Application Security

News & Commentary
Cryptomining Malware Continues Rapid Growth: Report
Dark Reading Staff, Quick Hits
Cryptomining malware is the fastest-growing category of malicious software, according to a new report.
By Dark Reading Staff , 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
Fault-Tolerant Method Used for Security Purposes in New Framework
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Deletes Passwords for Azure Active Directory Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
By Kelly Sheridan Staff Editor, Dark Reading, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
6 Dark Web Pricing Trends
Steve Zurier, Freelance Writer
For cybercriminals, the Dark Web grows more profitable every day.
By Steve Zurier Freelance Writer, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
Executive Branch Makes Significant Progress As DMARC Deadline Nears
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The DHS directive on email security has an approaching deadline that most departments in the executive branch might actually meet.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Retail Sector Second-Worst Performer on Application Security
Jai Vijayan, Freelance writerNews
A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
By Jai Vijayan Freelance writer, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Cryptojackers Grow Dramatically on Enterprise Networks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new report shows that illicit cryptomining malware is growing by leaps and bounds on the networks of unsuspecting victims.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
As Tech Drives the Business, So Do CISOs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Success for New CISOs
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
You've been hired to make an impact. These tips can help set you up for continued success.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
8 Keys to a Successful Penetration Test
Curtis Franklin Jr., Senior Editor at Dark Reading
Pen tests are expensive, but there are key factors that can make them worth the investment.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
The Security Costs of Cloud-Native Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Websites Attack Attempts Rose in Q2
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New data shows hackers hit websites, on average, every 25 minutes.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Bomgar Buys BeyondTrust
Dark Reading Staff, Quick Hits
The companies join forces to broaden their privileged access management portfolio and will take on the BeyondTrust name.
By Dark Reading Staff , 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Increasingly Vulnerable Software Supply Chain
Thomas Etheridge, Vice President of Services, CrowdStrikeCommentary
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
By Thomas Etheridge Vice President of Services, CrowdStrike, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
Modular Malware Brings Stealthy Attacks to Former Soviet States
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new malware technique is making phishing attacks harder to spot when they succeed.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
New Study Details Business Benefits of Biometrics
Dark Reading Staff, Quick Hits
Biometric authentication can be good for security and for business, according to a new study from Goode Intelligence
By Dark Reading Staff , 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Mobile Attack Rates Up 24% Globally, 44% in US
Dark Reading Staff, Quick Hits
One-third of all fraud targets are mobile, a growing source of all digital transactions.
By Dark Reading Staff , 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Foreshadow, SGX & the Failure of Trusted Execution
Yehuda Lindell, Chief Scientist at Unbound Tech and Professor of Computer Science at Bar-Ilan UniversityCommentary
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
By Yehuda Lindell Chief Scientist at Unbound Tech and Professor of Computer Science at Bar-Ilan University, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
New 'Fallout' EK Brings Return of Old Ransomware
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/10/2018
Comment0 comments  |  Read  |  Post a Comment
Three Trend Micro Apps Caught Collecting MacOS User Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.
By Kelly Sheridan Staff Editor, Dark Reading, 9/10/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634
PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.