News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
Messenger Apps Top Risk Hit Parade
Quick Hits  |  7/18/2018  | 
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
10 Ways to Protect Protocols That Aren't DNS
Slideshows  |  7/16/2018  | 
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
8 Big Processor Vulnerabilities in 2018
Slideshows  |  7/13/2018  | 
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
Congressional Report Cites States Most Vulnerable to Election Hacking
Quick Hits  |  7/13/2018  | 
A new report details issues with 18 states along with suggestions on what can be done.
What's Cooking With Caleb Sima
News  |  7/12/2018  | 
Security Pro File: Web app security pioneer dishes on his teenage security career, his love of electric scooters, Ace Ventura and a new baby food business venture with his wife and famed chef, Kathy Fang.
Critical Vulns Earn $2K Amid Rise of Bug Bounty Programs
News  |  7/11/2018  | 
As of June, a total of $31 million has been awarded to security researchers for this year already a big jump from the $11.7 million awarded for the entire 2017.
7 Ways to Keep DNS Safe
Slideshows  |  7/10/2018  | 
A DNS attack can have an outsize impact on the targeted organization or organizations. Here's how to make hackers' lives much more difficult.
6 M&A Security Tips
Slideshows  |  7/9/2018  | 
Companies are realizing that the security posture of an acquired organization should be considered as part of their due diligence process.
Insurers Sue Trustwave for $30M Over '08 Heartland Data Breach
News  |  7/9/2018  | 
Lawsuit filed by Lexington Insurance and Beazley Insurance is in response to a Trustwave legal filing that called their claims meritless.
Creating a Defensible Security Architecture
Commentary  |  7/9/2018  | 
Take the time to learn about your assets. You'll be able to layer in multiple prevention and detection solutions and have a highly effective security architecture.
New Malware Strain Targets Cryptocurrency Fans Who Use Macs
Quick Hits  |  7/6/2018  | 
OSX.Dummy depends on substantial help from an unwary victim.
Trading Platforms Riddled With Severe Flaws
News  |  7/6/2018  | 
In spite of routing trillions of dollars of stock and commodity trades every day, financial cousins to online banking applications are written very insecurely.
9 SMB Security Trends
Slideshows  |  7/5/2018  | 
SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most.
Consumers Rank Security High in Payment Decisions
Quick Hits  |  7/3/2018  | 
Security is a top priority when it comes to making decisions on payment methods and technologies.
iOS 12 2FA Feature May Carry Bank Fraud Risk
Quick Hits  |  7/2/2018  | 
Making two-factor authentication faster could also make it less secure.
Ticketmaster UK Warns Thousands of Data Breach
Quick Hits  |  6/28/2018  | 
Customers who bought tickets through the site are advised to check for fraudulent transactions with Uber, Netflix, and Xendpay.
IEEE Calls for Strong Encryption
Quick Hits  |  6/27/2018  | 
Newly issued position statement by the organization declares backdoor and key-escrow schemes could have 'negative consequences.'
Securing Serverless Apps: 3 Critical Tasks in 3 Days
Commentary  |  6/26/2018  | 
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
Fairhair Alliance Building IoT Security Architecture
Quick Hits  |  6/26/2018  | 
A group of companies in the building automation and IoT space is working for a coherent security architecture that incorporates multiple standards.
Secure by Default Is Not What You Think
Commentary  |  6/26/2018  | 
The traditional view of secure by default which has largely been secure out of the box is too narrow. To broaden your view, consider these three parameters.
Artificial Intelligence & the Security Market
News  |  6/21/2018  | 
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
Click2Gov Breaches Attributed to WebLogic Application Flaw
Quick Hits  |  6/21/2018  | 
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
7 Places Where Privacy and Security Collide
Slideshows  |  6/21/2018  | 
Privacy and security can experience tension at a number of points in the enterprise. Here are seven plus some possibilities for easing the strain.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Commentary  |  6/21/2018  | 
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
Microsoft Office: The Go-To Platform for Zero-Day Exploits
News  |  6/21/2018  | 
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
AppSec in the World of 'Serverless'
Commentary  |  6/21/2018  | 
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
Alphabet Launches VirusTotal Monitor to Stop False Positives
Quick Hits  |  6/20/2018  | 
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
Improving the Adoption of Security Automation
Commentary  |  6/20/2018  | 
Four barriers to automation and how to overcome them.
