Application Security

News & Commentary
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff, Quick Hits
Using DDoS for hire services and possessing firearms as a felon combine to land a New Mexico man 15 years in federal prison.
By Dark Reading Staff , 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
The Risks of Remote Desktop Access Are Far from Remote
Matt Ahrens,  Security Team Leader at CoalitionCommentary
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
By Matt Ahrens Security Team Leader at Coalition, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Tanium's Valuation Reaches $5 Billion With New Investment
Dark Reading Staff, Quick Hits
Tanium has received a $175 million investment from TPG Growth.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
25% of Businesses Targeted with Cryptojacking in the Cloud
Kelly Sheridan, Staff Editor, Dark ReadingNews
New public cloud security report detects a spike in cryptojacking, mismanaged cloud storage, account takeover, and major patches getting overlooked.
By Kelly Sheridan Staff Editor, Dark Reading, 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark ReadingNews
CVSS scores alone are ineffective risk predictors - modeling for likelihood of exploitation also needs to be taken into account.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/15/2018
Comment3 comments  |  Read  |  Post a Comment
Taming the Chaos of Application Security: 'We Built an App for That'
Caleb Sima, Founder, Badkode VenturesCommentary
Want to improve the state of secure software coding? Hide the complexity from developers.
By Caleb Sima Founder, Badkode Ventures, 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
'EFAIL' Email Encryption Flaw Research Stirs Debate
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A newly revealed vulnerability in email encryption is a big problem for a small subset of users.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
Facebook Suspends 200 Apps
Dark Reading Staff, Quick Hits
Thousands of apps have been investigated as Facebook determines which had access to large amounts of user data before its 2014 policy changes.
By Dark Reading Staff , 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
The New Security Playbook: Get the Whole Team Involved
John Commentary
Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.
By John "Lex" Robinson Cybersecurity Strategist at Cofense, 5/11/2018
Comment0 comments  |  Read  |  Post a Comment
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
Adam Shostack, Founder, Stealth StartupCommentary
With the addition of secure enclaves, secure boot, and related features of "Clear," the only ones that will be able to test this code are Apple, well-resourced nations, and vendors who sell jailbreaks.
By Adam Shostack Founder, Stealth Startup, 5/10/2018
Comment0 comments  |  Read  |  Post a Comment
Script Kiddies, Criminals Hacking Video Streams for Fun & Profit
Dark Reading Staff, Quick Hits
Video streams are getting hijacked for 'prestige,' DDoS, and financial gain, a new report found.
By Dark Reading Staff , 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
10 Lessons From an IoT Demo Lab
Curtis Franklin Jr., Senior Editor at Dark Reading
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
Google Security Updates Target DevOps, Containers
Kelly Sheridan, Staff Editor, Dark ReadingNews
The tech giant explains why it's rolling out a new cloud security management tool and an open-source framework for confidential computing.
By Kelly Sheridan Staff Editor, Dark Reading, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
5 Ways to Better Use Data in Security
Steve Zurier, Freelance Writer
Use these five tips to get your security shop thinking more strategically about data.
By Steve Zurier Freelance Writer, 5/5/2018
Comment3 comments  |  Read  |  Post a Comment
Encryption is Necessary, Tools and Tips Make It Easier
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR Requirements Prompt New Approach to Protecting Data in Motion
Rick Bilodeau, Vice President of Marketing, StreamSetsCommentary
The EU's General Data Protection Regulation means that organizations must look at new ways to keep data secure as it moves.
By Rick Bilodeau Vice President of Marketing, StreamSets, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
Survey Shows Sensitive Data Goes Astray in Email
Dark Reading Staff, Quick Hits
Many employees have trouble controlling the release of sensitive information in email.
By Dark Reading Staff , 5/2/2018
Comment0 comments  |  Read  |  Post a Comment
Breaches Drive Consumer Stress over Cybersecurity
Kelly Sheridan, Staff Editor, Dark ReadingNews
As major data breaches make headlines, consumers are increasingly worried about cyberattacks, password management, and data security.
By Kelly Sheridan Staff Editor, Dark Reading, 5/2/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by IrishKanagy
Current Conversations Nice
In reply to: Nice
Post Your Own Reply
More Conversations
PR Newswire
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11311
PUBLISHED: 2018-05-20
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVE-2018-11319
PUBLISHED: 2018-05-20
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to ...
CVE-2018-11242
PUBLISHED: 2018-05-20
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-11315
PUBLISHED: 2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a ho...
CVE-2018-11239
PUBLISHED: 2018-05-19
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in ...