Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
Eight Flaws in MSP Software Highlight Potential Ransomware Vector
News  |  1/22/2020  | 
An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.
Configuration Error Reveals 250 Million Microsoft Support Records
Quick Hits  |  1/22/2020  | 
Some the records, found on five identically configured servers, might have contained data in clear text.
Startup Privafy Raises $22M with New Approach to Network Security
Quick Hits  |  1/22/2020  | 
The company today disclosed an approach to data security designed to protect against modern threats at a lower cost than complex network tools.
Microsoft, DHS Warn of Zero-Day Attack Targeting IE Users
News  |  1/21/2020  | 
Software firm is "aware of limited targeted attacks" exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed.
Ransomware Upgrades with Credential-Stealing Tricks
Quick Hits  |  1/21/2020  | 
The latest version of the FTCode ransomware can steal credentials from five popular browsers and email clients.
7 Tips for Infosec Pros Considering A Lateral Career Move
Slideshows  |  1/21/2020  | 
Looking to switch things up but not sure how to do it? Security experts share their advice for switching career paths in the industry.
Mobile Banking Malware Up 50% in First Half of 2019
News  |  1/17/2020  | 
A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.
FBI Seizes Domain That Sold Info Stolen in Data Breaches
Quick Hits  |  1/17/2020  | 
The website, WeLeakData.com, claimed to have more than 12 billion records gathered from over 10,000 breaches.
Massive Oracle Patch Reverses Company's Trend Toward Fewer Flaws
News  |  1/17/2020  | 
Following a year that saw the fewest number of vulnerabilities reported since 2015, Oracle's latest quarterly patch fixes nearly 200 new vulnerabilities.
Google Lets iPhone Users Turn Device into Security Key
News  |  1/15/2020  | 
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
Why Firewalls Aren't Going Anywhere
Commentary  |  1/15/2020  | 
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
ISACs Join Forces to Secure the Travel Industry
Quick Hits  |  1/15/2020  | 
Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.
Microsoft Patches Windows Vuln Discovered by the NSA
News  |  1/14/2020  | 
The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
'Fancy Bear' Targets Ukrainian Oil Firm Burisma in Phishing Attack
Quick Hits  |  1/14/2020  | 
The oil & gas company is at the heart of the ongoing US presidential impeachment case.
Processor Vulnerabilities Put Virtual Workloads at Risk
Commentary  |  1/14/2020  | 
Meltdown, Spectre exploits will likely lead to customers making tradeoffs between performance and security of applications, especially virtual and cloud-based apps
Microsoft to Officially End Support for Windows 7, Server 2008
News  |  1/13/2020  | 
Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.
Website Collecting Australian Fire Donations Hit by Magecart
Quick Hits  |  1/13/2020  | 
The attack may have compromised donors' payment information.
Synopsys Buys Tinfoil
Quick Hits  |  1/10/2020  | 
Tinfoil Security's dynamic application and API security testing capabilities will be added to Synopsys Software Integrity Group.
Chinese Malware Found Preinstalled on US Government-Funded Phones
News  |  1/9/2020  | 
Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.
AWS Issues 'Urgent' Warning for Database Users to Update Certs
Quick Hits  |  1/9/2020  | 
Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.
Developers Still Don't Properly Handle Sensitive Data
News  |  1/8/2020  | 
The top classes of vulnerabilities for 2019 indicate that developers still don't correctly sanitize inputs, nor protect passwords and keys as they should.
Google's Project Zero Policy Change Mandates 90-Day Disclosure
Quick Hits  |  1/8/2020  | 
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.
TikTok Bugs Put Users' Videos, Personal Data At Risk
News  |  1/8/2020  | 
Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.
The Discovery and Implications of 'MDB Leaker'
News  |  1/7/2020  | 
The "MDB Leaker" vulnerability in the Microsoft Access Database could lead to a memory leak if left unpatched.
Accenture to Buy Symantec's Cyber Security Services
Quick Hits  |  1/7/2020  | 
The purchase, for an undisclosed amount, is scheduled to close in March.
New Standards Set to Reshape Future of Email Security
Commentary  |  1/7/2020  | 
Emerging specs and protocols expected to make the simple act of opening an email a less risky proposition
Malicious Google Play Apps Linked to SideWinder APT
News  |  1/6/2020  | 
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.
