Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
Malware in PyPI Code Shows Supply Chain Risks
News  |  7/19/2019  | 
A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories.
Security Lessons From a New Programming Language
News  |  7/18/2019  | 
A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process.
A Password Management Report Card
Commentary  |  7/17/2019  | 
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
Security Snapshot: OS, Authentication, Browser & Cloud Trends
News  |  7/16/2019  | 
New research shows cloud apps are climbing, SMS authentication is falling, Chrome is the enterprise browser favorite, and Android leads outdated devices.
Symantec Builds Out Cloud Portfolio to Enforce 'Zero Trust'
Quick Hits  |  7/16/2019  | 
New additions to its Integrated Cyber Defense Platform aim to give businesses greater control over access to cloud resources and applications.
Flaws in Telegram & WhatsApp on Android Put Data at Risk
News  |  7/15/2019  | 
App settings combined with Android behavior can put data integrity at risk for WhatsApp and Telegram users.
FTC Reportedly Ready to Sock Facebook with Record $5 Billion Fine
Quick Hits  |  7/15/2019  | 
The fine, for the social media giant's role in the Cambridge Analytica scandal, would be the largest ever against a tech company.
Software Developers Face Secure Coding Challenges
News  |  7/15/2019  | 
Seven in ten developers are expected to write secure code, but less than half receive feedback on security, a survey finds.
Where Businesses Waste Endpoint Security Budgets
Slideshows  |  7/15/2019  | 
Too many systems, failure to test tools, and fear of replacement drive endpoint complexity and render products less effective.
German Schools Ban Office 365, Cite Privacy Concerns
Quick Hits  |  7/12/2019  | 
The ruling follows years of debate over whether German schools and institutions should use Microsoft tools and services.
Competing Priorities Mean Security Risks for Small Businesses
Quick Hits  |  7/12/2019  | 
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.
Data Center Changes Push Cyber Risk to Network's Edge
News  |  7/11/2019  | 
Changes in fundamental enterprise architectures coupled with shifts in human resources mean that companies are considering new risks to their infrastructure.
Monroe College Hit with Ransomware Attack
Quick Hits  |  7/11/2019  | 
All campuses are affected, with attackers demanding $2 million in Bitcoin in exchange for decryption keys.
The Security of Cloud Applications
Commentary  |  7/11/2019  | 
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
Financial Firms Face Threats from Employee Mobile Devices
News  |  7/10/2019  | 
A new report says that phishing and man-in-the-middle attacks are major risks to financial institutions - via mobile devices in the hands of their employees.
Why You Need a Global View of IT Assets
Commentary  |  7/10/2019  | 
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
Intel Releases Updates for Storage & Diagnostic Tools
Quick Hits  |  7/10/2019  | 
CISA released an alert telling users about the updates to firmware in Intel SSD and Processor Diagnostic products.
Organizations Are Adapting Authentication for Cloud Applications
News  |  7/9/2019  | 
Companies see the changing demands of cloud identity management but are mixed in their responses to those demands.
Financial Impact of Cybercrime Exceeded $45B in 2018
News  |  7/9/2019  | 
Cybersecurity analysts explore a range of industry research to examine trends around cyber incidents and their financial impact.
Microsoft Patches Zero-Day Vulnerabilities Under Active Attack
News  |  7/9/2019  | 
Microsoft issued fixes for 77 unique vulnerabilities this Patch Tuesday, including two zero-day privilege escalation vulnerabilities seen exploited in the wild.
What the AppSec Penetration Test Found
News  |  7/9/2019  | 
New data drills down on the types of security misconfigurations and challenges dogging application developers.
DevOps' Inevitable Disruption of Security Strategy
News  |  7/9/2019  | 
Black Hat USA programming will dive into the ways DevOps-driven shifts in practices and tools are introducing both new vulnerabilities and new ways of securing enterprises.
Android App Publishers Won't Take 'No' for an Answer on Personal Data
News  |  7/8/2019  | 
Researchers find more than 1,000 apps in the Google Play store that gather personal data even when the user has denied permission.
NIST Sets Draft Guidelines for Government AI
Quick Hits  |  7/8/2019  | 
This is the first formal step in writing the standards that will guide the implementation of AI technologies within the federal government.
Intelligent Authentication Market Grows to Meet Demand
News  |  7/5/2019  | 
Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance.
D-Link Agrees to Strengthen Device Security
Quick Hits  |  7/3/2019  | 
A settlement with the FTC should mean comprehensive security upgrades for D-Link routers and IP camera.
