Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Dark Reading Staff, Quick Hits
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
Password-Cracking Teams Up in CrackQ Release
Robert Lemos, Contributing WriterNews
The open source platform aims to make password-cracking more manageable and efficient for red teams.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Dark Reading Staff, Quick Hits
Kaspersky creates a prototype ring you can wear on your finger for authentication.
By Dark Reading Staff , 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Advisory for Windows Hello for Business
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Application & Infrastructure Risk Management: You've Been Doing It Backward
John Worrall, Chief Executive Officer at ZeroNorthCommentary
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
By John Worrall Chief Executive Officer at ZeroNorth, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies
Robert Lemos, Contributing WriterNews
The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.
By Robert Lemos Contributing Writer, 12/2/2019
Comment0 comments  |  Read  |  Post a Comment
StrandHogg Vulnerability Affects All Versions of Android
Kelly Sheridan, Staff Editor, Dark ReadingNews
The bug enables malware to pose as any legitimate Android app, letting attackers track messages, photos, credentials, and phone conversations.
By Kelly Sheridan Staff Editor, Dark Reading, 12/2/2019
Comment0 comments  |  Read  |  Post a Comment
Data from 21M Mixcloud Users Compromised in Breach
Dark Reading Staff, Quick Hits
The music streaming service received reports indicating attackers gained unauthorized access to its systems.
By Dark Reading Staff , 12/2/2019
Comment0 comments  |  Read  |  Post a Comment
Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.
By Kelly Sheridan Staff Editor, Dark Reading, 11/27/2019
Comment0 comments  |  Read  |  Post a Comment
Google Details Its Responses to Cyber Attacks, Disinformation
Dark Reading Staff, Quick Hits
Government groups continue to attack user credentials and distribute disinformation according to a new blog post from Google's Threat Analysis Group.
By Dark Reading Staff , 11/27/2019
Comment2 comments  |  Read  |  Post a Comment
New Free Emulator Challenges Apple's Control of iOS
Robert Lemos, Contributing WriterNews
An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system and gives Apple a new headache.
By Robert Lemos Contributing Writer, 11/27/2019
Comment0 comments  |  Read  |  Post a Comment
Practical Principles for Security Metrics
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
A proactive approach to cybersecurity requires the right tools, not more tools.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 11/27/2019
Comment0 comments  |  Read  |  Post a Comment
7 Ways to Hang Up on Voice Fraud
Steve Zurier, Contributing Writer
Criminals are coming at us from all direction, including our phones. Don't answer that next call without reading this tips first.
By Steve Zurier Contributing Writer, 11/27/2019
Comment8 comments  |  Read  |  Post a Comment
The Implications of Last Week's Exposure of 1.2B Records
Kelly Sheridan, Staff Editor, Dark ReadingNews
Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.
By Kelly Sheridan Staff Editor, Dark Reading, 11/26/2019
Comment0 comments  |  Read  |  Post a Comment
An Alarming Number of Software Teams Are Missing Cybersecurity Expertise
Robert Lemos, Contributing WriterNews
The overwhelming majority of developers worry about security and consider it important, yet many lack a dedicated cybersecurity leader.
By Robert Lemos Contributing Writer, 11/26/2019
Comment0 comments  |  Read  |  Post a Comment
On the Border Warns of Data Breach
Dark Reading Staff, Quick Hits
Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.
By Dark Reading Staff , 11/26/2019
Comment3 comments  |  Read  |  Post a Comment
Tushu, Take Twoshu: Malicious SDK Reappears in Google Play
Kelly Sheridan, Staff Editor, Dark ReadingNews
Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.
By Kelly Sheridan Staff Editor, Dark Reading, 11/25/2019
Comment0 comments  |  Read  |  Post a Comment
T-Mobile Prepaid Hit by Significant Data Breach
Dark Reading Staff, Quick Hits
The breach, estimated to have affected more than a million customers, came from malicious external actors.
By Dark Reading Staff , 11/25/2019
Comment1 Comment  |  Read  |  Post a Comment
They See You When You're Shopping: Holiday Cybercrime Starts Early
Dark Reading Staff, Quick Hits
Researchers notice year-end phishing attacks starting in July and ramping up in September.
By Dark Reading Staff , 11/25/2019
Comment0 comments  |  Read  |  Post a Comment
1.2B Records Exposed in Massive Server Leak
Dark Reading Staff, Quick Hits
A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.
By Dark Reading Staff , 11/22/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by KhalilMills
Current Conversations Thank Pro
In reply to: thank so much
Post Your Own Reply
Posted by robertmbaker
Current Conversations hi
In reply to: thank pro
Post Your Own Reply
More Conversations
PR Newswire
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there�s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges need...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...