News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
53 Bugs in 50 Days: Researchers Fuzz Adobe Reader
News  |  12/17/2018  | 
Automatic vulnerability finding tools detect more than 50 CVEs in Adobe Reader and Adobe Pro during a 50-day experiment.
Facebook: Photo API Bug Exposed 6.8M User Photos
Quick Hits  |  12/17/2018  | 
The flaw let developers access images that users may not have shared publicly, including those they started to upload but didnt post.
Who Are You, Really? A Peek at the Future of Identity
News  |  12/14/2018  | 
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
Retailers: Avoid the Hackable Holidaze
Commentary  |  12/14/2018  | 
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
Universities Get Schooled by Hackers
News  |  12/13/2018  | 
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
Worst Password Blunders of 2018 Hit Organizations East and West
News  |  12/12/2018  | 
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
Bug Hunting Paves Path to Infosec Careers
News  |  12/12/2018  | 
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
Mac Malware Cracks WatchGuards Top 10 List
News  |  12/12/2018  | 
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
Forget Shifting Security Left; It's Time to Race Left
Commentary  |  12/12/2018  | 
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Slideshows  |  12/12/2018  | 
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
Battling Bots Brings Big-Budget Blow to Businesses
News  |  12/11/2018  | 
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
New Google+ Breach Will Lead to Early Service Shutdown
Quick Hits  |  12/10/2018  | 
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
Bringing Compliance into the SecDevOps Process
Commentary  |  12/6/2018  | 
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
Evidence in Starwood/Marriott Breach May Point to China
Quick Hits  |  12/6/2018  | 
Attackers used methods, tools previously used by known Chinese hackers.
Starwood Breach Reaction Focuses on 4-Year Dwell
News  |  12/5/2018  | 
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
Quora Breach Exposes Information of 100 Million Users
Quick Hits  |  12/4/2018  | 
The massive breach has exposed passwords for millions who didn't remember having a Quora account.
First Lawsuits Filed in Starwood Hotels' Breach
Quick Hits  |  12/3/2018  | 
Class-action suits have been filed on behalf of guests and shareholders, with more expected.
Massive Starwood Hotels Breach Hits 500 Million Guests
News  |  11/30/2018  | 
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
New Report Details Rise, Spread of Email-based Attacks
News  |  11/29/2018  | 
Criminals are diversifying their target list and tactics in a continuing effort to keep email a valuable attack vector against enterprise victims.
Data Breach Threats Bigger Than Ever
Commentary  |  11/28/2018  | 
A quarter of IT and security leaders expect a major data breach in the next year.
Atrium Health Breach Exposes 2.65 Million Patient Records
Quick Hits  |  11/28/2018  | 
Supplier that handles billing and online payments for health-care provider became aware of incident Oct. 1.
Another Microsoft MFA Outage Affects Multiple Services
Quick Hits  |  11/27/2018  | 
Once again, multifactor authentication issues have caused login problems for users across Office 365 and Azure, among other services.
8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
Commentary  |  11/27/2018  | 
Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.
USPS Web Vuln Exposes Data of 60 Million
Quick Hits  |  11/26/2018  | 
The US Postal Service recently fixed a security bug that allowed any USPS.com account holder to view or change other users' data.
Paper Trail Absence May Still Plague 2020 Election
Quick Hits  |  11/25/2018  | 
The recommendation for paper ballots may go unheeded in all or part of at least 6 states in the next national election.
Report: Tens of Thousands of E-Commerce Sites at Heightened Security Risk
Quick Hits  |  11/20/2018  | 
Report delivered at Payment Card Industry Security Standards Council meeting flags issues in deployments of Magento, a popular e-commerce platform.
Leaderboard Shows Adoption of DMARC Email Security Protocol
News  |  11/20/2018  | 
A new tool from the Global Cyber Alliance shows where companies and organizations are adopting Domain-based Message Authentication, Reporting & Conformance.
