Application Security

News & Commentary
Google Sheds Light on Data Encryption Practices
Kelly Sheridan, Associate Editor, Dark ReadingNews
Google explains the details of how it secures information in the cloud and encrypts data in transit.
By Kelly Sheridan Associate Editor, Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
Healthcare Faces Poor Cybersecurity Prognosis
Kelly Sheridan, Associate Editor, Dark ReadingNews
Experts say the healthcare industry is underestimating security threats as attackers continue to seek data and monetary gain.
By Kelly Sheridan Associate Editor, Dark Reading, 12/13/2017
Comment1 Comment  |  Read  |  Post a Comment
Automation Could Be Widening the Cybersecurity Skills Gap
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
Sticking workers with tedious jobs that AI can't do leads to burnout, but there is a way to achieve balance.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
Post-Breach Carnage: Worst Ways The Axe Fell in 2017
Ericka Chickowski, Contributing Writer, Dark Reading
Executive firings, stock drops, and class action settlements galore, this year was a study in real-world repercussions for cybersecurity lapses.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/11/2017
Comment0 comments  |  Read  |  Post a Comment
What Slugs in a Garden Can Teach Us About Security
Chris Nelson, Senior Director of Security and IT at Distil NetworksCommentary
Design principles observed in nature serve as a valuable model to improve organizations' security approaches.
By Chris Nelson Senior Director of Security and IT at Distil Networks, 12/8/2017
Comment0 comments  |  Read  |  Post a Comment
Man-in-the-Middle Flaw in Major Banking, VPN Apps Exposes Millions
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New research from University of Birmingham emphasizes importance of securing high-risk mobile apps.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
Deception: Why It's Not Just Another Honeypot
Carolyn Crandall, Chief Deception Officer at Attivo NetworksCommentary
The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception.
By Carolyn Crandall Chief Deception Officer at Attivo Networks, 12/1/2017
Comment0 comments  |  Read  |  Post a Comment
Why Security Depends on Usability -- and How to Achieve Both
Tyler Shields,  VP of Marketing, Strategy & Partnerships,  Signal SciencesCommentary
Any initiative that reduces usability will have consequences that make security less effective.
By Tyler Shields VP of Marketing, Strategy & Partnerships, Signal Sciences, 11/29/2017
Comment1 Comment  |  Read  |  Post a Comment
Git Some Security: Locking Down GitHub Hygiene
Ericka Chickowski, Contributing Writer, Dark ReadingNews
In the age of DevOps and agile development practices that lean heavily on GitHub and other cloud resources, strong controls are more important than ever.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/28/2017
Comment0 comments  |  Read  |  Post a Comment
Trend Micro Buys Immunio
Dark Reading Staff, Quick Hits
The acquisition is aimed at balancing the speed of DevOps with application security.
By Dark Reading Staff , 11/28/2017
Comment12 comments  |  Read  |  Post a Comment
Developers Can Do More to Up Their Security Game: Report
Jai Vijayan, Freelance writerNews
Developers can play a vital role in accelerating the adoption of AppSec practices, security vendor says.
By Jai Vijayan Freelance writer, 11/28/2017
Comment0 comments  |  Read  |  Post a Comment
New BankBot Version Avoids Detection in Google Play -- Again
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Mobile banking Trojan BankBot uses a unique payload downloading technique to skip past Google Play Protect.
By Dawn Kawamoto Associate Editor, Dark Reading, 11/27/2017
Comment0 comments  |  Read  |  Post a Comment
Cyber Forensics: The Next Frontier in Cybersecurity
Brendan Saltaformaggio, Assistant Professor, Georgia Tech School of  Electrical and Computer EngineeringCommentary
We can now recover evidence from the RAM on a cellphone, even if the account is locked, and use it to prosecute a case.
By Brendan Saltaformaggio Assistant Professor, Georgia Tech School of Electrical and Computer Engineering, 11/27/2017
Comment1 Comment  |  Read  |  Post a Comment
New OWASP Top 10 List Includes Three New Web Vulns
Jai Vijayan, Freelance writerNews
But dropping cross-site request forgeries from list is a mistake, some analysts say.
By Jai Vijayan Freelance writer, 11/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Let's Take a Page from the Credit Card Industry's Playbook
Ryan Stolte, co-founder and CTO at Bay DynamicsCommentary
Internal security departments would do well to follow the processes of major credit cards.
By Ryan Stolte co-founder and CTO at Bay Dynamics, 11/21/2017
Comment0 comments  |  Read  |  Post a Comment
Researcher Finds Hole in Windows ASLR Security Defense
Kelly Sheridan, Associate Editor, Dark ReadingNews
A security expert found a way to work around Microsoft's Address Space Randomization Layer, which protects the OS from memory-based attacks.
By Kelly Sheridan Associate Editor, Dark Reading, 11/20/2017
Comment1 Comment  |  Read  |  Post a Comment
Businesses Can't Tell Good Bots from Bad Bots: Report
Dark Reading Staff, Quick Hits
Bots make up more than 75% of total traffic for some businesses, but one in three can't distinguish legitimate bots from malicious ones.
By Dark Reading Staff , 11/17/2017
Comment13 comments  |  Read  |  Post a Comment
Terdot Banking Trojan Spies on Email, Social Media
Kelly Sheridan, Associate Editor, Dark ReadingNews
Terdot Banking Trojan, inspired by Zeus, can eavesdrop and modify traffic on social media and email in addition to snatching data.
By Kelly Sheridan Associate Editor, Dark Reading, 11/16/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Uses Neural Networks to Make Fuzz Tests Smarter
Jai Vijayan, Freelance writerNews
Neural fuzzing can help uncover bugs in software better than traditional tools, company says.
By Jai Vijayan Freelance writer, 11/15/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark ReadingNews
Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.
By Kelly Sheridan Associate Editor, Dark Reading, 11/14/2017
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.