Application Security

News & Commentary
Who Are You, Really? A Peek at the Future of Identity
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
By Kelly Sheridan Staff Editor, Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Retailers: Avoid the Hackable Holidaze
Fred Kneip, CEO at CyberGRXCommentary
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
By Fred Kneip CEO at CyberGRX, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Universities Get Schooled by Hackers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment3 comments  |  Read  |  Post a Comment
Bug Hunting Paves Path to Infosec Careers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Mac Malware Cracks WatchGuards Top 10 List
Steve Zurier, Freelance WriterNews
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
By Steve Zurier Freelance Writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Forget Shifting Security Left; It's Time to Race Left
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment6 comments  |  Read  |  Post a Comment
Battling Bots Brings Big-Budget Blow to Businesses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
New Google+ Breach Will Lead to Early Service Shutdown
Dark Reading Staff, Quick Hits
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
By Dark Reading Staff , 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
Bringing Compliance into the SecDevOps Process
Joe Ward, Senior Security Analyst, Bishop FoxCommentary
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
By Joe Ward Senior Security Analyst, Bishop Fox, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Evidence in Starwood/Marriott Breach May Point to China
Dark Reading Staff, Quick Hits
Attackers used methods, tools previously used by known Chinese hackers.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Quora Breach Exposes Information of 100 Million Users
Dark Reading Staff, Quick Hits
The massive breach has exposed passwords for millions who didn't remember having a Quora account.
By Dark Reading Staff , 12/4/2018
Comment0 comments  |  Read  |  Post a Comment
First Lawsuits Filed in Starwood Hotels' Breach
Dark Reading Staff, Quick Hits
Class-action suits have been filed on behalf of guests and shareholders, with more expected.
By Dark Reading Staff , 12/3/2018
Comment0 comments  |  Read  |  Post a Comment
Massive Starwood Hotels Breach Hits 500 Million Guests
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/30/2018
Comment1 Comment  |  Read  |  Post a Comment
New Report Details Rise, Spread of Email-based Attacks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Criminals are diversifying their target list and tactics in a continuing effort to keep email a valuable attack vector against enterprise victims.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/29/2018
Comment0 comments  |  Read  |  Post a Comment
Atrium Health Breach Exposes 2.65 Million Patient Records
Dark Reading Staff, Quick Hits
Supplier that handles billing and online payments for health-care provider became aware of incident Oct. 1.
By Dark Reading Staff , 11/28/2018
Comment0 comments  |  Read  |  Post a Comment
Data Breach Threats Bigger Than Ever
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
A quarter of IT and security leaders expect a major data breach in the next year.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/28/2018
Comment0 comments  |  Read  |  Post a Comment
Another Microsoft MFA Outage Affects Multiple Services
Dark Reading Staff, Quick Hits
Once again, multifactor authentication issues have caused login problems for users across Office 365 and Azure, among other services.
By Dark Reading Staff , 11/27/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.