Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
FireEye Announces New Bug-Bounty Program
Quick Hits  |  8/12/2020  | 
The program, administered by Bugcrowd, will pay bounties of up to $2,500 per vulnerability.
Using 'Data for Good' to Control the Pandemic
Commentary  |  8/12/2020  | 
The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.
Threats vs. Thrift: Running Effective AppSec During a Global Crisis
Commentary  |  8/12/2020  | 
By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
News  |  8/11/2020  | 
The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.
Developers Need More Usable Static Code Scanners to Head Off Security Bugs
News  |  8/11/2020  | 
As companies "shift left" -- pushing more responsibility for security onto developers -- the tools that are available are falling short, usability researchers say.
Symmetry Systems Emerges from Stealth
Quick Hits  |  8/11/2020  | 
Company behind Data Store and Object Security (DSOS) becomes public knowledge following a $3 million seed round of funding.
Zoom Vulnerabilities Demonstrated in DEF CON Talk
Quick Hits  |  8/11/2020  | 
A security researcher demonstrated multiple vulnerabilities, two of which could let an attacker read and steal user data.
Is Edtech the Greatest APT?
News  |  8/11/2020  | 
Educational technology is critical but can come at huge costs to student and teacher privacy and security. Are those costs too high?
Vulnerability Prioritization: Are You Getting It Right?
Commentary  |  8/10/2020  | 
Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
Reddit Attack Defaces Dozens of Channels
Quick Hits  |  8/7/2020  | 
The attack has defaced the channels with images and content supporting Donald Trump.
Researcher Finds New Office Macro Attacks for MacOS
News  |  8/7/2020  | 
Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.
Getting to the Root: How Researchers Identify Zero-Days in the Wild
News  |  8/6/2020  | 
Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it.
Dark Reading Video News Desk Returns to Black Hat
News  |  8/6/2020  | 
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
On 'Invisible Salamanders' and Insecure Messages
News  |  8/6/2020  | 
Cornell researcher Paul Grubbsdiscusses how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.
Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
News  |  8/6/2020  | 
Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks theyve detected, and suggest mitigations as businesses rely more heavily on the cloud.
Remotely Hacking Operations Technology Systems
News  |  8/6/2020  | 
Marco Balduzzi senior research scientist with Trend Micro, tells us how the often-overlooked ICS protocol gateways contain serious vulnerabilities that allow attackers to hack OT systems remotely.
2019 Breach Leads to $80 Million Fine for Capital One
Quick Hits  |  8/6/2020  | 
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Commentary  |  8/6/2020  | 
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
3 Tips For Better Security Across the Software Supply Chain
Commentary  |  8/6/2020  | 
It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
What a Security Engineer & Software Engineer Learned by Swapping Roles
News  |  8/5/2020  | 
A security engineer and infrastructure engineer with Salesforce share lessons learned from their professional role reversal, and advice for people on both teams.
Tales from the Trenches Show Security Issues Endemic to Healthcare
News  |  8/5/2020  | 
The CISO for Indiana University Health says simple policies, good communication, and strong authentication go much further than vendor tools in solving security problems.
Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
News  |  8/5/2020  | 
SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software development needn't be a drag on productivity, says Tim Mackey from the Synopsys Cybersecurity Research Center.
HealthScare: Prioritizing Medical AppSec Research
News  |  8/5/2020  | 
Seth Fogie, information security director at Penn Medicine, explains which healthcare app vulnerabilities really matter in the day-to-day business of providing patient care.
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
News  |  8/5/2020  | 
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
Voatz Delivers Multilayered Security to Protect Electronic Voting
News  |  8/5/2020  | 
SPONSORED CONTENT: While electronic voting has been plagued by fears of tampering or fraud, Voatz is looking to make the process more transparent and auditable, according to company founder Nimit Sawhney. He offers learning points from three recent pilots that highlight how governments can improve the integrity and better protect the voting process and its data.
3 Tips for Securing Open Source Software
Commentary  |  8/5/2020  | 
Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.
Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020
Quick Hits  |  8/5/2020  | 
The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.
FBI Warns on New E-Commerce Fraud
News  |  8/3/2020  | 
A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic.
