Application Security
News & Commentary
When Securing Your Applications, Seeing Is Believing
Mike Convertino, CISO & VP, Information Security, F5 NetworksCommentary
While the cloud is amazing, a worrying lack of visibility goes along with it. Keep that in mind as you develop your security approach.
By Mike Convertino CISO & VP, Information Security, F5 Networks, 8/24/2016
Comment0 comments  |  Read  |  Post a Comment
Theres Something Phishy in the Package
Jonathan King, Security Technologist and Intel Principal Engineer in the Intel Security Office of the CTO
The typosquatting risk is real. Its time to increase our vigilance and control over third-party source code.
By Jonathan King Security Technologist and Intel Principal Engineer in the Intel Security Office of the CTO, 8/5/2016
Comment0 comments  |  Read  |  Post a Comment
Hacker Creates Software Ratings System
Dark Reading Staff, Quick Hits
The new formula to rate computer software could force creators to perform better, says Peiter Mudge Zatko.
By Dark Reading Staff , 8/4/2016
Comment1 Comment  |  Read  |  Post a Comment
Best Of Black Hat Innovation Awards: And The Winners Are
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging company; Paul Vixie, most innovative thought leader.
By Tim Wilson Editor in Chief, Dark Reading, 8/3/2016
Comment1 Comment  |  Read  |  Post a Comment
Awareness Improving But Security Still Lags For SAP Implementations
Ericka Chickowski, Contributing Writer, Dark ReadingNews
SAP ecosystem a huge Achilles heel for enterprise system security, report says.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/2/2016
Comment0 comments  |  Read  |  Post a Comment
5 Email Security Tips to Combat Macro-Enabled Ransomware
Sean Martin, CISSP | President, imsmartin
Cybercriminals are increasingly looking to macro variants, leaving organizations to defend against advanced tactics like macro-based malware attacks any way they can.
By Sean Martin CISSP | President, imsmartin, 8/2/2016
Comment3 comments  |  Read  |  Post a Comment
BEC Scam Mastermind Arrested By Interpol
Dark Reading Staff, Quick Hits
Nigerian national charged with corporate email fraud of more than $60 million.
By Dark Reading Staff , 8/2/2016
Comment0 comments  |  Read  |  Post a Comment
Browser Exploits Increasingly Go For The Jugular
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat USA panel to discuss browser attacks, which now go from browser userland to root privileges in no time flat.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/1/2016
Comment0 comments  |  Read  |  Post a Comment
8 Bad Ass Tools Coming Out Of Black Hat
Ericka Chickowski, Contributing Writer, Dark Reading
Penetration testing, reverse engineering and other security tools that will be explained and released at Black Hat 2016.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/30/2016
Comment2 comments  |  Read  |  Post a Comment
Multiple Major Security Products Open To Big Vulns Via 'Hooking Engines'
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat USA talk will show how flawed implementation of hooking techniques are putting security and other software at risk.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2016
Comment0 comments  |  Read  |  Post a Comment
10 Hottest Talks at Black Hat USA 2016
Sean Martin, CISSP | President, imsmartin
The impressive roll call of speakers offers a prime opportunity to learn from the very best of the information security world.
By Sean Martin CISSP | President, imsmartin, 7/25/2016
Comment0 comments  |  Read  |  Post a Comment
Firefox To Start Blocking Invisible Flash Content
Dark Reading Staff, Quick Hits
This move is part of campaign by Mozilla to close the door on Flash completely by 2017.
By Dark Reading Staff , 7/21/2016
Comment0 comments  |  Read  |  Post a Comment
Ubuntu Forums Database Hacked
Dark Reading Staff, Quick Hits
Canonical probe reveals user account details of 2 million stolen, passwords safe.
By Dark Reading Staff , 7/19/2016
Comment0 comments  |  Read  |  Post a Comment
Adobe Fixes 52 Vulnerabilities In Flash
Dark Reading Staff, Quick Hits
Updated version fixes CVEs that allowed remote code execution on affected machines.
By Dark Reading Staff , 7/13/2016
Comment0 comments  |  Read  |  Post a Comment
What I Expect to See At Black Hat 2016: 5 Themes
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Heres what piques my interest this year.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 7/13/2016
Comment1 Comment  |  Read  |  Post a Comment
SWIFT Boosts Defense Against Cyberattacks
Dark Reading Staff, Quick Hits
Cyber security firms hired, intelligence team set up to ward off future attacks on banks through SWIFT.
By Dark Reading Staff , 7/12/2016
Comment0 comments  |  Read  |  Post a Comment
Profiles Of The Top 7 Bug Hunters From Around the Globe
Sean Martin, CISSP | President, imsmartin
'Super hunters' share a common goal: to find the most high impact valid bugs before a bad guy does.
By Sean Martin CISSP | President, imsmartin, 7/12/2016
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Launches Best Of Black Hat Awards Program; Finalists Selected
Tim Wilson, Editor in Chief, Dark ReadingCommentary
New awards recognize innovation on Black Hat exhibit floor, including startups, emerging companies, and industry thinkers.
By Tim Wilson Editor in Chief, Dark Reading, 7/12/2016
Comment0 comments  |  Read  |  Post a Comment
Bug Poachers: A New Breed of Cybercriminal
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
As if security researchers dont have enough to worry about, we now have to contend with extortionists who take advantage of the well-established fact that applications are a ripe target for exploitation.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 6/22/2016
Comment0 comments  |  Read  |  Post a Comment
27% Of Corporate-Connected Apps Are Risky
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Number of apps up by 30x, with many asking for sensitive connections to enterprise.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/13/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by PoonamR603
Current Conversations good post
In reply to: good post
Post Your Own Reply
Posted by PoonamR603
Current Conversations good post
In reply to: good post
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
DevOps Impact on Application Security
DevOps Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, its a developers are from Mars, systems engineers are from Venus situation.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.