News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
News  |  11/16/2018  | 
The public/private task force takes early steps toward securing the end-to-end supply chain.
New Bluetooth Hack Affects Millions of Vehicles
Quick Hits  |  11/16/2018  | 
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
AI Poised to Drive New Wave of Exploits
News  |  11/16/2018  | 
Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.
From Reactive to Proactive: Security as the Bedrock of the SDLC
Commentary  |  11/15/2018  | 
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
Security Teams Struggle with Container Security Strategy
News  |  11/14/2018  | 
Fewer than 30% of firms have more than a basic container security plan in place.
Netskope Announces Series F Funding Round
Quick Hits  |  11/13/2018  | 
The $168.7 million round will go toward R&D and global expansion, says cloud access security broker provider.
RIP, 'IT Security'
Commentary  |  11/13/2018  | 
Information security is vital, of course. But the concept of "IT security" has never made sense.
What You Should Know About Grayware (and What to Do About It)
Slideshows  |  11/9/2018  | 
Grayware is a tricky security problem, but there are steps you can take to defend your organization when you recognize the risk.
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
Commentary  |  11/8/2018  | 
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
New Side-Channel Attacks Target Graphics Processing Units
News  |  11/7/2018  | 
A trio of new attacks bypass CPUs to wring data from vulnerable GPUs.
Checkmarx Acquires Custodela
Quick Hits  |  11/7/2018  | 
The purchase adds DevSecOps capabilities to a software exposure platform.
Thoma Bravo Buys Veracode
News  |  11/5/2018  | 
Broadcom will sell Veracode, acquired last year by CA, for $950M to Thoma Bravo as it broadens its security portfolio.
Worst Malware and Threat Actors of 2018
News  |  11/2/2018  | 
Two reports call out the most serious malware attacks and attackers of the year (so far).
Cisco Reports SIP Inspection Vulnerability
Quick Hits  |  11/2/2018  | 
Advisory addresses active exploitation of vuln in the wild, with no clear solution in sight.
Speed Up AppSec Improvement With an Adversary-Driven Approach
News  |  11/2/2018  | 
Stop overwhelming developers and start using real-world attack behavior to prioritize application vulnerability fixes.
FIFA Reveals Second Hack
Quick Hits  |  11/1/2018  | 
Successful phishing campaign leads attackers to confidential information of world soccer's governing body.
Not Every Security Flaw Is Created Equal
Commentary  |  11/1/2018  | 
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.
Qualys Snaps Up Container Firm
Quick Hits  |  10/31/2018  | 
Plans to use Layered Insight's technology to add runtime capabilities and automated enforcement to its container security tool.
Companies Fall Short on 2FA
Quick Hits  |  10/30/2018  | 
New research ranks organizations based on whether they offer two-factor authentication.
New Report: IoT Now Top Internet Attack Target
Quick Hits  |  10/29/2018  | 
IoT devices are the top targets of cyberattacks -- most of which originate on IoT devices, new report finds.
7 Ways an Old Tool Still Teaches New Lessons About Web AppSec
Slideshows  |  10/29/2018  | 
Are your Web applications secure? WebGoat, a tool old enough to be in high school, continues to instruct.
AppSec Is Dead, but Software Security Is Alive & Well
Commentary  |  10/29/2018  | 
Application security must be re-envisioned to support software security. It's time to shake up your processes.
New Free Decryption Tool for GandCrab
Quick Hits  |  10/25/2018  | 
Tool rescues GandCrab victims from malicious encryption.
Retail Fraud Spikes Ahead of the Holidays
News  |  10/25/2018  | 
Researchers note massive increases in retail goods for sale on the black market, retail phishing sites, and malicious applications and social media profiles.
DevSecOps An Effective Fix for Software Flaws
News  |  10/25/2018  | 
Organizations seeking to fix flaws faster should look to automation and related methodologies for success, says a new report.
Windows 7 End-of-Life: Are You Ready?
News  |  10/24/2018  | 
Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.
Abandoned Websites Haunt Corporations
Quick Hits  |  10/24/2018  | 
Websites that never go away continue to bring security threats to their owners, says a new report.
Tackling Supply Chain Threats
Commentary  |  10/24/2018  | 
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
The Browser Is the New Endpoint
Commentary  |  10/23/2018  | 
Given the role browsers play in accessing enterprise applications and information, it's time to rethink how we classify, manage, and secure them.
Healthcare.gov FFE Breach Compromises 75K Users' Data
Quick Hits  |  10/22/2018  | 
Attackers broke into a sign-up system used by healthcare insurance agents and brokers to help consumers apply for coverage.
Gartner Experts Highlight Tech Trends And Their Security Risks
News  |  10/22/2018  | 
Security must be built into systems and applications from the beginning of the design process, they agreed.
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
News  |  10/19/2018  | 
A report by the Wall Street Journal points finger at group that is known to Facebook Security.
How to Get Consumers to Forgive You for a Breach
Quick Hits  |  10/18/2018  | 
It starts with already-established trust, a new survey shows.
7 Ways A Collaboration System Could Wreck Your IT Security
Slideshows  |  10/18/2018  | 
The same traits that make collaboration systems so useful for team communications can help hackers, too.
Apache Access Vulnerability Could Affect Thousands of Applications
News  |  10/18/2018  | 
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.
Getting Up to Speed with "Always-On SSL"
Commentary  |  10/18/2018  | 
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
Oracle Issues Massive Collection of Critical Security Updates
Quick Hits  |  10/17/2018  | 
The software updates from Oracle address a record number of vulnerabilities.
Cybercrime-as-a-Service: No End in Sight
Commentary  |  10/17/2018  | 
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
A Cybersecurity Weak Link: Linux and IoT
Commentary  |  10/16/2018  | 
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
Rapid7 Acquires tCell
Quick Hits  |  10/16/2018  | 
The purchase brings together a cloud security platform with a web application firewall.
Spies Among Us: Tracking, IoT & the Truly Inside Threat
Commentary  |  10/16/2018  | 
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
6 Security Trends for 2018/2019
News  |  10/15/2018  | 
Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
News  |  10/11/2018  | 
Many organizations have yet to create an effective cybersecurity strategy and it's costing them millions.
Most Malware Arrives Via Email
Quick Hits  |  10/11/2018  | 
Watch out for messages with the word "invoice" in the subject line, too.
Google Adds New Identity, Security Tools to Cloud Platform
News  |  10/11/2018  | 
A wave of cloud news includes new tools for identity and access management and policies for stronger controls on cloud resources.
The Better Way: Threat Analysis & IIoT Security
Commentary  |  10/11/2018  | 
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
Google+ Vulnerability Hits Service, Leads to Shutdown
News  |  10/9/2018  | 
In response to the breach, Google is changing policies, modifying APIs, and shutting down Google+.
Git Gets Patched for Newly Found Flaw
Quick Hits  |  10/9/2018  | 
A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
Commentary  |  10/9/2018  | 
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
Teach Your AI Well: A Potential New Bottleneck for Cybersecurity
News  |  10/8/2018  | 
Artificial intelligence (AI) holds the promise of easing the skills shortage in cybersecurity, but implementing AI may result in a talent gap of its own for the industry.
Page 1 / 2   >   >>


Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15769
PUBLISHED: 2018-11-16
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is...
CVE-2018-18955
PUBLISHED: 2018-11-16
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resour...
CVE-2018-19311
PUBLISHED: 2018-11-16
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19312
PUBLISHED: 2018-11-16
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19318
PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.