New Initiative Links Cybersecurity Pros to Election Officials
Quick Hits  |  7/31/2020  | 
A University of Chicago Harris School of Public Policy initiative will build a database of cybersecurity volunteers.
'Hidden Property Abusing' Allows Attacks on Node.js Applications
News  |  7/31/2020  | 
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
Mimecast Buys MessageControl
Quick Hits  |  7/30/2020  | 
The email security provider brings into its fold social engineering and human identity capabilities.
Google Adds Security Updates to Chrome Autofill
Quick Hits  |  7/30/2020  | 
Chrome users can retrieve payment card numbers via biometric authentication and use a new "touch-to-fill: feature to log in to accounts.
11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event
Slideshows  |  7/29/2020  | 
More than 130 security researchers and developers are ready to showcase their work.
Security Flaws Discovered in OKCupid Dating Service
Quick Hits  |  7/29/2020  | 
Researchers identified a variety of vulnerabilities in apps and websites for the popular online dating platform.
70,000+ WordPress Sites Affected by Critical Plug-in Flaw
Quick Hits  |  7/29/2020  | 
A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites.
Avon Server Leaks User Info and Administrative Data
Quick Hits  |  7/28/2020  | 
An unprotected server has exposed more than 7GB of data from the beauty brand.
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
News  |  7/28/2020  | 
More than 80% of companies have at least one Internet-facing cloud asset that is more than six months out of date or running software that is no longer supported, according to scan data.
Researchers Foil Phishing Attempt on Netflix Customers
News  |  7/28/2020  | 
Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site.
Autonomous IT: Less Reacting, More Securing
Commentary  |  7/28/2020  | 
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
ShinyHunters Offers Stolen Data on Dark Web
Quick Hits  |  7/27/2020  | 
The threat actor offers more than 26 million records from a series of data breaches.
Ratings for Open Source Projects Aim to Make Software More Secure
News  |  7/27/2020  | 
Two companies have teamed up to rate open source projects, but can adopting repository ratings help developers make better decisions regarding open source?
Access to Internal Twitter Admin Tools Is Widespread
Quick Hits  |  7/24/2020  | 
More than 1,000 individuals have access to tools that could have aided the attackers in the recent Twitter attack on high-profile accounts.
Banning TikTok Won't Solve Our Privacy Problems
Commentary  |  7/24/2020  | 
Preventing the use of an apps based solely on its country of origin (no matter how hostile) is merely a Band-Aid that won't fully address all privacy and security concerns.
DNA Site Leaves Records Open to Law Enforcement
Quick Hits  |  7/23/2020  | 
A pair of breaches reset user accounts to allow access for two days.
Deepfakes & James Bond Research Project: Cool but Dangerous
Commentary  |  7/23/2020  | 
Open source software for creating deepfakes is getting better and better, to the chagrin of researchers
Microsoft 365 Updated with New Security, Risk, Compliance Tools
News  |  7/21/2020  | 
Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption.
Fortinet Buys Cloud Security Firm OPAQ
Quick Hits  |  7/21/2020  | 
The company plans to add zero-trust networking capabilities to its Secure Access Service Edge architecture.
G Suite Security Updates Bring New Features to Gmail, Meet & Chat
Quick Hits  |  7/21/2020  | 
New security features include support for a new standard in Gmail, phishing protection in Chat, and additional admin controls.
Internet Scan Shows Decline in Insecure Network Services
News  |  7/20/2020  | 
While telnet, rsync, and SMB, exposure surprisingly have dropped, proper patching and encryption adoption remain weak worldwide.
England 'Test and Trace' Program Violates GDPR Privacy Law
Quick Hits  |  7/20/2020  | 
The UK government confirms the program launched in May without a Data Protection Impact Assessment, as required under GDPR.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8904
PUBLISHED: 2020-08-12
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (en...
CVE-2020-8905
PUBLISHED: 2020-08-12
A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of ...
CVE-2020-12106
PUBLISHED: 2020-08-12
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point.
CVE-2020-12107
PUBLISHED: 2020-08-12
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System.
CVE-2020-7374
PUBLISHED: 2020-08-12
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user ...