Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
A Pause to Address 'Ethical Debt' of Facial Recognition
Commentary  |  10/23/2020  | 
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
Botnet Infects Hundreds of Thousands of Websites
News  |  10/22/2020  | 
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
WordPress Plug-in Updated in Rare Forced Action
Quick Hits  |  10/22/2020  | 
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
Oracle Releases Another Mammoth Security Patch Update
News  |  10/21/2020  | 
October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication.
Ubiq Rolls Out Encryption-as-a-Service Platform Aimed at Developers
News  |  10/21/2020  | 
A few lines of code and two API calls is all that it takes for developers to add encryption to their applications, startup says.
As Smartphones Become a Hot Target, Can Mobile EDR Help?
News  |  10/21/2020  | 
Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Commentary  |  10/21/2020  | 
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
Farsight Labs Launched as Security Collaboration Platform
Quick Hits  |  10/20/2020  | 
Farsight Security's platform will offer no-cost access to certain tools and services.
Microsoft Tops Q3 List of Most-Impersonated Brands
News  |  10/19/2020  | 
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
Massive New Phishing Campaigns Target Microsoft, Google Cloud Users
Quick Hits  |  10/16/2020  | 
At least three campaigns are now underway.
Barnes & Noble Warns Customers About Data Breach
Quick Hits  |  10/15/2020  | 
Famed bookseller says non-financial data was exposed in a new attack.
Zoom Announces Rollout of End-to-End Encryption
Quick Hits  |  10/14/2020  | 
Phase 1 removes Zoom servers from the key generation and distribution processes.
Coalition Pokes Five Eyes on Call for Backdoors
Quick Hits  |  10/13/2020  | 
The Five Eyes international law enforcement group had called for implementing backdoors for law enforcement in all encryption implementations.
Software AG Continues Efforts Against $20M Ransomware Attack
Quick Hits  |  10/12/2020  | 
The attack, which now includes extortion components, has moved into its second week.
3 Ways Companies are Working on Security by Design
News  |  10/7/2020  | 
Execs from top financial organizations and other companies share insights on building a security culture.
Google Brings Password Protection to iOS, Android in Chrome 86
Quick Hits  |  10/6/2020  | 
Chrome 86 will alert users when stored passwords are compromised, and block or warn of insecure downloads, among other security updates.
6 Best Practices for Using Open Source Software Safely
Slideshows  |  10/6/2020  | 
Open source software is critical yet potentially dangerous. Here are ways to minimize the risk.
Android Camera Bug Under the Microscope
News  |  10/5/2020  | 
Critical Android vulnerability CVE-2019-2234 could enable attackers to take control of a victim's camera and take photos, record videos, and learn location.
3 Ways Data Breaches Accelerate the Fraud Supply Chain
Commentary  |  10/5/2020  | 
The battle's just beginning as bad actors glean more personal information from victims and use that data to launch larger attacks.
'Father of Identity Theft' Sentenced to 207 Months
Quick Hits  |  10/2/2020  | 
James Jackson was convicted of mail fraud, aggravated identity theft, access device fraud, and theft of mail last year.
Truncated URLs Look to Make Big Dent in Phishing
Commentary  |  10/2/2020  | 
The approach is a long time in coming and will test the premise that users can more easily detect a suspicious domain from the name alone.
Imperva Agrees to Buy jSonar
Quick Hits  |  10/1/2020  | 
The deal is expected to close in mid-October.
Rise in Remote MacOS Workers Driving Cybersecurity 'Rethink'
News  |  10/1/2020  | 
With twice as much malware now targeting Macs, IT pros need to scramble to adapt to a large, and likely permanent, work-from-home population, experts say.
GitHub Tool Spots Security Vulnerabilities in Code
News  |  9/30/2020  | 
Scanner, which just became generally available, lets developers spot problems before code gets into production.
Cloud Misconfiguration Mishaps Businesses Must Watch
News  |  9/30/2020  | 
Cloud security experts explain which misconfigurations are most common and highlight other areas of the cloud likely to threaten businesses.
Attacker Dwell Time: Ransomware's Most Important Metric
Commentary  |  9/30/2020  | 
How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network.
Shifting Left of Left: Why Secure Code Isn't Always Quality Code
Commentary  |  9/29/2020  | 
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.
9 Tips to Prepare for the Future of Cloud & Network Security
Slideshows  |  9/28/2020  | 
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.
MFA-Minded Attackers Continue to Figure Out Workarounds
News  |  9/28/2020  | 
While MFA can improve overall security posture, it's not a "silver bullet" -- and hacks continue.
Getting Over the Security-to-Business Communication Gap in DevSecOps
News  |  9/25/2020  | 
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
WannaCry Has IoT in Its Crosshairs
Commentary  |  9/25/2020  | 
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic
News  |  9/24/2020  | 
Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.
Critical Instagram Flaw Could Let Attackers Spy on Victims
News  |  9/24/2020  | 
A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report.
Since Remote Work Isn't Going Away, Security Should Be the Focus
Commentary  |  9/24/2020  | 
These three steps will help organizations reduce long-term work-from-home security risks.
My Journey Toward SAP Security
Commentary  |  9/23/2020  | 
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
12 Bare-Minimum Benchmarks for AppSec Initiatives
Slideshows  |  9/23/2020  | 
The newly published Building Security in Maturity Model provides the software security basics organizations should cover to keep up with their peers.
Vulnerability Disclosure Programs See Signups & Payouts Surge
News  |  9/22/2020  | 
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.
New Google Search Hacks Push Viruses & Porn
Commentary  |  9/22/2020  | 
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
Microsoft Extends Data Loss Prevention to Cloud App Security
News  |  9/22/2020  | 
The update, one of several announced today, is intended to help employees remain compliant when handling data across cloud applications.
5 Steps to Greater Cyber Resiliency
Commentary  |  9/21/2020  | 
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
Deadly Ransomware Story Continues to Unfold
Quick Hits  |  9/18/2020  | 
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
Deepfake Detection Poses Problematic Technology Race
News  |  9/18/2020  | 
Experts hold out little hope for a robust technical solution in the long term.
Ransomware Gone Awry Has Fatal Consequences
Quick Hits  |  9/17/2020  | 
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
Sumo Logic IPO Prices Higher Than Expected
News  |  9/17/2020  | 
Co-founder and CTO Christian Beedgen explains what this means for the future of the cloud-based data analytics company.
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Commentary  |  9/16/2020  | 
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
CISA Joins MITRE to Issue Vulnerability Identifiers
News  |  9/16/2020  | 
The Cybersecurity and Infrastructure Security Agency will become a peer of MITRE in the CVE program, likely leading to continued increases in disclosed vulnerabilities.
Taking Security With You in the WFH Era: What to Do Next
Commentary  |  9/15/2020  | 
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.
Research Finds Nearly 800,000 Access Keys Exposed Online
Quick Hits  |  9/15/2020  | 
The keys were primarily for access to databases and cloud services.
Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks
News  |  9/14/2020  | 
In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices.
E-Commerce Sites Hit With New Attack on Magento
Quick Hits  |  9/14/2020  | 
The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.