Application Security

News & Commentary
Trump Makes US Cyber Command an Official Combat Arm
Dark Reading Staff, Quick Hits
Move seen as step one in spinning off the command from the NSA.
By Dark Reading Staff , 8/21/2017
Comment1 Comment  |  Read  |  Post a Comment
The Pitfalls of Cyber Insurance
Chris McDaniels, Chief Information Security Officer of Mosaic451Commentary
Cyber insurance is 'promising' but it won't totally protect your company against hacks.
By Chris McDaniels Chief Information Security Officer of Mosaic451, 8/21/2017
Comment2 comments  |  Read  |  Post a Comment
Curbing the Cybersecurity Workforce Shortage with AI
Deborah Golden, Principal, Deloitte & Touche, and Federal  Cyber-Risk LeaderCommentary
By using cognitive technologies, an organization can address the talent shortage by getting more productivity from current employees and improving processes.
By Deborah Golden Principal, Deloitte & Touche, and Federal Cyber-Risk Leader, 8/18/2017
Comment0 comments  |  Read  |  Post a Comment
70% of DevOps Pros Say They Didn't Get Proper Security Training in College
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Veracode survey shows majority of DevOps pros mostly learn on the job about security.
By Dawn Kawamoto Associate Editor, Dark Reading, 8/17/2017
Comment2 comments  |  Read  |  Post a Comment
Kill Switches, Vaccines & Everything in Between
Marta Janus, Senior Principal Threat Researcher at Cylance Inc.Commentary
The language can be a bit fuzzy at times, but there are real differences between the various ways of disabling malware.
By Marta Janus Senior Principal Threat Researcher at Cylance Inc., 8/17/2017
Comment1 Comment  |  Read  |  Post a Comment
Cerber Fights Anti-Ransomware Tools
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Deception technology is the popular ransomware's latest target.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/16/2017
Comment0 comments  |  Read  |  Post a Comment
Discover a Data Breach? Try Compassion First
Daniel Schwalbe, Deputy Chief Information Security Officer, Farsight  Security, Inc.Commentary
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
By Daniel Schwalbe Deputy Chief Information Security Officer, Farsight Security, Inc., 8/16/2017
Comment0 comments  |  Read  |  Post a Comment
Server Management Software Discovered Harboring Backdoor
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
ShadowPad backdoor found embedded in a software product used by major organizations around the globe to manage their Linux, Windows, and Unix servers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/15/2017
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity: The Responsibility of Everyone
Ger Daly & Kevin O'Brien, Senior Managing Director, Defense and Public  Safety, Accenture Global & Senior Managing Director,  Defense and Public Safety, Accenture GlobalCommentary
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
By Ger Daly & Kevin O'Brien Senior Managing Director, Defense and Public Safety, Accenture Global & Senior Managing Director, Defense and Public Safety, Accenture Global, 8/15/2017
Comment0 comments  |  Read  |  Post a Comment
What CISOs Need to Know about the Psychology behind Security Analysis
Kumar Saurabh, CEO and co-founder of LogicHubCommentary
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
By Kumar Saurabh CEO and co-founder of LogicHub, 8/14/2017
Comment0 comments  |  Read  |  Post a Comment
SonicSpy Authors Spin Out Over 1,000 Spyware Apps
Dark Reading Staff, Quick Hits
The actors behind this new malware family created a sizable selection of malicious apps in just over seven months, some of which appeared on Google Play.
By Dark Reading Staff , 8/10/2017
Comment1 Comment  |  Read  |  Post a Comment
Taking Down the Internet Has Never Been Easier
Bogdan Botezatu, Senior E-threat Analyst, BitdefenderCommentary
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
By Bogdan Botezatu Senior E-threat Analyst, Bitdefender, 8/10/2017
Comment0 comments  |  Read  |  Post a Comment
Carbon Black Refutes Claims of Flaw in its EDR Product
Jai Vijayan, Freelance writerNews
Endpoint security firm responds to DirectDefense's report, noting that the information was shared voluntarily via a feature in the product that comes disabled by default.
By Jai Vijayan Freelance writer, 8/9/2017
Comment0 comments  |  Read  |  Post a Comment
Uptick in Malware Targets the Banking Community
Geoffrey Pamerleau, senior ethical hacker, Threat  Resistance Unit, ArmorCommentary
A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?
By Geoffrey Pamerleau senior ethical hacker, Threat Resistance Unit, Armor, 8/9/2017
Comment0 comments  |  Read  |  Post a Comment
Automating Defenses Against Assembly-Line Attacks
Derek Manky, Global Security Strategist, FortinetCommentary
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
By Derek Manky Global Security Strategist, Fortinet, 8/8/2017
Comment0 comments  |  Read  |  Post a Comment
Are Third-Party Services Ready for the GDPR?
Hadar Blutrich, CEO of Source DefenseCommentary
Third-party scripts are likely to be a major stumbling block for companies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.
By Hadar Blutrich CEO of Source Defense, 8/4/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Security Put to the Test at Black Hat, DEF CON
Kelly Sheridan, Associate Editor, Dark ReadingNews
Researchers at both conferences demonstrated workarounds and flaws in applications and services including Office 365, PowerShell, Windows 10, Active Directory and Windows BITs.
By Kelly Sheridan Associate Editor, Dark Reading, 8/1/2017
Comment2 comments  |  Read  |  Post a Comment
Digital Crime-Fighting: The Evolving Role of Law Enforcement
Travis Farral, Director of Security Strategy​ ​at AnomaliCommentary
Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.
By Travis Farral Director of Security Strategy​ ​at Anomali, 8/1/2017
Comment2 comments  |  Read  |  Post a Comment
DevOps Security & the Culture of 'Yes'
Michael Feiertag, CEO and Co-Founder, tCellCommentary
Communication, collaboration, and the use of production data to drive decisions are essential for security work in a DevOps world.
By Michael Feiertag CEO and Co-Founder, tCell, 7/31/2017
Comment1 Comment  |  Read  |  Post a Comment
Facebook Offers $1 Million for New Security Defenses
Dawn Kawamoto, Associate Editor, Dark ReadingNews
The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/26/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.