Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
Towns Across Texas Hit in Coordinated Ransomware Attack
Robert Lemos, Contributing WriterNews
The state government and cybersecurity groups have mobilized to respond to a mass ransomware attack that simultaneously hit 23 different towns statewide.
By Robert Lemos Contributing Writer, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Tough Love: Debunking Myths about DevOps & Security
Jeff Williams, CTO, Contrast SecurityCommentary
It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.
By Jeff Williams CTO, Contrast Security, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
By Kelly Sheridan Staff Editor, Dark Reading, 8/16/2019
Comment1 Comment  |  Read  |  Post a Comment
European Central Bank Website Hit by Malware Attack
Dark Reading Staff, Quick Hits
The website was infected with malware that stole information on subscribers to a bank newsletter.
By Dark Reading Staff , 8/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Behind the Scenes at ICS Village
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
ICS Village co-founder Bryson Bort reveals plans for research-dedicated events that team independent researchers, critical infrastructure owners, and government specialists.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/16/2019
Comment0 comments  |  Read  |  Post a Comment
NSA Researchers Talk Development, Release of Ghidra SRE Tool
Kelly Sheridan, Staff Editor, Dark ReadingNews
NSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework.
By Kelly Sheridan Staff Editor, Dark Reading, 8/15/2019
Comment0 comments  |  Read  |  Post a Comment
Adware, Trojans Hit Education Sector Hard
Robert Lemos, Contributing WriterNews
Students continue to be weak links for schools and universities, according to data from security firm Malwarebytes.
By Robert Lemos Contributing Writer, 8/15/2019
Comment0 comments  |  Read  |  Post a Comment
New Research Finds More Struts Vulnerabilities
Dark Reading Staff, Quick Hits
Despite aggressive updating and patching, many organizations are still using versions of Apache Struts with known -- and new -- vulnerabilities.
By Dark Reading Staff , 8/15/2019
Comment0 comments  |  Read  |  Post a Comment
Financial Phishing Grows in Volume and Sophistication in First Half of 2019
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Criminals are using the tools intended to protect consumers to attack them through techniques that are becoming more successful with each passing month.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/14/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Try to Evade Defenses with Smaller DDoS Floods, Probes
Robert Lemos, Contributing WriterNews
Cybercriminals are initiating more attacks using low-bandwidth techniques, but the tactics expand the gray area between DDoS attacks and popular methods of mass scanning.
By Robert Lemos Contributing Writer, 8/14/2019
Comment0 comments  |  Read  |  Post a Comment
BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints
Dark Reading Staff, Quick Hits
Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.
By Dark Reading Staff , 8/14/2019
Comment1 Comment  |  Read  |  Post a Comment
Microservices Flip App Security on Its Head
Jonathan DiVincenzo, Head of Product at Signal SciencesCommentary
With faster application deployment comes increased security considerations.
By Jonathan DiVincenzo Head of Product at Signal Sciences, 8/14/2019
Comment0 comments  |  Read  |  Post a Comment
Orgs Doing More App Security Testing but Fixing Fewer Vulns
Jai Vijayan, Contributing WriterNews
On average, US organizations took nearly five months to fix critical vulnerabilities according to WhiteHat Security's annual vulnerability report.
By Jai Vijayan Contributing Writer, 8/13/2019
Comment0 comments  |  Read  |  Post a Comment
Moving on Up: Ready for Your Apps to Live in the Cloud?
Kacy Zurkus, Contributing Writer
Among the complications: traditional security tools work poorly or not at all in the cloud, and if a company screws up, the whole Internet will know.
By Kacy Zurkus Contributing Writer, 8/13/2019
Comment0 comments  |  Read  |  Post a Comment
More Focus on Security as Payment Technologies Proliferate
Robert Lemos, Contributing WriterNews
Banks and merchants are expanding their payment offerings but continue to be wary of the potential fraud risk.
By Robert Lemos Contributing Writer, 8/12/2019
Comment0 comments  |  Read  |  Post a Comment
6 Security Considerations for Wrangling IoT
Prabhuram Mohan, Senior Director of Engineering at WhiteHat SecurityCommentary
The Internet of Things isn't going away, so it's important to be aware of the technology's potential pitfalls.
By Prabhuram Mohan Senior Director of Engineering at WhiteHat Security, 8/12/2019
Comment0 comments  |  Read  |  Post a Comment
Significant Vulnerabilities Found in 6 Common Printer Brands
Robert Lemos, Contributing WriterNews
In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution.
By Robert Lemos Contributing Writer, 8/9/2019
Comment0 comments  |  Read  |  Post a Comment
How Behavioral Data Shaped a Security Training Makeover
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new program leveraged behavioral data of employees to determine when they excelled at security and where they needed improvement.
By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2019
Comment0 comments  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2019
Sara Peters, Senior Editor at Dark ReadingNews
Watch right here for 40 video interviews with speakers and sponsors. Streaming live from Black Hat USA Wednesday and Thursday 2 p.m. to 6 p.m. Eastern.
By Sara Peters Senior Editor at Dark Reading, 8/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Yes, FaceApp Really Could Be Sending Your Data to Russia
Marc Rogers, Executive Director of Cybersecurity, OktaCommentary
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.
By Marc Rogers Executive Director of Cybersecurity, Okta, 8/8/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by allenred
Current Conversations nice post
In reply to: cyber security
Post Your Own Reply
Posted by christie446
Current Conversations it very funny
In reply to: woa
Post Your Own Reply
More Conversations
PR Newswire
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15237
PUBLISHED: 2019-08-20
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
CVE-2019-15228
PUBLISHED: 2019-08-20
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.
CVE-2019-15229
PUBLISHED: 2019-08-20
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
CVE-2019-15231
PUBLISHED: 2019-08-20
Webmin 1.890, in a default installation, contains a backdoor that allows an unauthenticated attacker to remotely execute commands. This is different from CVE-2019-15107. NOTE: as of 2019-08-19, the vendor reports that "at some point" malicious code was inserted into their build infrastruct...
CVE-2019-15232
PUBLISHED: 2019-08-20
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.