Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
Getting Over the Security-to-Business Communication Gap in DevSecOps
Ericka Chickowski, Contributing WriterNews
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
By Ericka Chickowski Contributing Writer, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
WannaCry Has IoT in Its Crosshairs
Ed Koehler, Distinguished Principal Security Engineer, Office of CTO, at Extreme NetworkCommentary
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
By Ed Koehler Distinguished Principal Security Engineer, Office of CTO, at Extreme Network, 9/25/2020
Comment0 comments  |  Read  |  Post a Comment
Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic
Robert Lemos, Contributing WriterNews
Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.
By Robert Lemos Contributing Writer, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Critical Instagram Flaw Could Let Attackers Spy on Victims
Kelly Sheridan, Staff Editor, Dark ReadingNews
A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
Since Remote Work Isn't Going Away, Security Should Be the Focus
Mike Wronski, Technical Director of Product Marketing, NutanixCommentary
These three steps will help organizations reduce long-term work-from-home security risks.
By Mike Wronski Technical Director of Product Marketing, Nutanix, 9/24/2020
Comment0 comments  |  Read  |  Post a Comment
My Journey Toward SAP Security
Jason Fruge, VP of Business Application CybersecurityCommentary
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
By Jason Fruge VP of Business Application Cybersecurity, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
12 Bare-Minimum Benchmarks for AppSec Initiatives
Ericka Chickowski, Contributing Writer
The newly published Building Security in Maturity Model provides the software security basics organizations should cover to keep up with their peers.
By Ericka Chickowski Contributing Writer, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosure Programs See Signups & Payouts Surge
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.
By Kelly Sheridan Staff Editor, Dark Reading, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
New Google Search Hacks Push Viruses & Porn
David Balaban, Editor at Privacy-PC.comCommentary
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
By David Balaban Editor at Privacy-PC.com, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Extends Data Loss Prevention to Cloud App Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The update, one of several announced today, is intended to help employees remain compliant when handling data across cloud applications.
By Kelly Sheridan Staff Editor, Dark Reading, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Greater Cyber Resiliency
Andrew Rubin, CEO & Founder at IllumioCommentary
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
By Andrew Rubin CEO & Founder at Illumio, 9/21/2020
Comment0 comments  |  Read  |  Post a Comment
Deadly Ransomware Story Continues to Unfold
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Deepfake Detection Poses Problematic Technology Race
Robert Lemos, Contributing WriterNews
Experts hold out little hope for a robust technical solution in the long term.
By Robert Lemos Contributing Writer, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Gone Awry Has Fatal Consequences
Dark Reading Staff, Quick Hits
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
By Dark Reading Staff , 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Sumo Logic IPO Prices Higher Than Expected
Kelly Sheridan, Staff Editor, Dark ReadingNews
Co-founder and CTO Christian Beedgen explains what this means for the future of the cloud-based data analytics company.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
CISA Joins MITRE to Issue Vulnerability Identifiers
Robert Lemos, Contributing WriterNews
The Cybersecurity and Infrastructure Security Agency will become a peer of MITRE in the CVE program, likely leading to continued increases in disclosed vulnerabilities.
By Robert Lemos Contributing Writer, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Taking Security With You in the WFH Era: What to Do Next
A.N. Ananth, President, NetsurionCommentary
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.
By A.N. Ananth President, Netsurion, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Research Finds Nearly 800,000 Access Keys Exposed Online
Dark Reading Staff, Quick Hits
The keys were primarily for access to databases and cloud services.
By Dark Reading Staff , 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks
Robert Lemos, Contributing WriterNews
In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices.
By Robert Lemos Contributing Writer, 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by TiaGilbert
Current Conversations Good article!
In reply to: Article
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...