News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
Executive Branch Makes Significant Progress As DMARC Deadline Nears
News  |  9/21/2018  | 
The DHS directive on email security has an approaching deadline that most departments in the executive branch might actually meet.
Retail Sector Second-Worst Performer on Application Security
News  |  9/20/2018  | 
A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
Cryptojackers Grow Dramatically on Enterprise Networks
News  |  9/19/2018  | 
A new report shows that illicit cryptomining malware is growing by leaps and bounds on the networks of unsuspecting victims.
As Tech Drives the Business, So Do CISOs
News  |  9/19/2018  | 
Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals.
5 Steps to Success for New CISOs
Commentary  |  9/19/2018  | 
You've been hired to make an impact. These tips can help set you up for continued success.
8 Keys to a Successful Penetration Test
Slideshows  |  9/19/2018  | 
Pen tests are expensive, but there are key factors that can make them worth the investment.
The Security Costs of Cloud-Native Applications
News  |  9/18/2018  | 
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
Websites Attack Attempts Rose in Q2
News  |  9/18/2018  | 
New data shows hackers hit websites, on average, every 25 minutes.
Bomgar Buys BeyondTrust
Quick Hits  |  9/13/2018  | 
The companies join forces to broaden their privileged access management portfolio and will take on the BeyondTrust name.
The Increasingly Vulnerable Software Supply Chain
Commentary  |  9/13/2018  | 
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
Modular Malware Brings Stealthy Attacks to Former Soviet States
News  |  9/12/2018  | 
A new malware technique is making phishing attacks harder to spot when they succeed.
New Study Details Business Benefits of Biometrics
Quick Hits  |  9/12/2018  | 
Biometric authentication can be good for security and for business, according to a new study from Goode Intelligence
Mobile Attack Rates Up 24% Globally, 44% in US
Quick Hits  |  9/12/2018  | 
One-third of all fraud targets are mobile, a growing source of all digital transactions.
Foreshadow, SGX & the Failure of Trusted Execution
Commentary  |  9/12/2018  | 
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
New 'Fallout' EK Brings Return of Old Ransomware
News  |  9/10/2018  | 
The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.
Three Trend Micro Apps Caught Collecting MacOS User Data
News  |  9/10/2018  | 
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.
GAO Says Equifax Missed Flaws, Intrusion in Massive Breach
Quick Hits  |  9/10/2018  | 
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.
DevOps Demystified: A Primer for Security Practitioners
Commentary  |  9/10/2018  | 
Key starting points for those still struggling to understand the concept.
TLS 1.3 Won't Break Everything
Commentary  |  9/7/2018  | 
The newest version of TLS won't break everything in your security infrastructure, but you do need to be prepared for the changes it brings.
8 Attack Vectors Puncturing Cloud Environments
Slideshows  |  9/7/2018  | 
These methods may not yet be on your security team's radar, but given their impact, they should be.
The Best Way To Secure US Elections? Paper Ballots
News  |  9/6/2018  | 
Voting machines that do not provide a paper trail or cannot be independently audited should immediately be removed, concludes a new report from the National Academies of Sciences, Engineering, and Medicine.
7 Ways Blockchain is Being Used for Security
Slideshows  |  9/5/2018  | 
Blockchain is being used as a security tool. If you haven't thought about adopting it, you might want to reconsider your take.
PowerPool Malware Uses Windows Zero-Day Posted on Twitter
News  |  9/5/2018  | 
Researchers detected the vulnerability in an attack campaign two days after it was posted on social media.
The Weakest Security Links in the (Block)Chain
Commentary  |  9/5/2018  | 
Despite the technology's promise to transform how business is done, there are significant limitations and potential risks at the intersection of the digital and physical worlds.
Thoughts on the Latest Apache Struts Vulnerability
Commentary  |  9/5/2018  | 
CVE-2018-11776 operates at a far deeper level within the code than all prior Struts vulnerabilities. This requires a greater understanding of the Struts code itself as well as the various libraries used by Struts.
Authentication Grows Up
News  |  9/4/2018  | 
Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed.
Investor Sues AT&T for Cryptocurrency Theft Losses
Quick Hits  |  9/4/2018  | 
The victim of cybercurrency theft blames the carrier for failing its security obligations.
Lean, Mean & Agile Hacking Machine
Commentary  |  9/4/2018  | 
Hackers are thinking more like developers to evade detection and are becoming more precise in their targeting.
