Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
Why We Need More Blue Team Voices at the Table
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Intel: More Than 90% of Our Vulnerabilities Found via Research
Robert Lemos, Contributing WriterNews
Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.
By Robert Lemos Contributing Writer, 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
Okta to Buy Rival Auth0
Dark Reading Staff, Quick Hits
The deal, valued at $6.5 billion, will bring together competitors in the identity management space.
By Dark Reading Staff , 3/3/2021
Comment0 comments  |  Read  |  Post a Comment
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical DirectorCommentary
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
By Dr. Jethro Beekman Technical Director, 3/3/2021
Comment1 Comment  |  Read  |  Post a Comment
Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack
Dark Reading Staff, Quick Hits
Earnings report points to diversion of care during incident for financial loss.
By Dark Reading Staff , 3/1/2021
Comment0 comments  |  Read  |  Post a Comment
Inside Strata's Plans to Solve the Cloud Identity Puzzle
Kelly Sheridan, Staff Editor, Dark ReadingNews
Strata Identity was founded to change businesses' approach to identity management as multicloud environments become the norm.
By Kelly Sheridan Staff Editor, Dark Reading, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
New APT Group Targets Airline Industry & Immigration
Jai Vijayan, Contributing WriterNews
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
By Jai Vijayan Contributing Writer, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Google Invests in Linux Kernel Developers to Focus on Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google will fund two full-time Linux kernel developers to maintain and improve Linux security in the long term.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Concludes Internal Investigation into Solorigate Breach
Robert Lemos, Contributing WriterNews
The software giant found no evidence that attackers gained extensive access to services or customer data.
By Robert Lemos Contributing Writer, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Azure Front Door Gets a Security Upgrade
Kelly Sheridan, Staff Editor, Dark ReadingNews
New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.
By Kelly Sheridan Staff Editor, Dark Reading, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Ransomware? Let's Call It What It Really Is: Extortionware
Charlie Winckless, Senior Director, Cybersecurity Solutions, at PresidioCommentary
Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay.
By Charlie Winckless Senior Director, Cybersecurity Solutions, at Presidio, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Firms Patch Greater Number of Systems, but Still Slowly
Robert Lemos, Contributing WriterNews
Fewer systems have flaws; however, the time to remediate vulnerabilities stays flat, and many issues targeted by in-the-wild malware remain open to attack.
By Robert Lemos Contributing Writer, 2/16/2021
Comment0 comments  |  Read  |  Post a Comment
Palo Alto Networks Plans to Acquire Cloud Security Firm
Dark Reading Staff, Quick Hits
Most of Fortune 100 firms have used Bridgecrew's service in their application development processes.
By Dark Reading Staff , 2/16/2021
Comment0 comments  |  Read  |  Post a Comment
Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees
Jason Meller, CEO & Founder, KolideCommentary
Users' distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.
By Jason Meller CEO & Founder, Kolide, 2/15/2021
Comment0 comments  |  Read  |  Post a Comment
How to Submit a Column to Dark Reading
Dark Reading Staff, Commentary
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
By Dark Reading Staff , 2/15/2021
Comment0 comments  |  Read  |  Post a Comment
Water Utility Hack Could Inspire More Intruders
Robert Lemos, Contributing WriterNews
If past cyberattacks are any indication, success begets imitation. In the wake of last week's hack of Florida water utility, other water utilities and users of remote desktop software would be wise to shore up defenses, experts say.
By Robert Lemos Contributing Writer, 2/12/2021
Comment0 comments  |  Read  |  Post a Comment
Pandemic Initially Led to Fewer Disclosed Vulnerabilities, Data Suggests
Robert Lemos, Contributing WriterNews
Vulnerability disclosure started off slow but caught up by the end of the year, according to a new report.
By Robert Lemos Contributing Writer, 2/11/2021
Comment0 comments  |  Read  |  Post a Comment
Game Over: Stopping DDoS Attacks Before They Start
Philippe Alcoy, Cyber Security Technologist, APACCommentary
Video games are poised for a revolution, but benefits will come to fruition only if the industry can guarantee consistent performance and availability.
By Philippe Alcoy Cyber Security Technologist, APAC, 2/11/2021
Comment0 comments  |  Read  |  Post a Comment
7 Things We Know So Far About the SolarWinds Attacks
Jai Vijayan, Contributing Writer
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
By Jai Vijayan Contributing Writer, 2/11/2021
Comment0 comments  |  Read  |  Post a Comment
Cloud-Native Apps Make Software Supply Chain Security More Important Than Ever
Tsvi Korren, Field CTO, Aqua SecurityCommentary
Cloud-native deployments tend to be small, interchangeable, and easier to protect, but their software supply chains require closer attention.
By Tsvi Korren Field CTO, Aqua Security, 2/11/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24913
PUBLISHED: 2021-03-04
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
CVE-2020-24914
PUBLISHED: 2021-03-04
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
CVE-2020-24036
PUBLISHED: 2021-03-04
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
CVE-2020-24912
PUBLISHED: 2021-03-04
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
CVE-2019-18629
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a com...