Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
To Manage Security Risk, Manage Data First
News  |  5/23/2019  | 
At Interop 2019, IT and security experts urged attendees to focus on data asset management as a means of mitigating risk.
FEC Gives Green Light for Free Cybersecurity Help in Federal Elections
News  |  5/23/2019  | 
Official opinion issued by the Federal Election Commission to nonprofit Defending Digital Campaigns is good news for free and reduced-cost security offerings to political candidates and committees.
Mobile Exploit Fingerprints Devices with Sensor Calibration Data
Quick Hits  |  5/23/2019  | 
Data from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit.
Russian Nation-State Hacking Unit's Tools Get More Fancy
News  |  5/23/2019  | 
APT28/Fancy Bear has expanded its repertoire to more than 30 commands for infecting systems, executing code, and reconnaissance, researchers have found.
New Software Skims Credit Card Info From Online Credit Card Transactions
Quick Hits  |  5/22/2019  | 
The new exploit builds a fake frame around legitimate portions of an online commerce website.
Data Asset Management: What Do You Really Need?
News  |  5/22/2019  | 
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
Google Alerts Admins to Unhashed Password Storage
Quick Hits  |  5/22/2019  | 
The company reports it has seen improper access to, or misuse of, affected enterprise G Suite credentials.
49 Million Instagram Influencer Records Exposed in Open Database
Quick Hits  |  5/21/2019  | 
An AWS-hosted database was configured with no username or password required for access to personal data.
Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter
News  |  5/17/2019  | 
Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security.
The Data Problem in Security
Commentary  |  5/16/2019  | 
CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
New Intel Vulnerabilities Bring Fresh CPU Attack Dangers
News  |  5/15/2019  | 
Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.
Introducing the Digital Transformation Architect
Commentary  |  5/15/2019  | 
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
Website Attack Attempts Rose by 69% in 2018
News  |  5/14/2019  | 
Millions of websites have been compromised, but the most likely malware isn't cyptomining: it's quietly stealing files and redirecting traffic, a new Sitelock report shows.
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
News  |  5/14/2019  | 
A single flaw allowed attackers thought to be linked to a government to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
Effective Pen Tests Follow These 7 Steps
Slideshows  |  5/14/2019  | 
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
How We Collectively Can Improve Cyber Resilience
Commentary  |  5/10/2019  | 
Three steps you can take, based on Department of Homeland Security priorities.
Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server
News  |  5/7/2019  | 
Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.
Password Reuse, Misconfiguration Blamed for Repository Compromises
News  |  5/6/2019  | 
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.
Trust the Stack, Not the People
Commentary  |  5/6/2019  | 
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
Misconfigured Ladders Database Exposed 13M User Records
Quick Hits  |  5/2/2019  | 
Job-hunting site Ladders leaves job seeker data exposed on the Internet.
Security Depends on Careful Design
Commentary  |  5/2/2019  | 
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
Real-World Use, Risk of Open Source Code
News  |  5/2/2019  | 
Organizations are using more open source software than ever before, but managing that code remains a challenge.
Staffing the Software Security Team: Who You Gonna Call?
Commentary  |  5/1/2019  | 
Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here's why.
Digital Transformation Exposes Operational Technology & Critical Infrastructure
Commentary  |  5/1/2019  | 
The convergence of OT and IP-based IT networks makes society more vulnerable, requiring CISOs to rethink defense.
Confluence Vulnerability Opens Door to GandCrab
Quick Hits  |  4/30/2019  | 
An exploit of the vulnerability offers attackers a ransomware surface that doesn't need email.
Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls
News  |  4/30/2019  | 
New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.
Peer-to-Peer Vulnerability Exposes Millions of IoT Devices
News  |  4/29/2019  | 
A flaw in the software used to remotely access cameras and monitoring devices could allow hackers to easily take control of millions of pieces of the IoT.
Unknown, Unprotected Database Exposes Info on 80 Million US Households
Quick Hits  |  4/29/2019  | 
A database with no login required has been found to contain names, addresses, age, and more for over 80 million U.S. households.
How to Build a Cloud Security Model
Slideshows  |  4/26/2019  | 
Security experts point to seven crucial steps companies should be taking as they move data and processes to cloud environments.
Slack Warns of Big, Bad Dangers in SEC Filing
Quick Hits  |  4/26/2019  | 
A filing prior to an IPO lists nation-state dangers to Slack's services and customers as a risk for investors.
Malware Makes Itself at Home in Set-Top Boxes
News  |  4/26/2019  | 
Low-cost boxes that promise free TV streaming services often come complete with malware, according to a new study.
Go Medieval to Keep OT Safe
Commentary  |  4/26/2019  | 
When it comes to operational technology and industrial control systems, make sure you're the lord of all you survey.
New EternalBlue Family Member Takes Aim at Asian Web Servers
News  |  4/25/2019  | 
Beapy is a new malware variant that's storming across China, leaving cryptominers in its wake.
UVA Wins Second Consecutive National Collegiate Cyber Defense Championship
Quick Hits  |  4/25/2019  | 
The Wahoos came out on top among 235 colleges and universities that took part in the 15-year-old competition.
Regulations, Insider Threat Handicap Healthcare IT Security
News  |  4/25/2019  | 
Healthcare IoT is expanding opportunities for hackers as the sector struggles to keep up security-wise.
Survey Shows a Security Conundrum
Quick Hits  |  4/24/2019  | 
A new report examines and quantifies the conflicts and challenges faced by business security leaders.
Demonstration Showcase Brings DevOps to Interop19
News  |  4/23/2019  | 
Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
Microsoft Windows, Antivirus Software at Odds After Latest Update
News  |  4/23/2019  | 
This month's Windows update has caused incompatibilities with software from at least five antivirus companies, resulting in slow boot times and frozen systems.
App Exposes Wi-Fi Credentials for Thousands of Private Networks
Quick Hits  |  4/23/2019  | 
A database used by WiFi Finder was left open and unprotected on the Internet.
Who Gets Targeted Most in Cyberattack Campaigns
Quick Hits  |  4/22/2019  | 
Attackers are changing both their tactics and targets in an attempt to remain criminally successful, Proofpoint's study found.
Free Princeton Application Provides IoT Traffic Insight
Quick Hits  |  4/19/2019  | 
The application developed by a research group allows users to spot possible IoT security problems.
Third-Party Cyber-Risk by the Numbers
Slideshows  |  4/19/2019  | 
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
Cisco Issues 31 Mid-April Security Alerts
News  |  4/18/2019  | 
Among them, two are critical and six are of high importance.
How to Raise the Level of AppSec Competency in Your Organization
Commentary  |  4/18/2019  | 
Improving processes won't happen overnight, but it's not complicated either.
Legacy Apps: The Security Risk Lurking in Dusty Corners
Commentary  |  4/17/2019  | 
Four best practices to keep old code from compromising your enterprise environment.
Ever-Sophisticated Bad Bots Target Healthcare, Ticketing
News  |  4/17/2019  | 
From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.
Security Audit Shows Gains, Though Privacy Lags
News  |  4/16/2019  | 
The 2018 Online Trust Audit shows that "encryption everywhere" is improving security, while fuzzy language is slowing privacy gains.
Data on Thousands of Law Enforcement Personnel Exposed in Breach
Quick Hits  |  4/15/2019  | 
Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.
The Single Cybersecurity Question Every CISO Should Ask
Commentary  |  4/15/2019  | 
The answer can lead to a scalable enterprise security solution for years to come.
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Quick Hits  |  4/12/2019  | 
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
Page 1 / 2   >   >>


97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .