News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
New Mexico Man Sentenced on DDoS, Gun Charges
Quick Hits  |  5/18/2018  | 
Using DDoS for hire services and possessing firearms as a felon combine to land a New Mexico man 15 years in federal prison.
Cracking 2FA: How It's Done and How to Stay Safe
Slideshows  |  5/17/2018  | 
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
The Risks of Remote Desktop Access Are Far from Remote
Commentary  |  5/17/2018  | 
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
Tanium's Valuation Reaches $5 Billion With New Investment
Quick Hits  |  5/17/2018  | 
Tanium has received a $175 million investment from TPG Growth.
Why Isn't Integrity Getting the Attention It Deserves?
Commentary  |  5/17/2018  | 
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
25% of Businesses Targeted with Cryptojacking in the Cloud
News  |  5/15/2018  | 
New public cloud security report detects a spike in cryptojacking, mismanaged cloud storage, account takeover, and major patches getting overlooked.
Don't Roll the Dice When Prioritizing Vulnerability Fixes
News  |  5/15/2018  | 
CVSS scores alone are ineffective risk predictors - modeling for likelihood of exploitation also needs to be taken into account.
Taming the Chaos of Application Security: 'We Built an App for That'
Commentary  |  5/15/2018  | 
Want to improve the state of secure software coding? Hide the complexity from developers.
'EFAIL' Email Encryption Flaw Research Stirs Debate
News  |  5/14/2018  | 
A newly revealed vulnerability in email encryption is a big problem for a small subset of users.
Facebook Suspends 200 Apps
Quick Hits  |  5/14/2018  | 
Thousands of apps have been investigated as Facebook determines which had access to large amounts of user data before its 2014 policy changes.
The New Security Playbook: Get the Whole Team Involved
Commentary  |  5/11/2018  | 
Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
Commentary  |  5/10/2018  | 
With the addition of secure enclaves, secure boot, and related features of "Clear," the only ones that will be able to test this code are Apple, well-resourced nations, and vendors who sell jailbreaks.
Script Kiddies, Criminals Hacking Video Streams for Fun & Profit
Quick Hits  |  5/9/2018  | 
Video streams are getting hijacked for 'prestige,' DDoS, and financial gain, a new report found.
10 Lessons From an IoT Demo Lab
Slideshows  |  5/7/2018  | 
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
Google Security Updates Target DevOps, Containers
News  |  5/7/2018  | 
The tech giant explains why it's rolling out a new cloud security management tool and an open-source framework for confidential computing.
5 Ways to Better Use Data in Security
Slideshows  |  5/5/2018  | 
Use these five tips to get your security shop thinking more strategically about data.
Encryption is Necessary, Tools and Tips Make It Easier
News  |  5/3/2018  | 
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
GDPR Requirements Prompt New Approach to Protecting Data in Motion
Commentary  |  5/3/2018  | 
The EU's General Data Protection Regulation means that organizations must look at new ways to keep data secure as it moves.
Survey Shows Sensitive Data Goes Astray in Email
Quick Hits  |  5/2/2018  | 
Many employees have trouble controlling the release of sensitive information in email.
Breaches Drive Consumer Stress over Cybersecurity
News  |  5/2/2018  | 
As major data breaches make headlines, consumers are increasingly worried about cyberattacks, password management, and data security.
Are You Protecting Your DevOps Software 'Factory'?
News  |  5/1/2018  | 
New study highlights insecurities in DevOps toolchain implementations.
Slack Releases Open Source SDL Tool
News  |  4/30/2018  | 
After building an SDL tool for their own use, Slack has released it on Github under an open source license.
10 Security Innovators to Watch
Slideshows  |  4/30/2018  | 
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
What Meltdown and Spectre Mean for Mobile Device Security
Commentary  |  4/30/2018  | 
Here are four tips to keep your mobile users safe from similar attacks.
The Default SAP Configuration That Every Enterprise Needs to Fix
News  |  4/26/2018  | 
Nine out of ten organizations are vulnerable to a 13-year-old flaw that puts their most critical business systems at risk of complete criminal takeover.
Free New Tool for Building Blockchain Skills
Quick Hits  |  4/25/2018  | 
Blockchain CTF helps pros build skills with simulations.
