Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
8 Tips for More Secure Mobile Computing
Slideshows  |  10/23/2019  | 
Mobile devices are a huge part of enterprise IT. Here's what to advise their users to do to keep their devices and critical business data best protected.
About 50% of Apps Are Accruing Unaddressed Vulnerabilities
News  |  10/22/2019  | 
In rush to fix newly discovered security issues, developers are neglecting to address older ones, Veracode study finds.
Researchers Turn Alexa and Google Home Into Credential Thieves
Quick Hits  |  10/21/2019  | 
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
Tor Weaponized to Steal Bitcoin
Quick Hits  |  10/18/2019  | 
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
Debug Feature in Web Dev Tool Exposed Trump Campaign Site, Others to Attack
News  |  10/17/2019  | 
The problem is not with the tool itself but with how some developers and administrators are using it, Comparitech says.
SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
Quick Hits  |  10/16/2019  | 
The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
Pitney Bowes Hit by Ransomware
Quick Hits  |  10/14/2019  | 
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
When Using Cloud, Paranoia Can Pay Off
News  |  10/14/2019  | 
Journalists are increasingly concerned about what cloud providers may access or share with governments - and companies should worry as well.
FBI: Phishing Can Defeat Two-Factor Authentication
Quick Hits  |  10/11/2019  | 
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security
News  |  10/10/2019  | 
At many organizations, the attitude to securing software appears to be throwing a lot of technology at the problem, a new study finds.
Imperva Details Response to Customer Database Exposure
Quick Hits  |  10/10/2019  | 
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers
Quick Hits  |  10/9/2019  | 
Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers.
How the Software-Defined Perimeter Is Redefining Access Control
Commentary  |  10/9/2019  | 
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
Drupalgeddon2 Vulnerability Still Endangering CMSes
Quick Hits  |  10/7/2019  | 
A new wave of attacks has been discovered on Drupal-based content management systems that weren't patched for the older flaw.
FBI Investigates Mobile Voting Intrusion
Quick Hits  |  10/4/2019  | 
A group tried to access West Virginia's mobile voting app in 2018; now, the FBI is looking into what actually happened.
Complex Environments Cause Schools to Struggle for Passing Security Grade
News  |  10/4/2019  | 
As ransomware attacks surge against school systems, an analysis of 1,200 K-12 institutions in North America shows complex environments and conflicting security controls.
8 Ways Businesses Unknowingly Help Hackers
Slideshows  |  10/4/2019  | 
From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
American Express Insider Breaches Cardholder Information
Quick Hits  |  10/3/2019  | 
The ex-employee accessed names, Social Security numbers, card numbers, and more in an attempt to commit fraud.
Common Pitfalls of Security Monitoring
Commentary  |  10/3/2019  | 
We need technology, but we cant forget the importance of humans working methodically to make it effective.
20M Russians' Personal Tax Records Exposed in Data Leak
Quick Hits  |  10/3/2019  | 
An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016.
Stalkerware on the Rise Globally
Quick Hits  |  10/2/2019  | 
Stalkware is being installed on more and more victims' devices, and the trend is only accelerating, according to a new report.
Controlling Data Leakage in Cloud Test-Dev Environments
Commentary  |  10/2/2019  | 
The focus on digital transformation and compressing development release cycles is appealing, but that means security can be left behind. How should security practitioners address this challenge?
Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls
News  |  10/1/2019  | 
The "Prying-Eye" vulnerability could let intruders scan for unprotected meeting IDs and snoop on conference calls.
Microsoft Announces Ability to Force TLS Version Compliance
Quick Hits  |  9/30/2019  | 
Transport Layer Security (TLS) can be critical for security, but it must be deployed in a current version. Microsoft now provides a mechanism for administrators to guarantee the right version in their network.
'Harvesting Attacks' & the Quantum Revolution
Commentary  |  9/30/2019  | 
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
Apple Patches Multiple Vulnerabilities Across Platforms
Quick Hits  |  9/27/2019  | 
Updates address two separate issues in Apple's desktop and mobile operating systems.
