Application Security

News & Commentary
Democracy & DevOps: What Is the Proper Role for Security?
PJ Kirner, CTO & Founder, IllumioCommentary
Security experts need a front-row seat in the application development process but not at the expense of the business.
By PJ Kirner CTO & Founder, Illumio, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
Oracle Buys Zenedge for Cloud Security
Dark Reading Staff, Quick Hits
Oracle announces its acquisition of Zenedge, which focuses on cloud-based network and infrastructure security.
By Dark Reading Staff , 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMattersCommentary
A solid approach to change management can help prevent problems downstream.
By Robert Hawk Privacy & Security Lead at xMatters, 2/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Fileless Malware: Not Just a Threat, but a Super-Threat
Itay Glick, CEO & Co-founder, VotiroCommentary
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
By Itay Glick CEO & Co-founder, Votiro, 2/14/2018
Comment0 comments  |  Read  |  Post a Comment
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The more experienced a SOC analyst gets, the more his or her job satisfaction declines, a new survey of security operations center staffers shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Paid $2.9M for Vulnerabilities in 2017
Kelly Sheridan, Associate Editor, Dark ReadingNews
The Google Vulnerability Reward Program issued a total of 1,230 rewards in 2017. The single largest payout was $112,500.
By Kelly Sheridan Associate Editor, Dark Reading, 2/9/2018
Comment0 comments  |  Read  |  Post a Comment
Ticking Time Bombs in Your Data Center
Murali Palanisamy, Executive Vice President and Chief Technology Officer,  AppViewXCommentary
The biggest security problems inside your company may result from problems it inherited.
By Murali Palanisamy Executive Vice President and Chief Technology Officer, AppViewX, 2/7/2018
Comment0 comments  |  Read  |  Post a Comment
Security vs. Speed: The Risk of Rushing to the Cloud
Kelly Sheridan, Associate Editor, Dark ReadingNews
Companies overlook critical security steps as they move to adopt the latest cloud applications and services.
By Kelly Sheridan Associate Editor, Dark Reading, 2/6/2018
Comment6 comments  |  Read  |  Post a Comment
AutoSploit: Mass Exploitation Just Got a Lot Easier
Rami Sass, CEO & Co-Founder, WhiteSourceCommentary
But the response to the new hacking tool, now readily available to the masses of script kiddies, has been a mix of outrage, fear, some applause, and more than a few shrugs.
By Rami Sass CEO & Co-Founder, WhiteSource, 2/6/2018
Comment5 comments  |  Read  |  Post a Comment
APIs Pose 'Mushrooming' Security Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
As APIs grow in prominence, top security concerns include bots and authentication.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/2/2018
Comment1 Comment  |  Read  |  Post a Comment
Adobe to Patch Flash Zero-Day Discovered in South Korean Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Critical use-after-free vulnerability being used in targeted attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/1/2018
Comment0 comments  |  Read  |  Post a Comment
Poor Visibility, Weak Passwords Compromise Active Directory
Kelly Sheridan, Associate Editor, Dark ReadingNews
Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.
By Kelly Sheridan Associate Editor, Dark Reading, 2/1/2018
Comment1 Comment  |  Read  |  Post a Comment
Securing Cloud-Native Apps
Guy Podjarny, CEO & Cofounder, SnykCommentary
A useful approach for securing cloud-native platforms can be adapted for securing apps running on top of the platform as well.
By Guy Podjarny CEO & Cofounder, Snyk, 2/1/2018
Comment0 comments  |  Read  |  Post a Comment
Lieberman Software Acquired by Bomgar
Dark Reading Staff, Quick Hits
Deal combines privileged access management products, technologies.
By Dark Reading Staff , 2/1/2018
Comment0 comments  |  Read  |  Post a Comment
700,000 Bad Apps Deleted from Google Play in 2017
Dark Reading Staff, Quick Hits
Google rejected 99% of apps with abusive content before anyone could install them, according to a 2017 security recap.
By Dark Reading Staff , 1/31/2018
Comment4 comments  |  Read  |  Post a Comment
5 Questions to Ask about Machine Learning
Anup Ghosh, Chief Strategist, Next-Gen Endpoint, at SophosCommentary
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
By Anup Ghosh Chief Strategist, Next-Gen Endpoint, at Sophos, 1/31/2018
Comment1 Comment  |  Read  |  Post a Comment
Breach-Proofing Your Data in a GDPR World
Sanjay Beri, Co-Founder & CEO, NetskopeCommentary
Here are six key measures for enterprises to prioritize over the next few months.
By Sanjay Beri Co-Founder & CEO, Netskope, 1/30/2018
Comment0 comments  |  Read  |  Post a Comment
RELX Group Agrees to Buy ThreatMetrix for 580M Cash
Dark Reading Staff, Quick Hits
Authentication firm ThreatMetrix will become part of Risk & Business Analytics under the LexisNexis Risk Solutions brand.
By Dark Reading Staff , 1/29/2018
Comment0 comments  |  Read  |  Post a Comment
Strava Fitness App Shares Secret Army Base Locations
Dark Reading Staff, Quick Hits
The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty.
By Dark Reading Staff , 1/29/2018
Comment10 comments  |  Read  |  Post a Comment
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Bill Horne, VP & GM, Intertrust Secure Systems, Intertrust TechnologiesCommentary
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
By Bill Horne VP & GM, Intertrust Secure Systems, Intertrust Technologies, 1/26/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.