Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
7 Steps to IoT Security in 2020
Curtis Franklin Jr., Senior Editor at Dark Reading
There are important steps security teams should take to be ready for the evolving security threats to the IoT in 2020.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/24/2020
Comment0 comments  |  Read  |  Post a Comment
Eight Flaws in MSP Software Highlight Potential Ransomware Vector
Robert Lemos, Contributing WriterNews
An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.
By Robert Lemos Contributing Writer, 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
Configuration Error Reveals 250 Million Microsoft Support Records
Dark Reading Staff, Quick Hits
Some the records, found on five identically configured servers, might have contained data in clear text.
By Dark Reading Staff , 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
Startup Privafy Raises $22M with New Approach to Network Security
Dark Reading Staff, Quick Hits
The company today disclosed an approach to data security designed to protect against modern threats at a lower cost than complex network tools.
By Dark Reading Staff , 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft, DHS Warn of Zero-Day Attack Targeting IE Users
Robert Lemos, Contributing WriterNews
Software firm is "aware of limited targeted attacks" exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed.
By Robert Lemos Contributing Writer, 1/21/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Upgrades with Credential-Stealing Tricks
Dark Reading Staff, Quick Hits
The latest version of the FTCode ransomware can steal credentials from five popular browsers and email clients.
By Dark Reading Staff , 1/21/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading
Looking to switch things up but not sure how to do it? Security experts share their advice for switching career paths in the industry.
By Kelly Sheridan Staff Editor, Dark Reading, 1/21/2020
Comment1 Comment  |  Read  |  Post a Comment
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 1/17/2020
Comment3 comments  |  Read  |  Post a Comment
FBI Seizes Domain That Sold Info Stolen in Data Breaches
Dark Reading Staff, Quick Hits
The website, WeLeakData.com, claimed to have more than 12 billion records gathered from over 10,000 breaches.
By Dark Reading Staff , 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
Massive Oracle Patch Reverses Company's Trend Toward Fewer Flaws
Robert Lemos, Contributing WriterNews
Following a year that saw the fewest number of vulnerabilities reported since 2015, Oracle's latest quarterly patch fixes nearly 200 new vulnerabilities.
By Robert Lemos Contributing Writer, 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment1 Comment  |  Read  |  Post a Comment
Why Firewalls Aren't Going Anywhere
Ruvi Kitov, Chairman, CEO and Co-Founder, TufinCommentary
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
By Ruvi Kitov Chairman, CEO and Co-Founder, Tufin, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
ISACs Join Forces to Secure the Travel Industry
Dark Reading Staff, Quick Hits
Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.
By Dark Reading Staff , 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Windows Vuln Discovered by the NSA
Kelly Sheridan, Staff Editor, Dark ReadingNews
The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
By Kelly Sheridan Staff Editor, Dark Reading, 1/14/2020
Comment1 Comment  |  Read  |  Post a Comment
'Fancy Bear' Targets Ukrainian Oil Firm Burisma in Phishing Attack
Dark Reading Staff, Quick Hits
The oil & gas company is at the heart of the ongoing US presidential impeachment case.
By Dark Reading Staff , 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
Processor Vulnerabilities Put Virtual Workloads at Risk
Marc Laliberte, Senior Security Analyst, WatchGuard TechnologiesCommentary
Meltdown, Spectre exploits will likely lead to customers making tradeoffs between performance and security of applications, especially virtual and cloud-based apps
By Marc Laliberte Senior Security Analyst, WatchGuard Technologies, 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
How to Keep Security on Life Support After Software End-of-Life
Joan Goodchild, Contributing Writer
It's the end of support this week for Windows 7 and Server 2008. But what if you truly can't migrate off software, even after security updates stop coming?
By Joan Goodchild Contributing Writer, 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark ReadingNews
Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.
By Kelly Sheridan Staff Editor, Dark Reading, 1/13/2020
Comment2 comments  |  Read  |  Post a Comment
Website Collecting Australian Fire Donations Hit by Magecart
Dark Reading Staff, Quick Hits
The attack may have compromised donors' payment information.
By Dark Reading Staff , 1/13/2020
Comment0 comments  |  Read  |  Post a Comment
Synopsys Buys Tinfoil
Dark Reading Staff, Quick Hits
Tinfoil Security's dynamic application and API security testing capabilities will be added to Synopsys Software Integrity Group.
By Dark Reading Staff , 1/10/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7981
PUBLISHED: 2020-01-25
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
CVE-2019-0141
PUBLISHED: 2020-01-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-7596
PUBLISHED: 2020-01-25
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.
CVE-2020-7980
PUBLISHED: 2020-01-25
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.
CVE-2012-6613
PUBLISHED: 2020-01-25
D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.