Vulnerabilities Dip 7%, but Researchers Are Cautious
News  |  11/19/2018  | 
Risk Based Security reports 16,172 bugs disclosed through the end of October, but researchers warn things may change.
Instagram Privacy Tool Exposed Passwords
Quick Hits  |  11/19/2018  | 
The 'Download Your Data' tool, intended to improve users' privacy, actually became a privacy risk.
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
News  |  11/16/2018  | 
The public/private task force takes early steps toward securing the end-to-end supply chain.
New Bluetooth Hack Affects Millions of Vehicles
Quick Hits  |  11/16/2018  | 
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
AI Poised to Drive New Wave of Exploits
News  |  11/16/2018  | 
Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.
From Reactive to Proactive: Security as the Bedrock of the SDLC
Commentary  |  11/15/2018  | 
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
Security Teams Struggle with Container Security Strategy
News  |  11/14/2018  | 
Fewer than 30% of firms have more than a basic container security plan in place.
Netskope Announces Series F Funding Round
Quick Hits  |  11/13/2018  | 
The $168.7 million round will go toward R&D and global expansion, says cloud access security broker provider.
RIP, 'IT Security'
Commentary  |  11/13/2018  | 
Information security is vital, of course. But the concept of "IT security" has never made sense.
What You Should Know About Grayware (and What to Do About It)
Slideshows  |  11/9/2018  | 
Grayware is a tricky security problem, but there are steps you can take to defend your organization when you recognize the risk.
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
Commentary  |  11/8/2018  | 
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
New Side-Channel Attacks Target Graphics Processing Units
News  |  11/7/2018  | 
A trio of new attacks bypass CPUs to wring data from vulnerable GPUs.
Checkmarx Acquires Custodela
Quick Hits  |  11/7/2018  | 
The purchase adds DevSecOps capabilities to a software exposure platform.
Thoma Bravo Buys Veracode
News  |  11/5/2018  | 
Broadcom will sell Veracode, acquired last year by CA, for $950M to Thoma Bravo as it broadens its security portfolio.
Worst Malware and Threat Actors of 2018
News  |  11/2/2018  | 
Two reports call out the most serious malware attacks and attackers of the year (so far).
Cisco Reports SIP Inspection Vulnerability
Quick Hits  |  11/2/2018  | 
Advisory addresses active exploitation of vuln in the wild, with no clear solution in sight.
Speed Up AppSec Improvement With an Adversary-Driven Approach
News  |  11/2/2018  | 
Stop overwhelming developers and start using real-world attack behavior to prioritize application vulnerability fixes.
FIFA Reveals Second Hack
Quick Hits  |  11/1/2018  | 
Successful phishing campaign leads attackers to confidential information of world soccer's governing body.
Not Every Security Flaw Is Created Equal
Commentary  |  11/1/2018  | 
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.
Qualys Snaps Up Container Firm
Quick Hits  |  10/31/2018  | 
Plans to use Layered Insight's technology to add runtime capabilities and automated enforcement to its container security tool.
Companies Fall Short on 2FA
Quick Hits  |  10/30/2018  | 
New research ranks organizations based on whether they offer two-factor authentication.
New Report: IoT Now Top Internet Attack Target
Quick Hits  |  10/29/2018  | 
IoT devices are the top targets of cyberattacks -- most of which originate on IoT devices, new report finds.
7 Ways an Old Tool Still Teaches New Lessons About Web AppSec
Slideshows  |  10/29/2018  | 
Are your Web applications secure? WebGoat, a tool old enough to be in high school, continues to instruct.
Page 1 / 2   >   >>


Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20201
PUBLISHED: 2018-12-18
There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.
CVE-2018-20194
PUBLISHED: 2018-12-18
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy l...
CVE-2018-20195
PUBLISHED: 2018-12-18
A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
CVE-2018-20196
PUBLISHED: 2018-12-18
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.
CVE-2018-20197
PUBLISHED: 2018-12-18
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy l...