Application Security

News & Commentary
70 US Election Jurisdictions Adopt Free Website Security Service
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Hawaii, Idaho, North Carolina, and Rhode Island are among states now using gratis DDoS mitigation, firewall, and user access control service from Cloudflare.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Messenger Apps Top Risk Hit Parade
Dark Reading Staff, Quick Hits
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
By Dark Reading Staff , 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/16/2018
Comment1 Comment  |  Read  |  Post a Comment
8 Big Processor Vulnerabilities in 2018
Ericka Chickowski, Contributing Writer, Dark Reading
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Congressional Report Cites States Most Vulnerable to Election Hacking
Dark Reading Staff, Quick Hits
A new report details issues with 18 states along with suggestions on what can be done.
By Dark Reading Staff , 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Web app security pioneer dishes on his teenage security career, his love of electric scooters, Ace Ventura and a new baby food business venture with his wife and famed chef, Kathy Fang.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/12/2018
Comment2 comments  |  Read  |  Post a Comment
Critical Vulns Earn $2K Amid Rise of Bug Bounty Programs
Kelly Sheridan, Staff Editor, Dark ReadingNews
As of June, a total of $31 million has been awarded to security researchers for this year already a big jump from the $11.7 million awarded for the entire 2017.
By Kelly Sheridan Staff Editor, Dark Reading, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
7 Ways to Keep DNS Safe
Curtis Franklin Jr., Senior Editor at Dark Reading
A DNS attack can have an outsize impact on the targeted organization or organizations. Here's how to make hackers' lives much more difficult.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/10/2018
Comment2 comments  |  Read  |  Post a Comment
6 M&A Security Tips
Steve Zurier, Freelance Writer
Companies are realizing that the security posture of an acquired organization should be considered as part of their due diligence process.
By Steve Zurier Freelance Writer, 7/9/2018
Comment0 comments  |  Read  |  Post a Comment
Insurers Sue Trustwave for $30M Over '08 Heartland Data Breach
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Lawsuit filed by Lexington Insurance and Beazley Insurance is in response to a Trustwave legal filing that called their claims meritless.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/9/2018
Comment0 comments  |  Read  |  Post a Comment
Creating a Defensible Security Architecture
Justin Henderson, SANS Instructor and CEO of H & A Security SolutionsCommentary
Take the time to learn about your assets. You'll be able to layer in multiple prevention and detection solutions and have a highly effective security architecture.
By Justin Henderson SANS Instructor and CEO of H & A Security Solutions, 7/9/2018
Comment0 comments  |  Read  |  Post a Comment
New Malware Strain Targets Cryptocurrency Fans Who Use Macs
Dark Reading Staff, Quick Hits
OSX.Dummy depends on substantial help from an unwary victim.
By Dark Reading Staff , 7/6/2018
Comment0 comments  |  Read  |  Post a Comment
Trading Platforms Riddled With Severe Flaws
Ericka Chickowski, Contributing Writer, Dark ReadingNews
In spite of routing trillions of dollars of stock and commodity trades every day, financial cousins to online banking applications are written very insecurely.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/6/2018
Comment0 comments  |  Read  |  Post a Comment
9 SMB Security Trends
Steve Zurier, Freelance Writer
SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most.
By Steve Zurier Freelance Writer, 7/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Consumers Rank Security High in Payment Decisions
Dark Reading Staff, Quick Hits
Security is a top priority when it comes to making decisions on payment methods and technologies.
By Dark Reading Staff , 7/3/2018
Comment1 Comment  |  Read  |  Post a Comment
iOS 12 2FA Feature May Carry Bank Fraud Risk
Dark Reading Staff, Quick Hits
Making two-factor authentication faster could also make it less secure.
By Dark Reading Staff , 7/2/2018
Comment0 comments  |  Read  |  Post a Comment
Ticketmaster UK Warns Thousands of Data Breach
Dark Reading Staff, Quick Hits
Customers who bought tickets through the site are advised to check for fraudulent transactions with Uber, Netflix, and Xendpay.
By Dark Reading Staff , 6/28/2018
Comment8 comments  |  Read  |  Post a Comment
IEEE Calls for Strong Encryption
Dark Reading Staff, Quick Hits
Newly issued position statement by the organization declares backdoor and key-escrow schemes could have 'negative consequences.'
By Dark Reading Staff , 6/27/2018
Comment2 comments  |  Read  |  Post a Comment
Securing Serverless Apps: 3 Critical Tasks in 3 Days
Hillel Solow, CTO and Co-founder, ProtegoCommentary
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
By Hillel Solow CTO and Co-founder, Protego, 6/26/2018
Comment6 comments  |  Read  |  Post a Comment
Fairhair Alliance Building IoT Security Architecture
Dark Reading Staff, Quick Hits
A group of companies in the building automation and IoT space is working for a coherent security architecture that incorporates multiple standards.
By Dark Reading Staff , 6/26/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12959
PUBLISHED: 2018-07-19
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
CVE-2018-14336
PUBLISHED: 2018-07-19
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
CVE-2018-10620
PUBLISHED: 2018-07-19
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code t...
CVE-2018-14423
PUBLISHED: 2018-07-19
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-3857
PUBLISHED: 2018-07-19
An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain...