Application Security

News & Commentary
The Default SAP Configuration That Every Enterprise Needs to Fix
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Nine out of ten organizations are vulnerable to a 13-year-old flaw that puts their most critical business systems at risk of complete criminal takeover.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Free New Tool for Building Blockchain Skills
Dark Reading Staff, Quick Hits
Blockchain CTF helps pros build skills with simulations.
By Dark Reading Staff , 4/25/2018
Comment0 comments  |  Read  |  Post a Comment
Why Information Integrity Attacks Pose New Security Challenges
Tamer Hassan, Co-Founder & CTO, White OpsCommentary
To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.
By Tamer Hassan Co-Founder & CTO, White Ops, 4/25/2018
Comment0 comments  |  Read  |  Post a Comment
'Stresspaint' Targets Facebook Credentials
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
New malware variant goes after login credentials for popular Facebook pages.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/24/2018
Comment0 comments  |  Read  |  Post a Comment
It's Time to Take GitHub Threats Seriously
Kumar Saurabh, CEO and co-founder of LogicHubCommentary
There's a good chance your company has projects on the source code management system, but the casual way many developers use GitHub creates security issues.
By Kumar Saurabh CEO and co-founder of LogicHub, 4/24/2018
Comment0 comments  |  Read  |  Post a Comment
Trust: The Secret Ingredient to DevSecOps Success
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Security practitioners must build trusted relationships with developers and within cross-functional DevOps teams to get themselves embedded into continuous software delivery processes.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
NIST Seeking Comments on New AppSec Practices Standards
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Working in conjunction with SAFECode, NIST is opening the floor to suggestions at RSA about secure software development life cycle guidelines.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/17/2018
Comment0 comments  |  Read  |  Post a Comment
DevOps May Be Cause of and Solution to Open Source Component Chaos
Ericka Chickowski, Contributing Writer, Dark ReadingNews
DevOps is accelerating the trend of componentized development approaches, but its automation can also help enforce better governance and security.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/16/2018
Comment1 Comment  |  Read  |  Post a Comment
INsecurity Conference Seeks Security Pros to Speak on Best Practices
Tim Wilson, Editor in Chief, Dark Reading, News
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
By Tim Wilson, Editor in Chief, Dark Reading , 4/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Power Line Vulnerability Closes Air Gap
Dark Reading Staff, Quick Hits
A new demonstration of malware shows that air-gapped computers may still be at risk.
By Dark Reading Staff , 4/13/2018
Comment0 comments  |  Read  |  Post a Comment
7 Steps to a Smooth, Secure Cloud Transition
Kelly Sheridan, Staff Editor, Dark Reading
Security leaders share their top steps to keep in mind as your organization moves data and applications to the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 4/13/2018
Comment0 comments  |  Read  |  Post a Comment
ABRY Partners Buys SiteLock
Dark Reading Staff, Quick Hits
Web site security firm SiteLock has been acquired by venture fund managers ABRY Partners.
By Dark Reading Staff , 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Microsegmentation: Strong Security in Small Packages
Avishai Wool, Co-Founder and CTO at AlgoSecCommentary
A deep dive into how organizations can effectively devise and implement microsegmentation in a software-defined networking data center.
By Avishai Wool Co-Founder and CTO at AlgoSec, 4/12/2018
Comment1 Comment  |  Read  |  Post a Comment
New Email Campaign Employs Malicious URLs
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new attack dropping the Quant Loader Trojan bypasses scanners and sandboxes.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Facebook Rolls Out 'Data Abuse Bounty' Program
Kelly Sheridan, Staff Editor, Dark ReadingNews
The social media giant also got hit with a lawsuit the day before unveiling its new reward program.
By Kelly Sheridan Staff Editor, Dark Reading, 4/11/2018
Comment0 comments  |  Read  |  Post a Comment
Hack Back: An Eye for an Eye Could Make You Blind
Dr. Salvatore Stolfo, Fouder & CTO, Allure SecurityCommentary
Attackers have had almost zero consequences or cost for stealing data from innocent victims. But what if we could hack their wallets, not their systems?
By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 4/11/2018
Comment0 comments  |  Read  |  Post a Comment
On-Premise Security Tools Struggle to Survive in the Cloud
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses say their current security tools aren't effective in the cloud but hesitate to adopt cloud-based security systems.
By Kelly Sheridan Staff Editor, Dark Reading, 4/10/2018
Comment1 Comment  |  Read  |  Post a Comment
CA Acquires SourceClear
Dark Reading Staff, Quick Hits
CA adds software composition analysis capabilities to Veracode lineup through acquisition.
By Dark Reading Staff , 4/9/2018
Comment0 comments  |  Read  |  Post a Comment
Serverless Architectures: A Paradigm Shift in Application Security
Ory Segal, CTO, PureSecCommentary
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
By Ory Segal CTO, PureSec, 4/9/2018
Comment0 comments  |  Read  |  Post a Comment
Protect Yourself from Online Fraud This Tax Season
Robert Block, Senior VP of Identity Strategy at SecureAuth and Core SecurityCommentary
Use these tips to stay safe online during everyone's least-favorite time of the year.
By Robert Block Senior VP of Identity Strategy at SecureAuth and Core Security, 4/6/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark Reading,  4/25/2018
Threat Intel: Finding Balance in an Overcrowded Market
Kelly Sheridan, Staff Editor, Dark Reading,  4/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.