New MacOS Malware Discovered
News  |  7/2/2019  | 
A wave of new MacOS malware over the past month includes a zero-day exploit and other attack code.
The Truth About Your Software Supply Chain
Slideshows  |  7/1/2019  | 
Open source components help developers innovate faster, but they sometimes come at a high price.
MageCart Launches Customizable Campaign
News  |  6/28/2019  | 
A tool new to MageCart bolsters the group's ability to evade detection and steal data.
How Hackers Infiltrate Open Source Projects
News  |  6/27/2019  | 
The dependency trees of modern software-development make smaller open-source projects vulnerable to hackers sabotaging code.
Malware Coming to a Mac Near You? Yes, Say Security Firms
News  |  6/26/2019  | 
While the password-cracking Mimikatz took top honors, Mac-targeted malware accounted for two of the 10 most detected malware samples, according to WatchGuard.
Developers and Security Teams Under Pressure to Collaborate
News  |  6/26/2019  | 
The challenges and benefits to getting two traditionally adversarial groups on the same page.
Global Cyberattack Campaign Hit Mobile Carrier Networks
News  |  6/25/2019  | 
A nation-state group possibly out of China has attacked cell carrier networks in search of data on high-value individuals.
AWS CISO Talks Risk Reduction, Development, Recruitment
News  |  6/25/2019  | 
Steve Schmidt says limiting access to data has dramatically changed the security posture across Amazon Web Services.
AWS Makes Control Tower & Security Hub Generally Available
Quick Hits  |  6/25/2019  | 
Security Hub aims to manage security across an AWS environment; Control Tower handles security and compliance for multi-account environments.
How to Avoid Becoming the Next Riviera Beach
Commentary  |  6/25/2019  | 
Be prepared by following these five steps so you don't have to pay a ransom to get your data back.
The Rise of Silence and the Fall of Coinhive
Commentary  |  6/25/2019  | 
Cryptomining will exist as long as it remains profitable. One of the most effective ways to disrupt that activity is to make it too expensive to run cryptomining malware in your network.
Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
Commentary  |  6/24/2019  | 
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
Cyber-Risks Hiding Inside Mobile App Stores
News  |  6/21/2019  | 
As the number of blacklisted apps on Google Play continues to drop, attackers find new ways to compromise smartphones.
Startup Raises $13.7M to Stop Breaches with Behavioral Analytics
Quick Hits  |  6/21/2019  | 
TrueFort plans to use the funding to expand sales, marketing, R&D, customer support, and go-to-market initiatives.
Patrolling the New Cybersecurity Perimeter
Commentary  |  6/21/2019  | 
Remote work and other developments demand a shift to managing people rather than devices.
Florida Town Pays $600K to Ransomware Operators
News  |  6/20/2019  | 
Riviera Beach's decision to pay ransom to criminals might get files back, but it almost guarantees greater attacks against other governments.
The Hunt for Vulnerabilities
Commentary  |  6/20/2019  | 
A road map for improving the update process will help reduce the risks from vulnerabilities.
Critical Firefox Vuln Used in Targeted Attacks
Quick Hits  |  6/19/2019  | 
Mozilla has released patches for the bug reported by Coinbase.
Verizon Media, Uber, PayPal Top List of Companies Paying Bug Bounties
Quick Hits  |  6/19/2019  | 
A new report from HackerOne lists the top five companies running bug-hunting programs on the ethical hacking platform.
Serverless Computing from the Inside Out
Commentary  |  6/19/2019  | 
The biggest 'serverless' risks don't stem from the technology itself. They occur when organizations respond to the adoption from the outside in.
As Cloud Adoption Grows, DLP Remains Key Challenge
News  |  6/18/2019  | 
As businesses use the cloud to fuel growth, many fail to enforce data loss prevention or control how people share data.
Advertising Alliance Plans Protocols to Reduce Dangerous Content
Quick Hits  |  6/18/2019  | 
The Global Alliance for Responsible Media will seek ways to clamp down on dangerous and fake content.
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Commentary  |  6/18/2019  | 
It's time to reassess your open source management policies and processes.
The Life-Changing Magic of Tidying Up the Cloud
Commentary  |  6/17/2019  | 
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
Page 1 / 2   >   >>


The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10102
PUBLISHED: 2019-07-22
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: ne...
CVE-2019-10102
PUBLISHED: 2019-07-22
Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.
CVE-2019-10102
PUBLISHED: 2019-07-22
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections ...
CVE-2019-9959
PUBLISHED: 2019-07-22
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
CVE-2019-4236
PUBLISHED: 2019-07-22
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to ...