Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
10 Notable Cybersecurity Acquisitions of 2019, Part 2
Kelly Sheridan, Staff Editor, Dark Reading
As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
By Kelly Sheridan Staff Editor, Dark Reading, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.
By Shane Buckley President & Chief Operating Officer, Gigamon, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Dark Reading Staff, Quick Hits
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
Password-Cracking Teams Up in CrackQ Release
Robert Lemos, Contributing WriterNews
The open source platform aims to make password-cracking more manageable and efficient for red teams.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Dark Reading Staff, Quick Hits
Kaspersky creates a prototype ring you can wear on your finger for authentication.
By Dark Reading Staff , 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Advisory for Windows Hello for Business
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Application & Infrastructure Risk Management: You've Been Doing It Backward
John Worrall, Chief Executive Officer at ZeroNorthCommentary
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
By John Worrall Chief Executive Officer at ZeroNorth, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies
Robert Lemos, Contributing WriterNews
The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.
By Robert Lemos Contributing Writer, 12/2/2019
Comment0 comments  |  Read  |  Post a Comment
StrandHogg Vulnerability Affects All Versions of Android
Kelly Sheridan, Staff Editor, Dark ReadingNews
The bug enables malware to pose as any legitimate Android app, letting attackers track messages, photos, credentials, and phone conversations.
By Kelly Sheridan Staff Editor, Dark Reading, 12/2/2019
Comment0 comments  |  Read  |  Post a Comment
Data from 21M Mixcloud Users Compromised in Breach
Dark Reading Staff, Quick Hits
The music streaming service received reports indicating attackers gained unauthorized access to its systems.
By Dark Reading Staff , 12/2/2019
Comment0 comments  |  Read  |  Post a Comment
Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.
By Kelly Sheridan Staff Editor, Dark Reading, 11/27/2019
Comment0 comments  |  Read  |  Post a Comment
Google Details Its Responses to Cyber Attacks, Disinformation
Dark Reading Staff, Quick Hits
Government groups continue to attack user credentials and distribute disinformation according to a new blog post from Google's Threat Analysis Group.
By Dark Reading Staff , 11/27/2019
Comment2 comments  |  Read  |  Post a Comment
New Free Emulator Challenges Apple's Control of iOS
Robert Lemos, Contributing WriterNews
An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system and gives Apple a new headache.
By Robert Lemos Contributing Writer, 11/27/2019
Comment0 comments  |  Read  |  Post a Comment
Practical Principles for Security Metrics
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
A proactive approach to cybersecurity requires the right tools, not more tools.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 11/27/2019
Comment0 comments  |  Read  |  Post a Comment
7 Ways to Hang Up on Voice Fraud
Steve Zurier, Contributing Writer
Criminals are coming at us from all direction, including our phones. Don't answer that next call without reading this tips first.
By Steve Zurier Contributing Writer, 11/27/2019
Comment8 comments  |  Read  |  Post a Comment
The Implications of Last Week's Exposure of 1.2B Records
Kelly Sheridan, Staff Editor, Dark ReadingNews
Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.
By Kelly Sheridan Staff Editor, Dark Reading, 11/26/2019
Comment0 comments  |  Read  |  Post a Comment
An Alarming Number of Software Teams Are Missing Cybersecurity Expertise
Robert Lemos, Contributing WriterNews
The overwhelming majority of developers worry about security and consider it important, yet many lack a dedicated cybersecurity leader.
By Robert Lemos Contributing Writer, 11/26/2019
Comment0 comments  |  Read  |  Post a Comment
On the Border Warns of Data Breach
Dark Reading Staff, Quick Hits
Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.
By Dark Reading Staff , 11/26/2019
Comment3 comments  |  Read  |  Post a Comment
Tushu, Take Twoshu: Malicious SDK Reappears in Google Play
Kelly Sheridan, Staff Editor, Dark ReadingNews
Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.
By Kelly Sheridan Staff Editor, Dark Reading, 11/25/2019
Comment0 comments  |  Read  |  Post a Comment
T-Mobile Prepaid Hit by Significant Data Breach
Dark Reading Staff, Quick Hits
The breach, estimated to have affected more than a million customers, came from malicious external actors.
By Dark Reading Staff , 11/25/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by KhalilMills
Current Conversations Thank Pro
In reply to: thank so much
Post Your Own Reply
Posted by robertmbaker
Current Conversations hi
In reply to: thank pro
Post Your Own Reply
More Conversations
PR Newswire
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19645
PUBLISHED: 2019-12-09
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
CVE-2019-19678
PUBLISHED: 2019-12-09
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue.
CVE-2019-19679
PUBLISHED: 2019-12-09
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue.
CVE-2019-19647
PUBLISHED: 2019-12-09
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2019-19648
PUBLISHED: 2019-12-09
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.