News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
Trust: The Secret Ingredient to DevSecOps Success
News  |  4/20/2018  | 
Security practitioners must build trusted relationships with developers and within cross-functional DevOps teams to get themselves embedded into continuous software delivery processes.
NIST Seeking Comments on New AppSec Practices Standards
News  |  4/17/2018  | 
Working in conjunction with SAFECode, NIST is opening the floor to suggestions at RSA about secure software development life cycle guidelines.
DevOps May Be Cause of and Solution to Open Source Component Chaos
News  |  4/16/2018  | 
DevOps is accelerating the trend of componentized development approaches, but its automation can also help enforce better governance and security.
INsecurity Conference Seeks Security Pros to Speak on Best Practices
News  |  4/16/2018  | 
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
Power Line Vulnerability Closes Air Gap
Quick Hits  |  4/13/2018  | 
A new demonstration of malware shows that air-gapped computers may still be at risk.
7 Steps to a Smooth, Secure Cloud Transition
Slideshows  |  4/13/2018  | 
Security leaders share their top steps to keep in mind as your organization moves data and applications to the cloud.
ABRY Partners Buys SiteLock
Quick Hits  |  4/12/2018  | 
Web site security firm SiteLock has been acquired by venture fund managers ABRY Partners.
Microsegmentation: Strong Security in Small Packages
Commentary  |  4/12/2018  | 
A deep dive into how organizations can effectively devise and implement microsegmentation in a software-defined networking data center.
New Email Campaign Employs Malicious URLs
News  |  4/12/2018  | 
A new attack dropping the Quant Loader Trojan bypasses scanners and sandboxes.
Facebook Rolls Out 'Data Abuse Bounty' Program
News  |  4/11/2018  | 
The social media giant also got hit with a lawsuit the day before unveiling its new reward program.
Hack Back: An Eye for an Eye Could Make You Blind
Commentary  |  4/11/2018  | 
Attackers have had almost zero consequences or cost for stealing data from innocent victims. But what if we could hack their wallets, not their systems?
On-Premise Security Tools Struggle to Survive in the Cloud
News  |  4/10/2018  | 
Businesses say their current security tools aren't effective in the cloud but hesitate to adopt cloud-based security systems.
CA Acquires SourceClear
Quick Hits  |  4/9/2018  | 
CA adds software composition analysis capabilities to Veracode lineup through acquisition.
Serverless Architectures: A Paradigm Shift in Application Security
Commentary  |  4/9/2018  | 
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
Protect Yourself from Online Fraud This Tax Season
Commentary  |  4/6/2018  | 
Use these tips to stay safe online during everyone's least-favorite time of the year.
Mirai Variant Botnet Takes Aim at Financials
News  |  4/5/2018  | 
In January, a botnet based on Mirai was used to attack at least three European financial institutions.
Facebook: Most Profiles Likely Scraped by Third Parties
Quick Hits  |  4/5/2018  | 
Facebook announces plans to restrict data access after 87 million users' data was improperly shared with Cambridge Analytica.
How Security Can Bridge the Chasm with Development
Commentary  |  4/5/2018  | 
Enhancing the relationships between security and engineering is crucial for improving software security. These six steps will bring your teams together.
Report: White House Email Domains Poorly Protected from Fraud
Quick Hits  |  4/4/2018  | 
Only one Executive Office of the President email domain has fully implemented DMARC, according to a new report.
7 Deadly Security Sins of Web Applications
Slideshows  |  4/3/2018  | 
The top ways organizations open themselves up to damaging Web app attacks.
'Hack the Defense Travel System': DoD Extends its Bug Bounty Program
News  |  4/2/2018  | 
The fifth US Department of Defense bug bounty program, launched with HackerOne, will target a DoD enterprise system used by millions.
Is Security Accelerating Your Business?
Commentary  |  4/2/2018  | 
With an ever-growing list of security and compliance requirements, security can hinder or slow business initiatives. Is your security department stuck in slow gear or can it go faster?
Accused LinkedIn, DropBox Hacker Appears in US Court After Diplomatic Battle
Quick Hits  |  3/30/2018  | 
Russian national indicted for the 2012 LinkedIn hack that led to the theft of 117 million passwords has been extradited from the Czech Republic to the US.
