Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
Tor Weaponized to Steal Bitcoin
Dark Reading Staff, Quick Hits
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
By Dark Reading Staff , 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Debug Feature in Web Dev Tool Exposed Trump Campaign Site, Others to Attack
Jai Vijayan, Contributing WriterNews
The problem is not with the tool itself but with how some developers and administrators are using it, Comparitech says.
By Jai Vijayan Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
Dark Reading Staff, Quick Hits
The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
By Dark Reading Staff , 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Pitney Bowes Hit by Ransomware
Dark Reading Staff, Quick Hits
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
By Dark Reading Staff , 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
When Using Cloud, Paranoia Can Pay Off
Robert Lemos, Contributing WriterNews
Journalists are increasingly concerned about what cloud providers may access or share with governments - and companies should worry as well.
By Robert Lemos Contributing Writer, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
FBI: Phishing Can Defeat Two-Factor Authentication
Dark Reading Staff, Quick Hits
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
By Dark Reading Staff , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security
Jai Vijayan, Contributing WriterNews
At many organizations, the attitude to securing software appears to be throwing a lot of technology at the problem, a new study finds.
By Jai Vijayan Contributing Writer, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Imperva Details Response to Customer Database Exposure
Dark Reading Staff, Quick Hits
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
By Dark Reading Staff , 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers
Dark Reading Staff, Quick Hits
Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers.
By Dark Reading Staff , 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
How the Software-Defined Perimeter Is Redefining Access Control
Gilad Steinberg, Founder & CTO at Odo SecurityCommentary
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
By Gilad Steinberg Founder & CTO at Odo Security, 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
Drupalgeddon2 Vulnerability Still Endangering CMSes
Dark Reading Staff, Quick Hits
A new wave of attacks has been discovered on Drupal-based content management systems that weren't patched for the older flaw.
By Dark Reading Staff , 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
FBI Investigates Mobile Voting Intrusion
Dark Reading Staff, Quick Hits
A group tried to access West Virginia's mobile voting app in 2018; now, the FBI is looking into what actually happened.
By Dark Reading Staff , 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
Complex Environments Cause Schools to Struggle for Passing Security Grade
Robert Lemos, Contributing WriterNews
As ransomware attacks surge against school systems, an analysis of 1,200 K-12 institutions in North America shows complex environments and conflicting security controls.
By Robert Lemos Contributing Writer, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
8 Ways Businesses Unknowingly Help Hackers
Kelly Sheridan, Staff Editor, Dark Reading
From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
By Kelly Sheridan Staff Editor, Dark Reading, 10/4/2019
Comment1 Comment  |  Read  |  Post a Comment
American Express Insider Breaches Cardholder Information
Dark Reading Staff, Quick Hits
The ex-employee accessed names, Social Security numbers, card numbers, and more in an attempt to commit fraud.
By Dark Reading Staff , 10/3/2019
Comment2 comments  |  Read  |  Post a Comment
Common Pitfalls of Security Monitoring
Aaron Sierra, Senior Security Architect at AlagenCommentary
We need technology, but we cant forget the importance of humans working methodically to make it effective.
By Aaron Sierra Senior Security Architect at Alagen, 10/3/2019
Comment0 comments  |  Read  |  Post a Comment
20M Russians' Personal Tax Records Exposed in Data Leak
Dark Reading Staff, Quick Hits
An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016.
By Dark Reading Staff , 10/3/2019
Comment1 Comment  |  Read  |  Post a Comment
Stalkerware on the Rise Globally
Dark Reading Staff, Quick Hits
Stalkware is being installed on more and more victims' devices, and the trend is only accelerating, according to a new report.
By Dark Reading Staff , 10/2/2019
Comment1 Comment  |  Read  |  Post a Comment
Controlling Data Leakage in Cloud Test-Dev Environments
Ameesh Divatia, Co-Founder & CEO of BaffleCommentary
The focus on digital transformation and compressing development release cycles is appealing, but that means security can be left behind. How should security practitioners address this challenge?
By Ameesh Divatia Co-Founder & CEO of Baffle, 10/2/2019
Comment0 comments  |  Read  |  Post a Comment
Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls
Kelly Sheridan, Staff Editor, Dark ReadingNews
The "Prying-Eye" vulnerability could let intruders scan for unprotected meeting IDs and snoop on conference calls.
By Kelly Sheridan Staff Editor, Dark Reading, 10/1/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by LeonorCastro
Current Conversations Good share!
In reply to: Re: Pending Review
Post Your Own Reply
Posted by LeonorCastro
Current Conversations Good share!
In reply to: Re: Pending Review
Post Your Own Reply
Posted by LeonorCastro
Current Conversations Good share!
In reply to: Re: Pending Review
Post Your Own Reply
More Conversations
PR Newswire
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18216
PUBLISHED: 2019-10-20
** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access ...
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.