Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers
Robert Lemos, Contributing WriterNews
While coronavirus-themed emails and files have been used as a lure for weeks, attackers now are searching for ways to actively target VPNs and remote workers to take advantage of weaker security.
By Robert Lemos Contributing Writer, 4/8/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Fool Biometric Scanners with 3D-Printed Fingerprints
Kelly Sheridan, Staff Editor, Dark ReadingNews
Tests on the fingerprint scanners of Apple, Microsoft, and Samsung devices reveal it's possible to bypass authentication with a cheap 3D printer.
By Kelly Sheridan Staff Editor, Dark Reading, 4/8/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Releases COVID-19 Security Guidance
Dark Reading Staff, Quick Hits
Information includes tips on how to keep IT systems infection-free.
By Dark Reading Staff , 4/8/2020
Comment0 comments  |  Read  |  Post a Comment
Privacy & Digital-Rights Experts Worry Contact-Tracing Apps Lack Limits
Robert Lemos, Contributing WriterNews
Mobile-phone-based tracking of people can help fight pandemics, but privacy and security researchers stress that it needs to be done right.
By Robert Lemos Contributing Writer, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
Mature DevOps Teams Are Secure DevOps Teams
Dark Reading Staff, Quick Hits
New research shows the relationship between mature DevOps processes, secure applications, and happy developers.
By Dark Reading Staff , 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
Using Application Telemetry to Reveal Insider & Evasive Threats
Andy Hawkins, Field CTOCommentary
Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.
By Andy Hawkins Field CTO, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
9 Security Podcasts Worth Tuning In To
Kelly Sheridan, Staff Editor, Dark Reading
Recommendations for podcasts discussing news, trends, guidance, and stories across the cybersecurity industry.
By Kelly Sheridan Staff Editor, Dark Reading, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
Misconfigured Containers Again Targeted by Cryptominer Malware
Robert Lemos, Contributing WriterNews
An attack group is searching for insecure containers exposing the Docker API and then installing a program that attempts to mine cryptocurrency. It's not the first time.
By Robert Lemos Contributing Writer, 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
FBI Warns of BEC Dangers
Dark Reading Staff, Quick Hits
A new PSA warns of attacks launched against users of two popular cloud-based email systems.
By Dark Reading Staff , 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
5 Soothing Security Products We Wish Existed
Curtis Franklin Jr., Senior Editor at Dark Reading
Maybe security alert fatigue wouldn't be so bad if the alerts themselves delivered less stress and more aromatherapy.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
Want to Improve Cloud Security? It Starts with Logging
Chris Calvert, VP Product Strategy, Co-Founder, Respond SoftwareCommentary
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.
By Chris Calvert VP Product Strategy, Co-Founder, Respond Software, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
A Day in The Life of a Pen Tester
Kelly Sheridan, Staff Editor, Dark ReadingNews
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
By Kelly Sheridan Staff Editor, Dark Reading, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Bad Bots Build Presence Across the Web
Dark Reading Staff, Quick Hits
Bots that mimic human behavior are driving a growing percentage of website traffic while contributing to an avalanche of misinformation.
By Dark Reading Staff , 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Companies Are Failing to Deploy Key Solution for Email Security
Robert Lemos, Contributing WriterNews
A single -- albeit complex-to-deploy -- technology could stop the most expensive form of fraud, experts say. Why aren't more companies adopting it?
By Robert Lemos Contributing Writer, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Researchers Focus on Zoom App's Security
Robert Lemos, Contributing WriterNews
With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses.
By Robert Lemos Contributing Writer, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Defense Evasion Dominated 2019 Attack Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Dark Reading Staff, Quick Hits
The data was breached through the credentials of two franchisee employees.
By Dark Reading Staff , 3/31/2020
Comment2 comments  |  Read  |  Post a Comment
Patching Poses Security Problems with Move to More Remote Work
Robert Lemos, Contributing WriterNews
Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.
By Robert Lemos Contributing Writer, 3/31/2020
Comment1 Comment  |  Read  |  Post a Comment
Does the 2020 Online Census Account for Security Risk?
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.
By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020
Comment1 Comment  |  Read  |  Post a Comment
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/31/2020
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by SoniaWilson
Current Conversations Nice Post
In reply to: Nice Post
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11655
PUBLISHED: 2020-04-09
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-11656
PUBLISHED: 2020-04-09
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVE-2019-20637
PUBLISHED: 2020-04-08
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connecti...
CVE-2020-11650
PUBLISHED: 2020-04-08
An issue was discovered in iXsystems FreeNAS 11.2 and 11.3 before 11.3-U1. It allows a denial of service.
CVE-2020-11653
PUBLISHED: 2020-04-08
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.