privacy features, but that doesn’t mean you have them.
By Mark Weinstein CEO, MeWe.com, 9/2/2015
Comment0 comments  |  Read  |  Post a Comment
Cyberspies Impersonate Security Researcher
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
'Rocket Kitten' pro-Iranian regime hackers focusing more on targeting individuals for geopolitical espionage.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/1/2015
Comment0 comments  |  Read  |  Post a Comment
The Security Of Applications And CISOs' Sanity, With Veracode's Chris Wysopal
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Veracode's Chris Wysopal visits the Dark Reading News Desk at Black Hat to discuss application security, what CISOs' top priorities are, and what they should be.
By Sara Peters Senior Editor at Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
What Drives A Developer To Use Security Tools -- Or Not
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
National Science Foundation (NSF)-funded research by Microsoft Research, NC State, and UNC-Charlotte sheds light on what really makes a software developer scan his or her code for security bugs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/24/2015
Comment10 comments  |  Read  |  Post a Comment
IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
Unpatched 'Tpwn' Mac OS X Bug Could Grant Root Privileges
Sara Peters, Senior Editor at Dark ReadingNews
Researchers beginning to find more cracks in Mac operating systems.
By Sara Peters Senior Editor at Dark Reading, 8/18/2015
Comment1 Comment  |  Read  |  Post a Comment
An Apple Fanboi Writing Malware For Mac OSX
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Patrick Wardle, director of research for Synack, spoke about his "Writing Bad@$$ Malware for OS X" session at the Dark Reading News Desk at Black Hat.
By Sara Peters Senior Editor at Dark Reading, 8/18/2015
Comment3 comments  |  Read  |  Post a Comment
RASP: A False Sense of Security For Apps & Data
Mark Carrizosa, VP of Security, Soha SystemsCommentary
Betting on a single runtime tool like RASP is not the solution for eliminating application security risk.
By Mark Carrizosa VP of Security, Soha Systems, 8/17/2015
Comment7 comments  |  Read  |  Post a Comment
Black Hat, Data Science, Machine Learning, and… YOU!
Jeremiah Grossman, Commentary
The time has come for security pros to start honing in on their machine learning skills. Here’s why.
By Jeremiah Grossman , 8/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Reuters: Kaspersky Denies Sabotaging Competitors' AV
Dark Reading Staff, Quick Hits
Two former employees told Reuters that Kaspersky Lab tried to trick rival anti-virus firms' software into flagging more false positives
By Dark Reading Staff , 8/14/2015
Comment0 comments  |  Read  |  Post a Comment
Mad World: The Truth About Bug Bounties
Katie Moussouris, Chief Policy Officer, HackerOneCommentary
What Oracle CSO Mary Ann Davidson doesn’t get about modern security vulnerability disclosure.
By Katie Moussouris Chief Policy Officer, HackerOne, 8/13/2015
Comment5 comments  |  Read  |  Post a Comment
Software Security Is Hard But Not impossible
Jason Schmitt, VP & General Manager, Fortify, HP Enterprise Security ProductsCommentary
New Interactive Application Security Testing products produce an interesting result under the right conditions, but they can’t, by themselves, find all the security vulnerabilities you need to fix.
By Jason Schmitt VP & General Manager, Fortify, HP Enterprise Security Products, 8/12/2015
Comment2 comments  |  Read  |  Post a Comment
Windows 10 Gets Patch Tuesday Treatment, With 4 Critical Bugs Fixed
Dark Reading Staff, Quick Hits
Office, Edge, Internet Explorer, and graphics components all ripe for remote code execution.
By Dark Reading Staff , 8/12/2015
Comment1 Comment  |  Read  |  Post a Comment
Data Protection: The 98 Percent Versus The 2 Percent
Jeff Schilling, CSO, FirehostCommentary
Four steps for defending your most sensitive corporate information from the inside out.
By Jeff Schilling CSO, Firehost, 8/11/2015
Comment0 comments  |  Read  |  Post a Comment
Risk of Data Loss From Non-Jailbroken iOS Devices Real, Security Firm says
Jai Vijayan, Freelance writerNews
Data from the Hacking Team reveals actively used exploit for breaking into and stealing data from registered iOS systems, FireEye says.
By Jai Vijayan Freelance writer, 8/7/2015
Comment0 comments  |  Read  |  Post a Comment
New SMB Relay Attack Steals User Credentials Over Internet
Fahmida Y. Rashid, Contributing Editor, Dark ReadingNews
Researchers found a twist to an older vulnerability that lets them launch SMB relay attacks from the Internet.
By Fahmida Y. Rashid Contributing Editor, Dark Reading, 8/5/2015
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Preps Week Of Show Coverage At Black Hat USA
Tim Wilson, Editor in Chief, Dark ReadingCommentary
If you want to know what's happening in Las Vegas this week at Black Hat, Dark Reading's got the scoop.
By Tim Wilson Editor in Chief, Dark Reading, 8/3/2015
Comment0 comments  |  Read  |  Post a Comment
Dark Reading News Desk Comes To You Live From Black Hat
Sara Peters, Senior Editor at Dark ReadingCommentary
Live video coverage from Las Vegas Wednesday and Thursday
By Sara Peters Senior Editor at Dark Reading, 8/3/2015
Comment3 comments  |  Read  |  Post a Comment
New Phishing Campaign Leverages Google Drive
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers believe technique is geared to take over Google SSO accounts.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment2 comments  |  Read  |  Post a Comment
Dmail Makes Gmail Vanish
Thomas Claburn, Editor at Large, Enterprise MobilityNews
You can make Gmail messages self-destruct with a Chrome browser extension.
By Thomas Claburn Editor at Large, Enterprise Mobility, 7/25/2015
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7444
Published: 2015-09-01
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

CVE-2015-2807
Published: 2015-09-01
Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.

CVE-2015-6520
Published: 2015-09-01
IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request.

CVE-2015-6727
Published: 2015-09-01
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

CVE-2015-6728
Published: 2015-09-01
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.