US Government Publishing Office Website Defaced
Quick Hits  |  1/6/2020  | 
The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran.
Client-Side JavaScript Risks & the CCPA
Commentary  |  1/6/2020  | 
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.
CCPA Kickoff: What Businesses Need to Know
News  |  1/2/2020  | 
The California Consumer Privacy Act is in full effect, prompting organizations to think about how they'll remain compliant.
6 Security Team Goals for DevSecOps in 2020
Slideshows  |  1/2/2020  | 
Huge opportunities await security teams that are finally ready move the needle on security problems that have plagued organizations for years.
Operational Technology: Why Old Networks Need to Learn New Tricks
Commentary  |  12/31/2019  | 
Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It's time to fight back.
How AI and Cybersecurity Will Intersect in 2020
Slideshows  |  12/30/2019  | 
Understanding the new risks and threats posed by increased use of artificial intelligence.
Fraud in the New Decade
Commentary  |  12/30/2019  | 
Like any enterprise that wants to survive, fraudsters and hackers will continue to build on past successes to fuel future growth
As Hackers Target Mobile Payment Apps, Here's How to Keep Them at Bay
Commentary  |  12/27/2019  | 
A little vigilance helps retailers reduce and prevent three of the most common kinds of mobile app fraud
'Honoring' CCPA's Binding Principles Nationally Won't Be Easy
Commentary  |  12/26/2019  | 
Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California's new consumer privacy law.
IoT Security: How Far We've Come, How Far We Have to Go
News  |  12/24/2019  | 
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
Citrix Urges Firms to Harden Configurations After Flaw Report
News  |  12/23/2019  | 
A vulnerability in two of the company's appliances opens 80,000 networks up for exploitation.
Mastercard Announces Plan to Purchase RiskRecon
Quick Hits  |  12/23/2019  | 
The acquisition is expected to close in the first quarter of 2020.
2020 & Beyond: The Evolution of Cybersecurity
Commentary  |  12/23/2019  | 
As new technologies disrupt the industry, remember that security is a process, not a goal. Educate yourself on how you can best secure your corner of the Web.
20 Vulnerabilities to Prioritize Patching Before 2020
News  |  12/23/2019  | 
Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.
F5 Pays $1 Billion for Shape
Quick Hits  |  12/20/2019  | 
The acquisition adds fraud detection and prevention to the application delivery company's tool collection.
Research Team Demonstrates Perfect Secrecy Implementation
Quick Hits  |  12/20/2019  | 
The technique is notable because it can be implemented using low-cost, standard hardware components.
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
Commentary  |  12/20/2019  | 
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
Patch Management: How to Prioritize an Underserved Vulnerability
Commentary  |  12/19/2019  | 
Why is one of the biggest problems in cybersecurity also one that CISOs largely ignore? Here are three reasons and a road map to a modern approach.
Global Cyber Alliance Launches New Security Efforts for Election Officials
Quick Hits  |  12/19/2019  | 
The Craig Newmark Trustworthy Internet and Democracy Program will develop security toolkits -- and enhance existing ones -- ahead of the 2020 presidential election.
How a Password-Free World Could Have Prevented the Biggest Breaches of 2019
Commentary  |  12/19/2019  | 
If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Commentary  |  12/18/2019  | 
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
Microsoft Issues Out-of-Cycle SharePoint Update
Quick Hits  |  12/18/2019  | 
The update repairs vulnerabilities that could lead to very effective phishing messages.
Worried About Magecart? Here's How to Check for It
Quick Hits  |  12/18/2019  | 
Researchers share how everyday users can check for malicious code on e-commerce websites.
Page 1 / 2   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
New Attack Campaigns Suggest Emotet Threat Is Far From Over
Jai Vijayan, Contributing Writer,  1/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20399
PUBLISHED: 2020-01-23
A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.
CVE-2020-7915
PUBLISHED: 2020-01-22
An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator.
CVE-2019-20391
PUBLISHED: 2020-01-22
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.
CVE-2019-20392
PUBLISHED: 2020-01-22
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
CVE-2019-20393
PUBLISHED: 2020-01-22
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.