News & Commentary
Latest Content tagged with Application Security
Page 1 / 2   >   >>
Facebook Offers $1 Million for New Security Defenses
News  |  7/26/2017  | 
The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
10 Critical Steps to Create a Culture of Cybersecurity
Commentary  |  7/26/2017  | 
Businesses are more vulnerable than they need to be. Here's what you should do about it.
Majority of Consumers Believe IoT Needs Security Built In
Quick Hits  |  7/26/2017  | 
Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.
Custom Source Code Accounts for 93% of App Vulnerabilities
Quick Hits  |  7/25/2017  | 
A new study finds that third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software.
Weather.com, Fusion Expose Data Via Google Groups Config Error
News  |  7/24/2017  | 
Companies that leaked data accidentally chose the sharing setting "public on the Internet," which enabled anyone on the Web to access all information contained in the messages
Majority of Security Pros Let Productivity Trump Security
News  |  7/24/2017  | 
A survey found that 64% of IT security professionals will tweak security to give workers more flexibility to be productive when asked to make that move by top executives.
Microsoft Rolls Out AI-based Security Risk Detection Tool
News  |  7/21/2017  | 
Microsoft Security Risk Detection leverages artificial intelligence to root out bugs in software before it's released.
Using DevOps to Move Faster than Attackers
News  |  7/20/2017  | 
Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
DevOps & Security: Butting Heads for Years but Integration is Happening
Commentary  |  7/20/2017  | 
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
4 Steps to Securing Citizen-Developed Apps
Commentary  |  7/19/2017  | 
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
Dow Jones Data Leak Results from an AWS Configuration Error
News  |  7/18/2017  | 
Security pros expect to see more incidents like the Dow Jones leak, which exposed customers' personal information following a public cloud configuration error.
Apple iOS Malware Growth Outpaces that of Android
News  |  7/18/2017  | 
Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.
SIEM Training Needs a Better Focus on the Human Factor
Commentary  |  7/18/2017  | 
The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
AsTech Offers a $5 Million Security Breach Warranty
Quick Hits  |  7/14/2017  | 
AsTech expands its warranty program with a guarantee it will find Internet application vulnerabilities or it will pay up to $5 million if there is a breach.
Study: Backdoors Found on 73% of Compromised Websites
Quick Hits  |  7/13/2017  | 
No such thing as 'too small to hack,' according to research from SMB security provider SiteLock.
How Security Pros Can Help Protect Patients from Medical Data Theft
Commentary  |  7/13/2017  | 
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
Dealing with Due Diligence
Commentary  |  7/12/2017  | 
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
New SQL Injection Tool Makes Attacks Possible from a Smartphone
News  |  7/12/2017  | 
Recorded Future finds new hacking tool that's cheap and convenient to carry out that old standby attack, SQL injection.
Web App Vulnerabilities Decline 25% in 12 Months
News  |  7/11/2017  | 
WhiteHat Security's annual Web app report shows the average number of vulns in a Web app is down from four to three.
How Code Vulnerabilities Can Lead to Bad Accidents
Commentary  |  7/10/2017  | 
The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.
The SOC Is DeadLong Live the SOC
Commentary  |  7/7/2017  | 
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
The Growing Danger of IP Theft and Cyber Extortion
Commentary  |  7/6/2017  | 
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
Symantec to Buy 'Browser Isolation' Firm Fireglass
News  |  7/6/2017  | 
Fireglass's emerging Web security technology will become modular component in Symantec's Integrated Cyber Defense Platform.
The Problem with Data
Commentary  |  7/3/2017  | 
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
8 Things Every Security Pro Should Know About GDPR
Slideshows  |  6/30/2017  | 
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
Why Enterprise Security Needs a New Focus
Commentary  |  6/29/2017  | 
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
Recovering from Bad Decisions in the Cloud
Commentary  |  6/26/2017  | 
The cloud makes it much easier to make changes to security controls than in traditional networks.
