informa
/
Announcements
Event
The Value Drivers of Attack Surface Management, Revealed | May 26 Webinar | <REGISTER NOW>
Event
Implementing and Using XDR to Improve Enterprise Cybersecurity | May 25 Webinar | <REGISTER NOW>
Event
HOW DATA BREACHES HAPPEN & WHAT TO DO WHEN THEY HAPPEN TO YOU | June 23 Virtual Event | <Get Your Pass>
PreviousNext

Application Security

Breaking news, news analysis, and expert commentary on application security, including tools & technologies.

Partial Patching Still Provides Strong Protection Against APTs
Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.
May 20, 2022
Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.
by Jai Vijayan, Contributing Writer, Dark Reading
May 20, 2022
4 min read
Article
DoJ Won't Charge 'Good Faith' Security Researchers
Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.
May 19, 2022
Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.
by Dark Reading Staff, Dark Reading
May 19, 2022
1 min read
Article
Majority of Kubernetes API Servers Exposed to the Public Internet
Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.
May 19, 2022
Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.
by Ericka Chickowski, Contributing Writer, Dark Reading
May 19, 2022
4 min read
Article
6 Scary Tactics Used in Mobile App Attacks
Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
May 19, 2022
Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
by Storm Swendsboe, Director of Intelligence, SafeGuard Cyber
May 19, 2022
5 min read
Article
MITRE Creates Framework for Supply Chain Security
System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.
May 18, 2022
System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.
by Kelly Jackson Higgins, Editor-in-Chief, Dark Reading
May 18, 2022
4 min read
Article
CISA to Federal Agencies: Patch VMware Products Now or Take Them Offline
Last month attackers quickly reverse-engineered VMware patches to launch RCE attacks. CISA warns it's going to happen again.
May 18, 2022
Last month attackers quickly reverse-engineered VMware patches to launch RCE attacks. CISA warns it's going to happen again.
by Dark Reading Staff, Dark Reading
May 18, 2022
1 min read
Article
CISA: Unpatched F5 BIG-IP Devices Under Active Attack
Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.
May 18, 2022
Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.
by Dark Reading Staff, Dark Reading
May 18, 2022
1 min read
Article
The Industry Must Better Secure Open Source Code From Threat Actors
Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.
May 18, 2022
Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.
by Andrew Useckas, Chief Technology Officer and Co-Founder, ThreatX
May 18, 2022
5 min read
Article
Critical VMware Bug Exploits Continue, as Botnet Operators Jump In
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.
May 17, 2022
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.
by Tara Seals, Managing Editor, News, Dark Reading
May 17, 2022
5 min read
Article
New Venture Capital Fund Focuses on Emerging Cybersecurity Tech
The founders behind more than 90 cybersecurity firms have set up a $300 million investment fund.
May 17, 2022
The founders behind more than 90 cybersecurity firms have set up a $300 million investment fund.
by Dark Reading Staff, Dark Reading
May 17, 2022
1 min read
Article
Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in
A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.
May 17, 2022
A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.
by Dark Reading Staff, Dark Reading
May 17, 2022
1 min read
Article
Google Cloud Aims to Share Its Vetted Open Source Ecosystem
The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.
May 17, 2022
The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.
by Robert Lemos, Contributing Writer
May 17, 2022
4 min read
Article
RF Technologies Releases Safe Place Staff Protection for Healthcare Settings
RFT is expanding the Safe Place hospital market security system to include staff protection.
May 16, 2022
RFT is expanding the Safe Place hospital market security system to include staff protection.
May 16, 2022
3 min read
Article
Open Source Security Gets $30M Boost From Industry Heavy Hitters
Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.
May 16, 2022
Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.
by Robert Lemos, Contributing Writer
May 16, 2022
5 min read
Article
Name That Toon: Knives Out
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
May 16, 2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
by John Klossner, Cartoonist
May 16, 2022
1 min read
Article