Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing WriterNews
Mobile providers don't often update users when applications are not supported by developers, security firm says.
By Robert Lemos Contributing Writer, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Digital Distancing with Microsegmentation
Trevor Pott, Product Marketing Director at Juniper NetworksCommentary
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.
By Trevor Pott Product Marketing Director at Juniper Networks, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
Zscaler Buys Edge Networks
Dark Reading Staff, Quick Hits
The acquisition is Zscaler's second major buy this quarter.
By Dark Reading Staff , 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
GitHub Supply Chain Attack Uses Octopus Scanner Malware
Kelly Sheridan, Staff Editor, Dark ReadingNews
Octopus Scanner is a new malware used to compromise 26 open source projects in a massive GitHub supply chain attack.
By Kelly Sheridan Staff Editor, Dark Reading, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosures Drop in Q1 for First Time in a Decade
Robert Lemos, Contributing WriterNews
Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.
By Robert Lemos Contributing Writer, 5/28/2020
Comment0 comments  |  Read  |  Post a Comment
Security 101: SQL Injection
Curtis Franklin Jr., Senior Editor at Dark Reading
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/27/2020
Comment0 comments  |  Read  |  Post a Comment
StrandHogg 2.0 Emerges as 'Evil Twin' to Android Threat
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, which exists in almost every version of Android, is both more dangerous and harder to detect than its predecessor.
By Kelly Sheridan Staff Editor, Dark Reading, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
Americans Care About Security But Don't Follow Through
Dark Reading Staff, Quick Hits
Most Americans say they're very concerned about online security but still behave in insecure ways, according to a new survey.
By Dark Reading Staff , 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, PanaseerCommentary
Any notion that AI is going to solve the cyber skills crisis is very wide of the mark. Here's why.
By Dr. Leila Powell Lead Security Data Scientist, Panaseer, 5/26/2020
Comment2 comments  |  Read  |  Post a Comment
Content Delivery Networks Adding Checks for Magecart Attacks
Robert Lemos, Contributing WriterNews
Modern web applications make significant use of third-party code to drive innovation, but the software supply chain has also turned into a major source of threat. CDNs aim to change that.
By Robert Lemos Contributing Writer, 5/26/2020
Comment0 comments  |  Read  |  Post a Comment
5 Tips for Fighting Credential Stuffing Attacks
Joan Goodchild, Contributing Writer
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
By Joan Goodchild Contributing Writer, 5/22/2020
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Edge Cybersecurity Crossword Puzzle, May 22th
Edge Editors, Dark Reading
Have a hard time coming up with the answers to these puzzle questions? We know a great place to look for more clues...
By Edge Editors Dark Reading, 5/22/2020
Comment1 Comment  |  Read  |  Post a Comment
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2020
Comment2 comments  |  Read  |  Post a Comment
Security 101: Cross-Site Scripting
Curtis Franklin Jr., Senior Editor at Dark Reading
Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Hackers Serve Up Stolen Credentials from Home Chef
Dark Reading Staff, Quick Hits
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
By Dark Reading Staff , 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens
Robert Lemos, Contributing WriterNews
The long debate over whether encryption and anonymity shield too much criminal behavior also has staged a resurgence.
By Robert Lemos Contributing Writer, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
60% of Insider Threats Involve Employees Planning to Leave
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
By Kelly Sheridan Staff Editor, Dark Reading, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Digital Transformation Risks in Front-end Code
Ido Safruti, Co-founder & CTO, PerimeterXCommentary
Why making every front-end developer a DevSecOps expert will lead to a more holistic approach to web and native application security.
By Ido Safruti Co-founder & CTO, PerimeterX, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say
Robert Lemos, Contributing WriterNews
As COVID-19-themed spam rises, phishingnot so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.
By Robert Lemos Contributing Writer, 5/20/2020
Comment0 comments  |  Read  |  Post a Comment
Unpatched Open Source Libraries Leave 71% of Apps Vulnerable
Robert Lemos, Contributing WriterNews
PHP and JavaScript developers need to pay close attention because different languages and frameworks have different rates of vulnerability, research finds.
By Robert Lemos Contributing Writer, 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by EdWelsh
Current Conversations Very interesting)
In reply to: Great!
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.