News & Commentary
Latest Content tagged with Application Security
Page 1 / 2   >   >>
Elections, Deceptions & Political Breaches
Commentary  |  5/26/2017  | 
Political hacks have many lessons for the business world.
In the Cloud, Evolving Infrastructure Means Evolving Alliances
Commentary  |  5/25/2017  | 
New opportunities make for unusual bedfellows. Here's how to navigate the shift in organizational dynamics between security operations, line-of-business managers, and developers.
You Have One Year to Make GDPR Your Biggest Security Victory Ever
News  |  5/25/2017  | 
The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.
4 Reasons the Vulnerability Disclosure Process Stalls
Commentary  |  5/24/2017  | 
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
Staying a Step Ahead of Internet Attacks
Commentary  |  5/23/2017  | 
There's no getting around the fact that targeted attacks - like phishing - will happen. But you can figure out the type of attack to expect next.
With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?
Commentary  |  5/23/2017  | 
Technology alone won't keep you safe. Fully engaged employees should be your first line of defense.
All Generations, All Risks, All Contained: A How-To Guide
Commentary  |  5/18/2017  | 
Organizations must have a security plan that considers all of their employees.
Why We Need a Data-Driven Cybersecurity Market
Commentary  |  5/17/2017  | 
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
The Wide-Ranging Impact of New York's Cybersecurity Regulations
Commentary  |  5/16/2017  | 
New York's toughest regulations yet are now in effect. Here's what that means for your company.
How Many People Does It Take to Defend a Network?
Commentary  |  5/16/2017  | 
The question is hard to answer because there aren't enough cybersecurity pros to go around.
What Developers Don't Know About Security Can Hurt You
Commentary  |  5/11/2017  | 
Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset.
Businesses Not Properly Securing Microsoft Active Directory
News  |  5/10/2017  | 
Businesses overlook key security aspects of AD, leaving sensitive data open to external and internal attacks, new study shows.
Your IoT Baby Isn't as Beautiful as You Think It Is
Commentary  |  5/10/2017  | 
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
Android App Permission in Google Play Contains Security Flaw
Quick Hits  |  5/9/2017  | 
Android's app permission mechanisms could allow malicious apps in Google Play to download directly onto the device.
Microsoft Releases Emergency Patch For RCE Vuln
News  |  5/9/2017  | 
Flaw in Microsoft Malware Protection Engine called 'crazy bad' by researchers who discovered it.
Google Ratchets Up OAuth Policies in Wake of Phishing Attacks
Quick Hits  |  5/8/2017  | 
Google says it responded to the widespread Google Docs phishing campaign within one hour of detecting it.
Why Cyber Attacks Will Continue until Prevention Becomes a Priority
Commentary  |  5/8/2017  | 
Organizations must rethink their security measures. Focus on training, getting rid of old tech, and overcoming apathy.
Google Docs Phishing Attack Abuses Legitimate Third-Party Sharing
Quick Hits  |  5/3/2017  | 
Phishing messages appear nearly identical to legitimate requests to share Google documents, because in many ways, they are.
7 Steps to Fight Ransomware
Commentary  |  5/3/2017  | 
Perpetrators are shifting to more specific targets. This means companies must strengthen their defenses, and these strategies can help.
Getting Threat Intelligence Right
Commentary  |  5/2/2017  | 
Are you thinking of implementing or expanding a threat intelligence program? These guidelines will help you succeed.
What's in a Name? Breaking Down Attribution
Commentary  |  5/2/2017  | 
Here's what you really need to know about adversaries.
Facebook Spam Botnet Promises 'Likes' for Access Tokens
News  |  4/27/2017  | 
Facebook users can fuel a social spam botnet by providing verified apps' access tokens in exchange for "likes" and comments.
OWASP Top 10 Update: Is It Helping to Create More Secure Applications?
Commentary  |  4/27/2017  | 
What has not been updated in the new Top 10 list is almost more significant than what has.
New OWASP Top 10 Reveals Critical Weakness in Application Defenses
Commentary  |  4/27/2017  | 
It's time to move from a dependence on the flawed process of vulnerability identification and remediation to a two-pronged approach that also protects organizations from attacks.
USAF Launches 'Hack the Air Force'
News  |  4/26/2017  | 
Bug bounty contest expands Defense Department outreach to the global hacker community to find unknown vulnerabilities in DoD networks.
Microsoft App Aims to Delete the Password
News  |  4/26/2017  | 
Microsoft has officially launched its Authenticator app designed to simplify and secure user logins, raising questions about the future of password-free authentication.
What Role Should ISPs Play in Cybersecurity?
Commentary  |  4/26/2017  | 
There are many actions ISPs could do to make browsing the Web safer, but one thing stands out.