The Folly of Vulnerability & Patch Management for ICS Networks
Commentary  |  6/21/2017  | 
Yes, such efforts matter. But depending on them can give a false sense of security.
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
Commentary  |  6/20/2017  | 
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
Cybersecurity Fact vs. Fiction
Commentary  |  6/20/2017  | 
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Commentary  |  6/19/2017  | 
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
Forrester: Rapid Cloud Adoption Drives Demand for Security Tools
News  |  6/16/2017  | 
Cloud services revenue is poised to skyrocket from $114 billion in 2016 to $236 billion by 2020, driving the market for products to secure data in the cloud.
Why Your AppSec Program Is Doomed to Fail & How to Save It
Commentary  |  6/16/2017  | 
With these measures in place, organizations can avoid common pitfalls.
Climbing the Security Maturity Ladder in Cloud
Commentary  |  6/15/2017  | 
These five steps will insure that you achieve the broadest coverage for onboarding your most sensitive workloads.
Survey: 58% of Security and Development Teams Play Nice
Quick Hits  |  6/14/2017  | 
Despite frequent talk of tension between software development and security teams, it turns out more than half of organizations surveyed have these two groups collaborating.
How Smart Cities Can Minimize the Threat of Cyberattacks
Commentary  |  6/14/2017  | 
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
Relentless Attackers Try Over 100,000 Times Before They Breach a System
News  |  6/14/2017  | 
New report from startup tCell shows XSS attempts a noisy reminder of the overwhelming scale of automated attack techniques.
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
Commentary  |  6/12/2017  | 
Intruders often understand the networks they target better than their defenders do.
Your Information Isn't Being Hacked, It's Being Neglected
Commentary  |  6/9/2017  | 
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
The Economics of Software Security: What Car Makers Can Teach Enterprises
Commentary  |  6/8/2017  | 
Embedding security controls early in the application development process will go a long way towards driving down the total cost of software ownership.
Security in the Cloud: Pitfalls and Potential of CASB Systems
News  |  6/7/2017  | 
The transition to cloud has driven a demand for CASB systems, but today's systems lack the full breadth of functionality businesses need.
Cybersecurity Stands as Big Sticking Point in Software M&A
News  |  6/7/2017  | 
The breach that was the fly in the ointment of the Yahoo-Verizon deal is one of many now surfacing as security of acquired firms starts to become a point of negotiation.
Balancing the Risks of the Internet of Things
Commentary  |  6/7/2017  | 
Do the benefits of an Internet-connected coffee maker really outweigh its security issues?
Slack, Telegram, Other Chat Apps Being Used as Malware Control Channels
News  |  6/6/2017  | 
Cybercriminal are abusing third-party chat apps as command-and-control infrastructures to spread their malware.
How to Succeed at Incident Response Metrics
Commentary  |  6/2/2017  | 
Establishing a baseline of what information you need is an essential first step.
Security & Development: Better Together
Commentary  |  6/1/2017  | 
How DevSecOps removes the silos between security and application development teams so that everyone can work together at the same speed.
DevOps & SecOps: The Perks of Collaboration
Partner Perspectives  |  6/1/2017  | 
Organizations cant bypass security in favor of speed, making SecOps a perfect complement to DevOps.
Mobile App Back-End Servers, Databases at Risk
News  |  5/31/2017  | 
Mobile app developers'casual use of back-end technology like Elasticsearch without security-hardening puts unsuspecting enterprises at grave risk of exposure.
Rethinking Vulnerabilities: Network Infrastructure as a Software System
Commentary  |  5/31/2017  | 
Increasing complexity is putting networks at risk. It's time to shift our security approach and take some lessons from software development.
Securing IoT Devices Requires a Change in Thinking
Commentary  |  5/30/2017  | 
There's no magic bullet for IoT security, but there are ways to help detect and mitigate problems.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jamie, the darn Unicorn is back."
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.