Machine Identities Need Protection, Too
Quick Hits  |  8/31/2018  | 
A new study shows that device identities need a level of protection that they're not getting from most organizations.
'Celebgate' Hacker Heading to Prison
Quick Hits  |  8/30/2018  | 
Connecticut man gets eight months for role in attack involving leak of personal celebrity photos, including those of actress Jennifer Lawrence.
IT Professionals Think They're Better Than Their Security
Quick Hits  |  8/29/2018  | 
More than half of professionals think they have a good shot at a successful insider attack.
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Dark Reading Videos  |  8/29/2018  | 
Although WebAssembly technology promises both better performance and better security to developers, it also creates a new risk for native exploits in the browser.
Telecommunications Industry in the Bullseye
News  |  8/29/2018  | 
New report cites higher volume and increased sophistication of threats to the sector.
Instagram Debuts New Security Tools
Quick Hits  |  8/29/2018  | 
Updates include a new feature to verify the authenticity of popular accounts and a means of integrating two-factor authentication.
Free Cybersecurity Services Offer a First Step to Securing US Elections
News  |  8/28/2018  | 
Some key security vendors - including Microsoft, Google, Cloudflare - are offering pro bono services and tools for election jurisdictions and campaigns this election season. But will it help?
PCI SSC Releases New Security Tools for Small Businesses
Quick Hits  |  8/28/2018  | 
Tool intended to help small businesses understand their risk and how well they're being addressed.
Polish Parliament Enacts National Cybersecurity System
Quick Hits  |  8/28/2018  | 
The system classifies security incidents and splits national incident response into three separate teams.
Why CISOs Should Make Friends With Their CMOs
Slideshows  |  8/27/2018  | 
A partnership between IT security and marketing could offer many benefits to each group and to the entire enterprise.
Proof-of-Concept Released for Apache Struts Vulnerability
News  |  8/27/2018  | 
Python script for easier exploitation of the flaw is now available as well on Github.
T-Mobile Hit With Customer Information Hack
Quick Hits  |  8/24/2018  | 
Approximately 2 million users said to be affected.
Half of Small Businesses Believe They're Not Cybercrime Targets
News  |  8/24/2018  | 
New SMB version of the NIST Cybersecurity Framework could help these organizations properly assess and respond to their security risks.
Modular Downloaders Could Pose New Threat for Enterprises
News  |  8/24/2018  | 
Proofpoint says it has recently discovered two downloaders that let attackers modify malware after it has been installed on a system.
New Apache Struts Vulnerability Leaves Major Websites Exposed
News  |  8/23/2018  | 
The vulnerability, found in Struts' core functionality, could be more critical than the one involved in last year's Equifax breach.
6 Reasons Security Awareness Programs Go Wrong
Slideshows  |  8/23/2018  | 
While plenty of progress has been made on the training front, there's still some work ahead in getting the word out and doing so effectively.
Embedding Security into the DevOps Toolchain
Commentary  |  8/23/2018  | 
Security teams need to let go of the traditional security stack, stop fighting DevOps teams, and instead jump in right beside them.
Turla Threat Group Uses Email PDF Attachments to Control Stealthy Backdoor
News  |  8/23/2018  | 
The Russian-speaking group's latest tactic is the only known case of malware that's completely controllable via email, researchers at ESET say.
It Takes an Average 38 Days to Patch a Vulnerability
News  |  8/22/2018  | 
Analysis of 316 million-plus security incidents uncovers most common types of real-world attacks taking place within in-production Web apps in the AWS and Azure cloud ecosystems.
Adobe Software at Center of Two Vulnerability Disclosures
News  |  8/22/2018  | 
Newly discovered Photoshop and Ghostscript vulnerabilities allow remote code execution.
How Threats Increase in Internet Time
News  |  8/21/2018  | 
Cybercrime incidents and costs increase with each passing minute on the Internet.
Clinging to TLS 1.0 Puts Sites Outside PCI DSS Compliance
Quick Hits  |  8/21/2018  | 
More than half of organizations could be out of compliance, new research shows.
Page 1 / 2   >   >>


WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17321
PUBLISHED: 2018-09-22
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
CVE-2018-17322
PUBLISHED: 2018-09-22
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
CVE-2018-14889
PUBLISHED: 2018-09-21
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
CVE-2018-14890
PUBLISHED: 2018-09-21
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.
CVE-2018-14891
PUBLISHED: 2018-09-21
Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability.