Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
10 iOS Security Tips to Lock Down Your iPhone
Slideshows  |  5/22/2020  | 
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
Hackers Serve Up Stolen Credentials from Home Chef
Quick Hits  |  5/21/2020  | 
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens
News  |  5/21/2020  | 
The long debate over whether encryption and anonymity shield too much criminal behavior also has staged a resurgence.
60% of Insider Threats Involve Employees Planning to Leave
News  |  5/20/2020  | 
Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
Digital Transformation Risks in Front-end Code
Commentary  |  5/20/2020  | 
Why making every front-end developer a DevSecOps expert will lead to a more holistic approach to web and native application security.
Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say
News  |  5/20/2020  | 
As COVID-19-themed spam rises, phishingnot so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.
Unpatched Open Source Libraries Leave 71% of Apps Vulnerable
News  |  5/19/2020  | 
PHP and JavaScript developers need to pay close attention because different languages and frameworks have different rates of vulnerability, research finds.
Web Application Attacks Double from 2019: Verizon DBIR
News  |  5/19/2020  | 
Verizon's annual data breach report shows most attackers are external, money remains their top motivator, and web applications and unsecured cloud storage are hot targets.
EasyJet Sees 9 Million Customer Email Addresses Stolen
Quick Hits  |  5/19/2020  | 
More than 2,000 customers also had credit card information taken in the attack.
As DevOps Accelerates, Security's Role Changes
News  |  5/18/2020  | 
There remains a disconnect between developers and security teams, with uncertainty around who should handle software security.
Templates Make Coronavirus Phishing Campaigns Easy
Quick Hits  |  5/15/2020  | 
Ready-made website templates make it simple for criminals to create fake government and NGO websites for COVID-19-related phishing campaigns.
As Businesses Rush to the Cloud, Security Teams Struggle to Keep Up
News  |  5/14/2020  | 
Most organizations have a gap between current and planned cloud usage and the maturity of their cloud security programs.
Identit Comes Out of Stealth
Quick Hits  |  5/14/2020  | 
Startup emerges with three-factor, no-password authentication.
8 Supply Chain Security Requirements
Slideshows  |  5/14/2020  | 
Complex supply chains have complex security requirements, but secure them you must. Here's where to start.
Ransomware, Data Breach Follow Phishing Attack at Magellan Health
Quick Hits  |  5/13/2020  | 
The healthcare company has informed affected employees of a data breach on a single corporate server.
Microsoft Fixes 111 Vulnerabilities for Patch Tuesday
News  |  5/12/2020  | 
This marks the third month in a row that Microsoft patched more than 100 bugs, of which 16 are classified as critical.
Nine in 10 Applications Contain Outdated Software Components
News  |  5/12/2020  | 
Almost every application uses open-source components and 91% use libraries that are out of date or that have been abandoned altogether.
DHS, FBI & DoD Report on New North Korean Malware
Quick Hits  |  5/12/2020  | 
Three new reports detail malware coming out of the Hidden Cobra cyber operations in North Korea.
Three Years After WannaCry, Ransomware Accelerating While Patching Still Problematic
News  |  5/12/2020  | 
Using a known exploit to infect unmaintained systems, the WannaCry ransomware worm remains a study in preventable catastrophes. Yet many companies continue to ignore its lessons.
Companies Struggle for Effective Cybersecurity
News  |  5/8/2020  | 
The money companies are spending on cybersecurity tools doesn't necessarily result in better security, a new survey shows.
Planning Ahead for a Secure SAP S/4HANA Migration
News  |  5/8/2020  | 
Experts say that the pressure to move to SAP's next-gen platform can be a big opportunity to move the needle on ERP cybersecurity.
DocuSign Phishing Campaign Uses COVID-19 as Bait
Quick Hits  |  5/8/2020  | 
The newly discovered campaign lures victims with a supposed file concerning the coronavirus pandemic.
Why DevSecOps Is Critical for Containers and Kubernetes
Commentary  |  5/8/2020  | 
DevSecOps is a big and sometimes difficult shift for organizations. The key to success? Take small steps.
Microsoft Identity VP Shares How and Why to Ditch Passwords
News  |  5/7/2020  | 
Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.
Now More Than Ever? Securing the Software Life Cycle
Commentary  |  5/7/2020  | 
The more things change, the more they stay the same. That's true for software security, even in these turbulent times.
Zoom Acquires Keybase, Plans for End-to-End Encrypted Chats
Quick Hits  |  5/7/2020  | 
The company's first acquisition to date is part of a 90-day plan to improve security in its video communications platform.
When Achieving Deadpool Status Is a Good Thing
Commentary  |  5/6/2020  | 
It means attackers have been met with sufficient resistance that it's no longer worth their trouble and have moved on
Cloud Startup Orca Security Raises $20M Series A
Quick Hits  |  5/5/2020  | 
The Israeli cloud security startup has built a platform to help organizations gain greater visibility into multicloud deployments.
Stay-at-Home Students Offered Lessons to Boost Cybersecurity
News  |  5/4/2020  | 
Stuck at home with a primary- or secondary-school student? Organizations from professional training groups to national governments are teaming up to offer virtual cybersecurity training for teens -- in some cases, for free.
7 Tips for Security Pros Patching in a Pandemic
Slideshows  |  5/4/2020  | 
The shift to remote work has worsened patch management challenges and created new ones. Security pros share insights and best practices.
DHS CISA Launches Site for Teleworking Security
Quick Hits  |  5/1/2020  | 
The new website is intended to be a one-stop source for information on securing teleworkers and their employers.
Apple Makes It Easier to Unlock iPhone While Wearing a Mask
Quick Hits  |  5/1/2020  | 
The beta release of iOS 13.5 brings an updated FaceID so that users wearing masks can bypass facial recognition and unlock their phone with a code.
Healthcare Targeted By More Attacks But Less Sophistication
News  |  4/30/2020  | 
An increase in attacks targeting healthcare organizations suggests that perhaps new cybercriminals are getting into the game.
Researchers Find Vulnerabilities in Popular Remote Learning Plug-ins
News  |  4/30/2020  | 
As more students move to online learning platforms, vulnerability researchers are revealing security flaws in some common software plug-ins.
7 Secure Remote Access Services for Today's Enterprise Needs
Slideshows  |  4/29/2020  | 
Secure remote access is a "must" for enterprise computing today, and there are options for you to explore in the dynamic current environment.
Web Shells Continue to Threaten
News  |  4/29/2020  | 
A decade after their first use, Web shells remain a common tool for all stripes of attackers, from common cybercriminals to sophisticated state actors.
Continued Use of Python 2 Will Heighten Security Risks
News  |  4/28/2020  | 
With support for the programming language no longer available, organizations should port to Python 3, security researches say.
Rapid7 Announces Plan to Buy DivvyCloud
Quick Hits  |  4/28/2020  | 
The purchase will boost Rapid7's multicloud capabilities.
New Startup Accurics Tackles Cloud Infrastructure Security
News  |  4/28/2020  | 
Accurics offers a free product to prevent "drift" between infrastructure defined through code and infrastructure running in the cloud.
Attackers Target Sophos Firewalls with Zero-Day
News  |  4/27/2020  | 
Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
MSI Utility Vulnerability Based on Missing Quotation Marks
News  |  4/24/2020  | 
The lack of quotation marks in the way a service called an application left MSI computers open to persistent privilege escalation attacks.
Cybercrime Group Steals $1.3M from Banks
News  |  4/24/2020  | 
A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies.
Paay Misconfiguration Leaves Transaction Data Exposed
Quick Hits  |  4/23/2020  | 
The New York-based credit-card processor left a server without password protection for approximately three weeks.
Attackers Prefer Ransomware to Stealing Data
News  |  4/22/2020  | 
Financial data is still in demand, but ransomware becomes the most popular way to try to cash in from compromised companies, according to Trustwave.
IBM Cloud Data Shield Brings Confidential Computing to Public Cloud
News  |  4/22/2020  | 
The Cloud Data Shield relies on confidential computing, which protects data while it's in use by enterprise applications.
NSA Issues Guidance for Combating Web Shell Malware
Quick Hits  |  4/22/2020  | 
The US intelligence agency teamed up with Australian Signals Directorate in newly released information on how to protect Web servers from the malware.
8 Steps to Enhance Government Agencies' Security Posture
Commentary  |  4/22/2020  | 
Given the heterogeneous architectures of critical state and local systems, it's imperative we learn from the security exposures of other critical infrastructure and pledge to be better
Automated Bots Are Increasingly Scraping Data & Attempting Logins
News  |  4/21/2020  | 
The share of bot traffic to online sites declines, but businesses are seeing an overall increase in automated scraping of data, login attempts, and other detrimental activity.
Attackers Aim at Software Supply Chain with Package Typosquatting
News  |  4/21/2020  | 
Attackers seed Ruby Gems repository with more than 760 malicious packages using names just a bit different than the standard code libraries.
Terahash Buys L0phtCrack in Password Merger
Quick Hits  |  4/21/2020  | 
The acquisition brings password cracking and password auditing capabilities together in a single company.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5537
PUBLISHED: 2020-05-25
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
CVE-2020-13438
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
CVE-2020-13439
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
CVE-2020-13440
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
CVE-2020-13433
PUBLISHED: 2020-05-24
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.