Cloud-Native Applications: Shift to Serverless is Underway
News  |  9/26/2019  | 
A new report explores changes in cloud-native applications and complexities involved with securing them.
Bridging the Gap Between Security & DevOps
Commentary  |  9/26/2019  | 
An inside look into the engineering mindset of DevOps from the vantage of a career security professional.
Why You Need to Think About API Security
Commentary  |  9/26/2019  | 
Businesses of all sorts are increasingly relying on APIs to interact with customers in smartphone apps, but they have their own unique set of vulnerabilities.
Wyoming Hospital the Latest to Be Hit With Ransomware Attack
Quick Hits  |  9/24/2019  | 
A attack has had a significant impact on the operations of Wyoming's Campbell County Memorial Hospital.
Microsoft Issues Out-of-Band Patch for Internet Explorer
Quick Hits  |  9/23/2019  | 
The security update fixes a vulnerability that could allow an attacker to remotely execute code at the same privilege as the legitimate user.
HP Purchases Security Startup Bromium
Quick Hits  |  9/20/2019  | 
The purchase will bring new isolation and threat intelligence capabilities to the HP portfolio.
BSIMM10 Emphasizes DevOps' Role in Software Security
News  |  9/19/2019  | 
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
Security Pros Value Disclosure ... Sometimes
Quick Hits  |  9/19/2019  | 
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
Ping Identity Prices IPO at $15 per Share
Quick Hits  |  9/19/2019  | 
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
Crowdsourced Security & the Gig Economy
Commentary  |  9/19/2019  | 
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
GitHub Becomes CVE Numbering Authority, Acquires Semmle
Quick Hits  |  9/18/2019  | 
Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.
DevSecOps: Recreating Cybersecurity Culture
Commentary  |  9/18/2019  | 
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
One Arrested in Ecuador's Mega Data Leak
Quick Hits  |  9/18/2019  | 
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
24.3M Unsecured Health Records Expose Patient Data, Images
Quick Hits  |  9/18/2019  | 
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
MITRE Releases 2019 List of Top 25 Software Weaknesses
News  |  9/17/2019  | 
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
US Companies Unprepared for Privacy Regulations
Quick Hits  |  9/17/2019  | 
US companies are poorly prepared for even the most rudimentary privacy regulations, a new report says.
Oracle Expands Cloud Security Services at OpenWorld 2019
News  |  9/16/2019  | 
The company broadens its portfolio with new services developed to centralize and automate cloud security.
Court Rules In Favor of Firm 'Scraping' Public Data
Quick Hits  |  9/16/2019  | 
US appeals court said a company can legally use publicly available LinkedIn account information.
Data Leak Affects Most of Ecuador's Population
News  |  9/16/2019  | 
An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.
Instagram Bug Put User Account Details, Phone Numbers at Risk
News  |  9/12/2019  | 
The vulnerability, now patched, is the latest in a series of bad news for Facebook.
APIs Get Their Own Top 10 Security List
News  |  9/12/2019  | 
OWASP's new list of API weaknesses focuses on issues that have caused recent data breaches and pose common security hazards in modern cloud-based applications.
Fed Kaspersky Ban Made Permanent by New Rules
Quick Hits  |  9/11/2019  | 
A new set of regulations converts the government ban on using Kaspersky products from a temporary rule to one that's permanent.
Third-Party Features Leave Websites More Vulnerable to Attack
Quick Hits  |  9/10/2019  | 
A new report points out the dangers to customer data of website reliance on multiple third parties.
Two Zero-Days Fixed in Microsoft Patch Rollout
News  |  9/10/2019  | 
September's Patch Tuesday addressed 80 vulnerabilities, two of which have already been exploited in the wild.
Page 1 / 2   >   >>


Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9521
PUBLISHED: 2019-10-23
The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
CVE-2015-9522
PUBLISHED: 2019-10-23
The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
CVE-2015-9523
PUBLISHED: 2019-10-23
The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
CVE-2015-9524
PUBLISHED: 2019-10-23
The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
CVE-2019-16977
PUBLISHED: 2019-10-23
In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.