Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
To Manage Security Risk, Manage Data First
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Interop 2019, IT and security experts urged attendees to focus on data asset management as a means of mitigating risk.
By Kelly Sheridan Staff Editor, Dark Reading, 5/23/2019
Comment0 comments  |  Read  |  Post a Comment
FEC Gives Green Light for Free Cybersecurity Help in Federal Elections
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Official opinion issued by the Federal Election Commission to nonprofit Defending Digital Campaigns is good news for free and reduced-cost security offerings to political candidates and committees.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/23/2019
Comment0 comments  |  Read  |  Post a Comment
Mobile Exploit Fingerprints Devices with Sensor Calibration Data
Dark Reading Staff, Quick Hits
Data from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit.
By Dark Reading Staff , 5/23/2019
Comment0 comments  |  Read  |  Post a Comment
Russian Nation-State Hacking Unit's Tools Get More Fancy
Robert Lemos, Contributing WriterNews
APT28/Fancy Bear has expanded its repertoire to more than 30 commands for infecting systems, executing code, and reconnaissance, researchers have found.
By Robert Lemos Contributing Writer, 5/23/2019
Comment0 comments  |  Read  |  Post a Comment
New Software Skims Credit Card Info From Online Credit Card Transactions
Dark Reading Staff, Quick Hits
The new exploit builds a fake frame around legitimate portions of an online commerce website.
By Dark Reading Staff , 5/22/2019
Comment3 comments  |  Read  |  Post a Comment
Data Asset Management: What Do You Really Need?
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
Google Alerts Admins to Unhashed Password Storage
Dark Reading Staff, Quick Hits
The company reports it has seen improper access to, or misuse of, affected enterprise G Suite credentials.
By Dark Reading Staff , 5/22/2019
Comment1 Comment  |  Read  |  Post a Comment
49 Million Instagram Influencer Records Exposed in Open Database
Dark Reading Staff, Quick Hits
An AWS-hosted database was configured with no username or password required for access to personal data.
By Dark Reading Staff , 5/21/2019
Comment0 comments  |  Read  |  Post a Comment
Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter
Jai Vijayan, Contributing WriterNews
Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security.
By Jai Vijayan Contributing Writer, 5/17/2019
Comment1 Comment  |  Read  |  Post a Comment
The Data Problem in Security
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
New Intel Vulnerabilities Bring Fresh CPU Attack Dangers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Introducing the Digital Transformation Architect
Jordan Blake, VP of Products at BehavioSecCommentary
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
By Jordan Blake VP of Products at BehavioSec, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Website Attack Attempts Rose by 69% in 2018
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Millions of websites have been compromised, but the most likely malware isn't cyptomining: it's quietly stealing files and redirecting traffic, a new Sitelock report shows.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
Robert Lemos, Contributing WriterNews
A single flaw allowed attackers thought to be linked to a government to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
By Robert Lemos Contributing Writer, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Effective Pen Tests Follow These 7 Steps
Curtis Franklin Jr., Senior Editor at Dark Reading
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
How We Collectively Can Improve Cyber Resilience
Todd Weller, Chief Strategy Officer at Bandura CyberCommentary
Three steps you can take, based on Department of Homeland Security priorities.
By Todd Weller Chief Strategy Officer at Bandura Cyber, 5/10/2019
Comment0 comments  |  Read  |  Post a Comment
Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/7/2019
Comment1 Comment  |  Read  |  Post a Comment
Password Reuse, Misconfiguration Blamed for Repository Compromises
Robert Lemos, Contributing WriterNews
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.
By Robert Lemos Contributing Writer, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
Trust the Stack, Not the People
John De Santis, CEO, HyTrustCommentary
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
By John De Santis CEO, HyTrust, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
Misconfigured Ladders Database Exposed 13M User Records
Dark Reading Staff, Quick Hits
Job-hunting site Ladders leaves job seeker data exposed on the Internet.
By Dark Reading Staff , 5/2/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .