Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter
Jai Vijayan, Contributing WriterNews
Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security.
By Jai Vijayan Contributing Writer, 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
The Data Problem in Security
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
New Intel Vulnerabilities Bring Fresh CPU Attack Dangers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Introducing the Digital Transformation Architect
Jordan Blake, VP of Products at BehavioSecCommentary
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
By Jordan Blake VP of Products at BehavioSec, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Website Attack Attempts Rose by 69% in 2018
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Millions of websites have been compromised, but the most likely malware isn't cyptomining: it's quietly stealing files and redirecting traffic, a new Sitelock report shows.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
Robert Lemos, Contributing WriterNews
A single flaw allowed attackers thought to be linked to a government to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
By Robert Lemos Contributing Writer, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Effective Pen Tests Follow These 7 Steps
Curtis Franklin Jr., Senior Editor at Dark Reading
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
How We Collectively Can Improve Cyber Resilience
Todd Weller, Chief Strategy Officer at Bandura CyberCommentary
Three steps you can take, based on Department of Homeland Security priorities.
By Todd Weller Chief Strategy Officer at Bandura Cyber, 5/10/2019
Comment0 comments  |  Read  |  Post a Comment
Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/7/2019
Comment1 Comment  |  Read  |  Post a Comment
Password Reuse, Misconfiguration Blamed for Repository Compromises
Robert Lemos, Contributing WriterNews
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.
By Robert Lemos Contributing Writer, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
Trust the Stack, Not the People
John De Santis, CEO, HyTrustCommentary
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
By John De Santis CEO, HyTrust, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
Misconfigured Ladders Database Exposed 13M User Records
Dark Reading Staff, Quick Hits
Job-hunting site Ladders leaves job seeker data exposed on the Internet.
By Dark Reading Staff , 5/2/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Depends on Careful Design
Susanto Irwan, Co-Founder and VP of Engineering at Xage SecurityCommentary
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
By Susanto Irwan Co-Founder and VP of Engineering at Xage Security, 5/2/2019
Comment0 comments  |  Read  |  Post a Comment
Real-World Use, Risk of Open Source Code
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Organizations are using more open source software than ever before, but managing that code remains a challenge.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/2/2019
Comment0 comments  |  Read  |  Post a Comment
Staffing the Software Security Team: Who You Gonna Call?
Steve Lipner, Executive Director, SAFECodeCommentary
Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here's why.
By Steve Lipner Executive Director, SAFECode, 5/1/2019
Comment0 comments  |  Read  |  Post a Comment
Digital Transformation Exposes Operational Technology & Critical Infrastructure
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The convergence of OT and IP-based IT networks makes society more vulnerable, requiring CISOs to rethink defense.
By Marc Wilczek Digital Strategist & CIO Advisor, 5/1/2019
Comment1 Comment  |  Read  |  Post a Comment
Confluence Vulnerability Opens Door to GandCrab
Dark Reading Staff, Quick Hits
An exploit of the vulnerability offers attackers a ransomware surface that doesn't need email.
By Dark Reading Staff , 4/30/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls
Kelly Sheridan, Staff Editor, Dark ReadingNews
New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.
By Kelly Sheridan Staff Editor, Dark Reading, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
Peer-to-Peer Vulnerability Exposes Millions of IoT Devices
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A flaw in the software used to remotely access cameras and monitoring devices could allow hackers to easily take control of millions of pieces of the IoT.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/29/2019
Comment0 comments  |  Read  |  Post a Comment
Unknown, Unprotected Database Exposes Info on 80 Million US Households
Dark Reading Staff, Quick Hits
A database with no login required has been found to contain names, addresses, age, and more for over 80 million U.S. households.
By Dark Reading Staff , 4/29/2019
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by reducefat2
Current Conversations This is good
In reply to: hi
Post Your Own Reply
More Conversations
PR Newswire
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Artist Uses Malware in Installation
Dark Reading Staff 5/17/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12198
PUBLISHED: 2019-05-20
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
CVE-2019-12185
PUBLISHED: 2019-05-20
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web r...
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.