Why Information Integrity Attacks Pose New Security Challenges
Commentary  |  4/25/2018  | 
To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.
'Stresspaint' Targets Facebook Credentials
News  |  4/24/2018  | 
New malware variant goes after login credentials for popular Facebook pages.
It's Time to Take GitHub Threats Seriously
Commentary  |  4/24/2018  | 
There's a good chance your company has projects on the source code management system, but the casual way many developers use GitHub creates security issues.
Trust: The Secret Ingredient to DevSecOps Success
News  |  4/20/2018  | 
Security practitioners must build trusted relationships with developers and within cross-functional DevOps teams to get themselves embedded into continuous software delivery processes.
NIST Seeking Comments on New AppSec Practices Standards
News  |  4/17/2018  | 
Working in conjunction with SAFECode, NIST is opening the floor to suggestions at RSA about secure software development life cycle guidelines.
DevOps May Be Cause of and Solution to Open Source Component Chaos
News  |  4/16/2018  | 
DevOps is accelerating the trend of componentized development approaches, but its automation can also help enforce better governance and security.
INsecurity Conference Seeks Security Pros to Speak on Best Practices
News  |  4/16/2018  | 
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
Power Line Vulnerability Closes Air Gap
Quick Hits  |  4/13/2018  | 
A new demonstration of malware shows that air-gapped computers may still be at risk.
7 Steps to a Smooth, Secure Cloud Transition
Slideshows  |  4/13/2018  | 
Security leaders share their top steps to keep in mind as your organization moves data and applications to the cloud.
ABRY Partners Buys SiteLock
Quick Hits  |  4/12/2018  | 
Web site security firm SiteLock has been acquired by venture fund managers ABRY Partners.
Microsegmentation: Strong Security in Small Packages
Commentary  |  4/12/2018  | 
A deep dive into how organizations can effectively devise and implement microsegmentation in a software-defined networking data center.
New Email Campaign Employs Malicious URLs
News  |  4/12/2018  | 
A new attack dropping the Quant Loader Trojan bypasses scanners and sandboxes.
Facebook Rolls Out 'Data Abuse Bounty' Program
News  |  4/11/2018  | 
The social media giant also got hit with a lawsuit the day before unveiling its new reward program.
Hack Back: An Eye for an Eye Could Make You Blind
Commentary  |  4/11/2018  | 
Attackers have had almost zero consequences or cost for stealing data from innocent victims. But what if we could hack their wallets, not their systems?
On-Premise Security Tools Struggle to Survive in the Cloud
News  |  4/10/2018  | 
Businesses say their current security tools aren't effective in the cloud but hesitate to adopt cloud-based security systems.
CA Acquires SourceClear
Quick Hits  |  4/9/2018  | 
CA adds software composition analysis capabilities to Veracode lineup through acquisition.
Serverless Architectures: A Paradigm Shift in Application Security
Commentary  |  4/9/2018  | 
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
Protect Yourself from Online Fraud This Tax Season
Commentary  |  4/6/2018  | 
Use these tips to stay safe online during everyone's least-favorite time of the year.
Mirai Variant Botnet Takes Aim at Financials
News  |  4/5/2018  | 
In January, a botnet based on Mirai was used to attack at least three European financial institutions.
Facebook: Most Profiles Likely Scraped by Third Parties
Quick Hits  |  4/5/2018  | 
Facebook announces plans to restrict data access after 87 million users' data was improperly shared with Cambridge Analytica.
How Security Can Bridge the Chasm with Development
Commentary  |  4/5/2018  | 
Enhancing the relationships between security and engineering is crucial for improving software security. These six steps will bring your teams together.
Report: White House Email Domains Poorly Protected from Fraud
Quick Hits  |  4/4/2018  | 
Only one Executive Office of the President email domain has fully implemented DMARC, according to a new report.
7 Deadly Security Sins of Web Applications
Slideshows  |  4/3/2018  | 
The top ways organizations open themselves up to damaging Web app attacks.
'Hack the Defense Travel System': DoD Extends its Bug Bounty Program
News  |  4/2/2018  | 
The fifth US Department of Defense bug bounty program, launched with HackerOne, will target a DoD enterprise system used by millions.
Page 1 / 2   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.