Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
5 Soothing Security Products We Wish Existed
Curtis Franklin Jr., Senior Editor at Dark Reading
Maybe security alert fatigue wouldn't be so bad if the alerts themselves delivered less stress and more aromatherapy.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
Want to Improve Cloud Security? It Starts with Logging
Chris Calvert, VP Product Strategy, Co-Founder, Respond SoftwareCommentary
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.
By Chris Calvert VP Product Strategy, Co-Founder, Respond Software, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
A Day in The Life of a Pen Tester
Kelly Sheridan, Staff Editor, Dark ReadingNews
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
By Kelly Sheridan Staff Editor, Dark Reading, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Bad Bots Build Presence Across the Web
Dark Reading Staff, Quick Hits
Bots that mimic human behavior are driving a growing percentage of website traffic while contributing to an avalanche of misinformation.
By Dark Reading Staff , 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Companies Are Failing to Deploy Key Solution for Email Security
Robert Lemos, Contributing WriterNews
A single -- albeit complex-to-deploy -- technology could stop the most expensive form of fraud, experts say. Why aren't more companies adopting it?
By Robert Lemos Contributing Writer, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Researchers Focus on Zoom App's Security
Robert Lemos, Contributing WriterNews
With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses.
By Robert Lemos Contributing Writer, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Defense Evasion Dominated 2019 Attack Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Dark Reading Staff, Quick Hits
The data was breached through the credentials of two franchisee employees.
By Dark Reading Staff , 3/31/2020
Comment2 comments  |  Read  |  Post a Comment
Patching Poses Security Problems with Move to More Remote Work
Robert Lemos, Contributing WriterNews
Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.
By Robert Lemos Contributing Writer, 3/31/2020
Comment1 Comment  |  Read  |  Post a Comment
Does the 2020 Online Census Account for Security Risk?
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.
By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020
Comment1 Comment  |  Read  |  Post a Comment
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/31/2020
Comment3 comments  |  Read  |  Post a Comment
Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations
Jai Vijayan, Contributing WriterNews
Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.
By Jai Vijayan Contributing Writer, 3/30/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Edge Will Tell You If Credentials Are Compromised
Dark Reading Staff, Quick Hits
Password Monitor, InPrivate mode, and ad-tracking prevention are three new additions to Microsoft Edge.
By Dark Reading Staff , 3/30/2020
Comment11 comments  |  Read  |  Post a Comment
Insurance Giant Chubb Might Be Ransomware Victim
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/26/2020
Comment0 comments  |  Read  |  Post a Comment
Missing Patches, Misconfiguration Top Technical Breach Causes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
By Kelly Sheridan Staff Editor, Dark Reading, 3/25/2020
Comment1 Comment  |  Read  |  Post a Comment
Tupperware Hit by Card Skimmer Attack
Dark Reading Staff, Quick Hits
Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.
By Dark Reading Staff , 3/25/2020
Comment0 comments  |  Read  |  Post a Comment
Do DevOps Teams Need a Company Attorney on Speed Dial?
Shahar Sperling, Chief Architect at HCL AppScanCommentary
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
By Shahar Sperling Chief Architect at HCL AppScan, 3/25/2020
Comment0 comments  |  Read  |  Post a Comment
Malware Found Hidden in Android Utility Apps, Children's Games
Dark Reading Staff, Quick Hits
The 'Tekya' malware, as researchers call it, is designed to imitate the user's actions to click advertisements.
By Dark Reading Staff , 3/24/2020
Comment1 Comment  |  Read  |  Post a Comment
How to Secure Your Kubernetes Deployments
Gadi Naor, CTO and Co-Founder, AlcideCommentary
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
By Gadi Naor CTO and Co-Founder, Alcide, 3/24/2020
Comment0 comments  |  Read  |  Post a Comment
Three Ways Your BEC Defense Is Failing & How to Do Better
Curtis Franklin Jr., Senior Editor at Dark Reading
Business email compromises cost the economy billions of dollars. Experts have advice on how to stop them from hitting you for millions at a pop.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/23/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by SoniaWilson
Current Conversations Nice Post
In reply to: Nice Post
Post Your Own Reply
More Conversations
PR Newswire
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5300
PUBLISHED: 2020-04-06
In Hydra (an OAuth2 Server and OpenID Certifiedâ„¢ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the t...
CVE-2019-19699
PUBLISHED: 2020-04-06
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To e...
CVE-2020-11102
PUBLISHED: 2020-04-06
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
CVE-2020-11507
PUBLISHED: 2020-04-06
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded.
CVE-2020-11544
PUBLISHED: 2020-04-06
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for...