Most Websites and Web Apps No Match for Attack Barrage
News  |  6/19/2018  | 
The average website is attacked 50 times per day, with small businesses especially vulnerable.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Commentary  |  6/19/2018  | 
Do 'cloud-first' strategies create a security-second mindset?
F-Secure Buys MWR InfoSecurity
Quick Hits  |  6/18/2018  | 
Finnish endpoint security company buys British security service provider in cash deal.
'Shift Left' & the Connected Car
Commentary  |  6/12/2018  | 
How improving application security in the automotive industry can shorten product development time, reduce costs, and save lives.
Enterprise IT Juggling 20-Plus SecOps Tools
Quick Hits  |  6/8/2018  | 
Lack of integration also a big issue among decision makers.
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
News  |  6/7/2018  | 
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
DevSecOps Gains Enterprise Traction
News  |  6/7/2018  | 
Enterprise adoption of DevSecOps has surged in the past year, according to a study conducted at this year's RSA Conference.
Survey Shows Florida at the Bottom for Consumer Cybersecurity
News  |  6/6/2018  | 
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
'Strutting' Past the Equifax Breach: Lessons Learned
Commentary  |  6/6/2018  | 
In hindsight, there were two likely causes for last year's massive breach: the decision to use Apache Struts, and a failure to patch in a timely fashion. Both are still a recipe for disaster.
Panorays Debuts With $5 Million Investment
Quick Hits  |  6/5/2018  | 
Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.
'EFAIL' Is Why We Cant Have Golden Keys
Commentary  |  6/5/2018  | 
A deep dive into the issues surrounding an HTML email attack.
Web Application Firewalls Adjust to Secure the Cloud
News  |  6/4/2018  | 
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
Telegram: Apple Has Blocked Updates since April
Quick Hits  |  6/1/2018  | 
Telegram founder and chief executive Pavel Durov claims the messaging service has not been able to make technical updates anywhere in the world.
Open Bug Bounty Offers Free Program For Websites
News  |  6/1/2018  | 
Non-profit says it will triage and verify certain kinds of Web vulnerability submissions at no cost for those who sign up.
Report: Cross-Site Scripting Still Number One Web Attack
Quick Hits  |  6/1/2018  | 
SQL injection is the second most common technique, with IT and finance companies the major targets.
New Federal Report Gives Guidance on Beating Botnets
News  |  5/31/2018  | 
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
Git Fixes Serious Code Repository Vulnerability
News  |  5/31/2018  | 
GitHub, Visual Studio Team Services, and other code repositories patching to prevent attackers from targeting developer systems.
6 Security Investments You May Be Wasting
Slideshows  |  5/31/2018  | 
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
Android Malware Comes Baked into Some New Tablets, Phones
Quick Hits  |  5/25/2018  | 
Ad-loading malware is being built into the firmware and operating system of some new tablets and phones from three major manufacturers.
Privacy Survey Says: Americans Don't Want to Sell Their Data
Quick Hits  |  5/25/2018  | 
A new survey shows the extent to which Americans are reluctant to sell their personal information for any price.
10 Free DevOps-Friendly Security Tools Developers Will Love
Slideshows  |  5/25/2018  | 
Start building an affordable DevSecOps automation toolchain with these free application security tools.
More Than Half of Users Reuse Passwords
News  |  5/24/2018  | 
Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.
Page 1 / 2   >   >>


White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESET,  7/12/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14339
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
CVE-2018-14340
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
CVE-2018-14341
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
CVE-2018-14342
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
CVE-2018-14343
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.