News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
Phantom Secure 'Uncrackable Phone' Execs Indicted for RICO Crimes
Quick Hits  |  3/16/2018
Executives of Phantom Secure have been indicted on federal RICO charges for encrypting communications among criminals.
The Containerization of Artificial Intelligence
Commentary  |  3/16/2018
AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.
Cryptojacking Threat Continues to Rise
News  |  3/15/2018
Unauthorized cryptocurrency mining can consume processing power and make apps unavailable as well as lead to other malware.
Online Ads vs. Security: An Invisible War
Commentary  |  3/15/2018
Why visiting one website is like visiting 50, and how you can fight back against malvertisers.
Palo Alto Buys to Secure the Cloud
News  |  3/15/2018
The $300 million deal is part of an industry-wide consolidation of cloud, data, and network security companies.
Segmentation: The Neglected (Yet Essential) Control
Commentary  |  3/14/2018
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
Electric Utility Hit with Record Fine for Vulnerabilities
Quick Hits  |  3/14/2018
An unnamed power company has consented to a record fine for leaving critical records exposed.
A Secure Enterprise Starts with a Cyber-Aware Staff
Commentary  |  3/14/2018
An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
Microsoft Remote Access Protocol Flaw Affects All Windows Machines
News  |  3/13/2018
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network.
What's the C-Suite Doing About Mobile Security?
Commentary  |  3/13/2018
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
CyberArk Buys Vaultive for Privileged Account Security Technology
Quick Hits  |  3/12/2018
The account security firm will use Vaultive's tech to protect privileged users at heightened risk for cyberattacks.
DevSecOps: The Importance of Building Security from the Beginning
Commentary  |  3/9/2018
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
McAfee Closes Acquisition of VPN Provider TunnelBear
Quick Hits  |  3/8/2018
This marks McAfee's second acquisition since its spinoff from Intel last year.
Cybersecurity Gets Added to the M&A Lexicon
Commentary  |  3/8/2018
Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.
Why Security-Driven Companies Are More Successful
Commentary  |  3/7/2018
Software Security Masters are better at handling application development security and show much higher growth than their peers. Here's how to become one.
Identity Management: Where It Stands, Where It's Going
News  |  3/6/2018
How companies are changing the approach to identity management as people become increasingly digital.
Connected Cars Pose New Security Challenges
Commentary  |  3/6/2018
The auto industry should seize the opportunity and get in front of this issue.
Second Ransomware Round Hits Colorado DOT
Quick Hits  |  3/6/2018
A variant of SamSam sends CDOT employees back to pen and paper with two attack waves in two weeks.
More Security Vendors Putting 'Skin in the Game'
News  |  3/5/2018
Secure messaging and collaboration provider Wickr now publicly shares security testing details of its software.
A Secure Development Approach Pays Off
Commentary  |  3/2/2018
Software security shouldn't be an afterthought. That's why the secure software development life cycle deserves a fresh look.
'Chafer' Uses Open Source Tools to Target Iran's Enemies
News  |  3/1/2018
Symantec details operations of Iranian hacking group mainly attacking air transportation targets in the Middle East.
Phishers Target Social Media
News  |  3/1/2018
Financial institutions still the number one target, according to a new report by RiskIQ.
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
March Dark Reading Event Calendar Spans BlackOps to SecDevOps
Commentary  |  2/27/2018
These upcoming webinars will help you comprehend the mysterious machinations inside the minds of hackers and in-house developers.
SAML Flaw Lets Hackers Assume Users' Identities
News  |  2/27/2018
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Security Starts with the User Experience
Commentary  |  2/27/2018
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018
Expect more as the year goes on: more breaches, more IoT attacks, more fines
93% of Cloud Applications Aren't Enterprise-Ready
News  |  2/23/2018
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Commentary  |  2/20/2018
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
Vulnerabilities Broke Records Yet Again in 2017
News  |  2/20/2018
Meanwhile, organizations still struggle to manage remediation.
Democracy & DevOps: What Is the Proper Role for Security?
Commentary  |  2/15/2018
Security experts need a front-row seat in the application development process but not at the expense of the business.
Oracle Buys Zenedge for Cloud Security
Quick Hits  |  2/15/2018
Oracle announces its acquisition of Zenedge, which focuses on cloud-based network and infrastructure security.
From DevOps to DevSecOps: Structuring Communication for Better Security
Commentary  |  2/15/2018
A solid approach to change management can help prevent problems downstream.
Fileless Malware: Not Just a Threat, but a Super-Threat
Commentary  |  2/14/2018
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
One in Three SOC Analysts Now Job-Hunting
News  |  2/12/2018
The more experienced a SOC analyst gets, the more his or her job satisfaction declines, a new survey of security operations center staffers shows.
Google Paid $2.9M for Vulnerabilities in 2017
News  |  2/9/2018
The Google Vulnerability Reward Program issued a total of 1,230 rewards in 2017. The single largest payout was $112,500.
Ticking Time Bombs in Your Data Center
Commentary  |  2/7/2018
The biggest security problems inside your company may result from problems it inherited.
Security vs. Speed: The Risk of Rushing to the Cloud
News  |  2/6/2018
Companies overlook critical security steps as they move to adopt the latest cloud applications and services.
AutoSploit: Mass Exploitation Just Got a Lot Easier
Commentary  |  2/6/2018
But the response to the new hacking tool, now readily available to the masses of script kiddies, has been a mix of outrage, fear, some applause, and more than a few shrugs.
APIs Pose 'Mushrooming' Security Risk
News  |  2/2/2018
As APIs grow in prominence, top security concerns include bots and authentication.
Adobe to Patch Flash Zero-Day Discovered in South Korean Attacks
News  |  2/1/2018
Critical use-after-free vulnerability being used in targeted attacks.
Poor Visibility, Weak Passwords Compromise Active Directory
News  |  2/1/2018
Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.
Securing Cloud-Native Apps
Commentary  |  2/1/2018
A useful approach for securing cloud-native platforms can be adapted for securing apps running on top of the platform as well.
Lieberman Software Acquired by Bomgar
Quick Hits  |  2/1/2018
Deal combines privileged access management products, technologies.
700,000 Bad Apps Deleted from Google Play in 2017
Quick Hits  |  1/31/2018
Google rejected 99% of apps with abusive content before anyone could install them, according to a 2017 security recap.
5 Questions to Ask about Machine Learning
Commentary  |  1/31/2018
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Breach-Proofing Your Data in a GDPR World
Commentary  |  1/30/2018
Here are six key measures for enterprises to prioritize over the next few months.
RELX Group Agrees to Buy ThreatMetrix for 580M Cash
Quick Hits  |  1/29/2018
Authentication firm ThreatMetrix will become part of Risk & Business Analytics under the LexisNexis Risk Solutions brand.
Page 1 / 2   >   >>

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.