Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
HP Purchases Security Startup Bromium
Dark Reading Staff, Quick Hits
The purchase will bring new isolation and threat intelligence capabilities to the HP portfolio.
By Dark Reading Staff , 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
BSIMM10 Emphasizes DevOps' Role in Software Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Security Pros Value Disclosure ... Sometimes
Dark Reading Staff, Quick Hits
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
By Dark Reading Staff , 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Ping Identity Prices IPO at $15 per Share
Dark Reading Staff, Quick Hits
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
By Dark Reading Staff , 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Crowdsourced Security & the Gig Economy
Alex Haynes, Chief Information Security Officer, CDLCommentary
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
By Alex Haynes Chief Information Security Officer, CDL, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
GitHub Becomes CVE Numbering Authority, Acquires Semmle
Dark Reading Staff, Quick Hits
Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
DevSecOps: Recreating Cybersecurity Culture
Steve Martino, Senior Vice President, Chief Information Security Officer, CiscoCommentary
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
By Steve Martino Senior Vice President, Chief Information Security Officer, Cisco, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
One Arrested in Ecuador's Mega Data Leak
Dark Reading Staff, Quick Hits
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
24.3M Unsecured Health Records Expose Patient Data, Images
Dark Reading Staff, Quick Hits
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark ReadingNews
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2019
Comment1 Comment  |  Read  |  Post a Comment
US Companies Unprepared for Privacy Regulations
Dark Reading Staff, Quick Hits
US companies are poorly prepared for even the most rudimentary privacy regulations, a new report says.
By Dark Reading Staff , 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Oracle Expands Cloud Security Services at OpenWorld 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company broadens its portfolio with new services developed to centralize and automate cloud security.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Court Rules In Favor of Firm 'Scraping' Public Data
Dark Reading Staff, Quick Hits
US appeals court said a company can legally use publicly available LinkedIn account information.
By Dark Reading Staff , 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Data Leak Affects Most of Ecuador's Population
Kelly Sheridan, Staff Editor, Dark ReadingNews
An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Escaping Email: Unlocking Message Security for SMS, WhatsApp
Curtis Franklin Jr., Senior Editor at Dark Reading
Messaging is growing in importance as dislike for email increases. That means knowing how to protect critical data in the messaging era is a must for IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Instagram Bug Put User Account Details, Phone Numbers at Risk
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, now patched, is the latest in a series of bad news for Facebook.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
APIs Get Their Own Top 10 Security List
Robert Lemos, Contributing WriterNews
OWASP's new list of API weaknesses focuses on issues that have caused recent data breaches and pose common security hazards in modern cloud-based applications.
By Robert Lemos Contributing Writer, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff, Quick Hits
A new set of regulations converts the government ban on using Kaspersky products from a temporary rule to one that's permanent.
By Dark Reading Staff , 9/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Third-Party Features Leave Websites More Vulnerable to Attack
Dark Reading Staff, Quick Hits
A new report points out the dangers to customer data of website reliance on multiple third parties.
By Dark Reading Staff , 9/10/2019
Comment2 comments  |  Read  |  Post a Comment
Two Zero-Days Fixed in Microsoft Patch Rollout
Kelly Sheridan, Staff Editor, Dark ReadingNews
September's Patch Tuesday addressed 80 vulnerabilities, two of which have already been exploited in the wild.
By Kelly Sheridan Staff Editor, Dark Reading, 9/10/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by kathleenrkeaton
Current Conversations Thank so much
In reply to: thank you somuch
Post Your Own Reply
Posted by lboettger537
Current Conversations Don't let the (bed) bugs byte.
In reply to: Bugs
Post Your Own Reply
More Conversations
PR Newswire
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16695
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
CVE-2019-16696
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
CVE-2018-21018
PUBLISHED: 2019-09-22
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
CVE-2019-16692
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
CVE-2019-16693
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.