Report Shows Ransomware is the New Normal
Quick Hits  |  3/27/2018  | 
A new report on malware says that the majority of companies globally have been victims of ransomware in the last 12 months.
Grossman, 'RSnake' Launch Website Asset Inventory Startup
Quick Hits  |  3/27/2018  | 
Bit Discovery gets $2.7 million in seed-round funding; Alex Stamos, Jeff Moss among the investors.
Privacy: Do We Need a National Data Breach Disclosure Law?
Commentary  |  3/27/2018  | 
Some say we need a more consistent approach, while others worry a national law might supersede and water down some state laws already on the books.
Looking Back to Look Ahead: Cyber Threat Trends to Watch
Commentary  |  3/23/2018  | 
Data from the fourth quarter of last year shows the state of application exploits, malicious software, and botnets.
New Survey Illustrates Real-World Difficulties in Cloud Security
News  |  3/22/2018  | 
Depending on traditional models makes cloud security more challenging for organizations, according to a Barracuda Networks report.
Is Application Security Dead?
Commentary  |  3/22/2018  | 
The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.
5 Ways to Get Ready for Public Cloud Deployment
Commentary  |  3/22/2018  | 
Syncing security and product development early is now a "must do."
How Serverless Computing Reshapes Security
Commentary  |  3/21/2018  | 
The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.
Hackers Steal Payment Card Data on 880K from Expedia Orbitz
Quick Hits  |  3/20/2018  | 
Expedia announces a breach exposing 880,000 customer records to the world.
7 Spectre/Meltdown Symptoms That Might Be Under Your Radar
Slideshows  |  3/20/2018  | 
The Spectre/Meltdown pair has a set of major effects on computing but there are impacts on the organization that IT leaders might not have considered in the face of the immediate problem.
Phantom Secure 'Uncrackable Phone' Execs Indicted for RICO Crimes
Quick Hits  |  3/16/2018  | 
Executives of Phantom Secure have been indicted on federal RICO charges for encrypting communications among criminals.
The Containerization of Artificial Intelligence
Commentary  |  3/16/2018  | 
AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.
Cryptojacking Threat Continues to Rise
News  |  3/15/2018  | 
Unauthorized cryptocurrency mining can consume processing power and make apps unavailable as well as lead to other malware.
Online Ads vs. Security: An Invisible War
Commentary  |  3/15/2018  | 
Why visiting one website is like visiting 50, and how you can fight back against malvertisers.
Palo Alto Buys Evident.io to Secure the Cloud
News  |  3/15/2018  | 
The $300 million deal is part of an industry-wide consolidation of cloud, data, and network security companies.
Segmentation: The Neglected (Yet Essential) Control
Commentary  |  3/14/2018  | 
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
Electric Utility Hit with Record Fine for Vulnerabilities
Quick Hits  |  3/14/2018  | 
An unnamed power company has consented to a record fine for leaving critical records exposed.
A Secure Enterprise Starts with a Cyber-Aware Staff
Commentary  |  3/14/2018  | 
An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018  | 
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
Microsoft Remote Access Protocol Flaw Affects All Windows Machines
News  |  3/13/2018  | 
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network.
What's the C-Suite Doing About Mobile Security?
Commentary  |  3/13/2018  | 
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018  | 
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
CyberArk Buys Vaultive for Privileged Account Security Technology
Quick Hits  |  3/12/2018  | 
The account security firm will use Vaultive's tech to protect privileged users at heightened risk for cyberattacks.
DevSecOps: The Importance of Building Security from the Beginning
Commentary  |  3/9/2018  | 
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
McAfee Closes Acquisition of VPN Provider TunnelBear
Quick Hits  |  3/8/2018  | 
This marks McAfee's second acquisition since its spinoff from Intel last year.
Cybersecurity Gets Added to the M&A Lexicon
Commentary  |  3/8/2018  | 
Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.
Why Security-Driven Companies Are More Successful
Commentary  |  3/7/2018  | 
Software Security Masters are better at handling application development security and show much higher growth than their peers. Here's how to become one.
Page 1 / 2   >   >>


8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.