Call Center Fraud Spiked 113% in 2016
News  |  4/26/2017  | 
Criminals are increasingly spoofing caller ID using VoIP apps including Skype or Google Voice to hide their identity and location, according to a report released today by Pindrop Labs.
INTERPOL Operation Sweeps Up Thousands of Cybercrime Servers Used for Ransomware, DDoS, Spam
News  |  4/25/2017  | 
Massive public-private 'cyber surge' in Asia identifies hundreds of compromised websites in operation that spans multiple cybercriminal groups, activities.
IT-OT Convergence: Coming to an Industrial Plant Near You
Commentary  |  4/25/2017  | 
There's been a big divide between IT and OT, but that must end. Here's how to make them come together.
Best Practices for Securing Open Source Code
Commentary  |  4/21/2017  | 
Attackers see open source components as an obvious target because there's so much information on how to exploit them. These best practices will help keep you safer.
Cutting through the Noise: Is It AI or Pattern Matching?
Commentary  |  4/20/2017  | 
Many vendors are fudging terms when trying to sell their artificial intelligence security systems. Here's what you need to know when you buy.
Join Dark Reading for a 4/20 Twitter Chat on AppSec
Commentary  |  4/19/2017  | 
The @DarkReading team will host a conversation about application security on 4/20 at 2 p.m. ET.
The Second Coming of Managed File Transfer Has Arrived
Commentary  |  4/17/2017  | 
Sometimes, a mature, embedded technology still makes the most sense, especially when it comes to data security.
Cybersecurity & Fitness: Weekend Warriors Need Not Apply
Commentary  |  4/12/2017  | 
It takes consistency and a repeatable but flexible approach to achieve sustainable, measurable gains in both disciplines.
OWASP Top 10 Update: Long Overdue Or Same-Old, Same-Old?
News  |  4/11/2017  | 
The industry benchmark list is about to change for the first time in four years, but barring a few important changes, it looks a lot like it always has.
Tax Season Surprise: W-2 Fraud
Commentary  |  4/11/2017  | 
W-2 fraud used to target businesses exclusively but has now set its sights on many other sectors. Here's what you can do to prevent it from happening to you.
Computer Engineer Charged with Theft of Proprietary Computer Code
Quick Hits  |  4/11/2017  | 
Zhengquan Zhang arrested for stealing over 3 million files containing company trade secrets from his employer, a global finance firm.
The New Shadow IT: Custom Data Center Applications
Commentary  |  4/7/2017  | 
If you think youve finally gotten control of unsanctioned user apps, think again. The next wave of rogue apps is on its way from your data center to the cloud.
Matching Wits with a North Korea-Linked Hacking Group
News  |  4/5/2017  | 
Skilled 'Bluenoroff' arm of infamous Lazarus hacking team behind Bangladesh Bank heist and Sony attacks actively resists investigators on its trail, Kaspersky Lab says.
FCC Privacy Rule Repeal Will Have Widespread Security Implications
News  |  4/4/2017  | 
Concerns over the action are sending VPN sales soaring, some vendors say.
Cybercriminals Seized Control of Brazilian Bank for 5 Hours
News  |  4/4/2017  | 
Sophisticated heist compromised major bank's entire DNS infrastructure.
To Attract and Retain Better Employees, Respect Their Data
Commentary  |  4/3/2017  | 
A lack of privacy erodes trust that employees should have in management.
Russian-Speaking APT Recycles Code Used in '90s Cyberattacks Against US
News  |  4/3/2017  | 
Researchers discover connection between Turla cyber espionage gang and wave of attacks against US government agencies in the 1990's.
Customized Malware: Confronting an Invisible Threat
Commentary  |  3/31/2017  | 
Hackers are gaining entry to networks through a targeted approach. It takes a rigorous defense to keep them out.
US Border Policy Shifts May Drive Changes in Laptop Security
News  |  3/31/2017  | 
In-cabin laptop ban and requirements to unlock devices for border patrol could have enterprises revisiting their on-device data policies.
Payment Card Industry Security Compliance: What You Need to Know
Commentary  |  3/30/2017  | 
A quick refresher on all the different PCI SSC security standards that are relevant for organizations that accept electronic payments.
To Gain Influence, CISOs Must Get Security's Human Element Right
Commentary  |  3/29/2017  | 
Focusing on certain elements of security in isolation can cause a false sense of security.
7 Steps to Transforming Yourself into a DevSecOps Rockstar
Slideshows  |  3/23/2017  | 
Security practitioners at one education software firm offer lessons learned from merging DevOps with security.
Phishing Your Employees for Schooling & Security
Commentary  |  3/22/2017  | 
Your education program isn't complete until you test your users with fake phishing emails.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.