informa

Application Security

Google Analyzes Methods Behind GCP Workload Attacks
The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows.
November 29, 2021
The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows.
by Robert Lemos, Contributing Writer
November 29, 2021
4 min read
Article
Panasonic Hit in Data Breach
Tech firm reveals that data on one of its file servers was accessed by attackers.
November 29, 2021
Tech firm reveals that data on one of its file servers was accessed by attackers.
by Dark Reading Staff, Dark Reading
November 29, 2021
1 min read
Article
Baffle's Data Privacy Cloud Protects Data for Amazon Redshift Customers
Amazon Redshift customers can use Baffle’s Data Privacy Cloud to secure the data pipeline as source data is migrated to Redshift and used for data analytics.
November 23, 2021
Amazon Redshift customers can use Baffle’s Data Privacy Cloud to secure the data pipeline as source data is migrated to Redshift and used for data analytics.
by Dark Reading Staff, Dark Reading
November 23, 2021
3 min read
Article
Bug Bounties Surge as Firms Compete for Talent
Companies such as GItLab, which today increased its payment for critical bugs by 75%, are raising bounties and bonuses to attract top-notch researchers.
November 22, 2021
Companies such as GItLab, which today increased its payment for critical bugs by 75%, are raising bounties and bonuses to attract top-notch researchers.
by Robert Lemos, Contributing Writer
November 22, 2021
5 min read
Article
Addressing the Low-Code Security Elephant in the Room
The danger of anyone being able to spin up new applications is that few are thinking about security. Here's why everyone is responsible for the security of low-code/no-code applications.
November 18, 2021
The danger of anyone being able to spin up new applications is that few are thinking about security. Here's why everyone is responsible for the security of low-code/no-code applications.
by Michael Bargury, CTO & Co-Founder, Zenity
November 18, 2021
8 min read
Article
Is XDR Overhyped?
Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category.
November 17, 2021
Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category.
by Ericka Chickowski, Contributing Writer
November 17, 2021
1 min read
Article
MacOS Zero-Day Used in Watering-Hole Attacks
Attackers targeted Chinese pro-democracy groups using a vulnerability fixed in September along with a second vulnerability fixed early in the year, Google says.
November 15, 2021
Attackers targeted Chinese pro-democracy groups using a vulnerability fixed in September along with a second vulnerability fixed early in the year, Google says.
by Robert Lemos, Contributing Writer
November 15, 2021
4 min read
Article
FBI Attributes Abuse of Its Email Account to Software 'Misconfiguration'
A wave of phony emails from an FBI mail server originated from an issue with the agency's Law Enforcement Enterprise Portal.
November 15, 2021
A wave of phony emails from an FBI mail server originated from an issue with the agency's Law Enforcement Enterprise Portal.
by Dark Reading Staff, Dark Reading
November 15, 2021
1 min read
Article
Emerging Security Tools Tackle GraphQL Security
New security tools are proactively protecting APIs built with GraphQL, before attacks against them become more commonplace.
November 12, 2021
New security tools are proactively protecting APIs built with GraphQL, before attacks against them become more commonplace.
by Fahmida Y. Rashid, Features Editor, Dark Reading
November 12, 2021
4 min read
Article
In Appreciation: Alan Paller
Alan Paller, founder of the famed SANS Institute, passed away on Nov. 9.
November 12, 2021
Alan Paller, founder of the famed SANS Institute, passed away on Nov. 9.
by Dark Reading Staff, Dark Reading
November 12, 2021
2 min read
Article
Google Open Sources ClusterFuzzLite
ClusterFuzzLite is a stripped-down version of continuous fuzzing tool ClusterFuzz that integrates CI tools.
November 11, 2021
ClusterFuzzLite is a stripped-down version of continuous fuzzing tool ClusterFuzz that integrates CI tools.
by Dark Reading Staff, Dark Reading
November 11, 2021
2 min read
Article
Third-Party Software Risks Grow, but So Do Solutions
Enterprises are more dependent than ever on open source software and need to manage the risk posed by vulnerabilities in components and third-party vendors.
November 11, 2021
Enterprises are more dependent than ever on open source software and need to manage the risk posed by vulnerabilities in components and third-party vendors.
by Robert Lemos, Contributing Writer
November 11, 2021
5 min read
Article
New Application Security Toolkit Uncovers Dependency Confusion Attacks
The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally been added to their projects.
November 11, 2021
The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally been added to their projects.
by Fahmida Y. Rashid, Features Editor, Dark Reading
November 11, 2021
4 min read
Article
SolarWinds Vulnerability Exploited in First Stage of Clop Ransomware Attacks
Russian cybercrime group known as T505 is targeting SolarWinds Server-U systems that haven't been patched for a remote code execution vulnerability fixed this summer.
November 10, 2021
Russian cybercrime group known as T505 is targeting SolarWinds Server-U systems that haven't been patched for a remote code execution vulnerability fixed this summer.
by Dark Reading Staff, Dark Reading
November 10, 2021
1 min read
Article
Researcher Details Vulnerabilities Found in AWS API Gateway
AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.
November 10, 2021
AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.
by Kelly Jackson Higgins, Executive Editor
November 10, 2021
3 min read
Article