Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
Researchers Find New Approach to Attacking Cloud Infrastructure
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
By Kelly Sheridan Staff Editor, Dark Reading, 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
OpenText to Buy Carbonite for $800M Cash in $1.42B Deal
Dark Reading Staff, Quick Hits
The acquisition was confirmed just six months after Carbonite bought Webroot.
By Dark Reading Staff , 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
Joker's Stash Puts $130M Price Tag on Credit Card Database
Dark Reading Staff, Quick Hits
A new analysis advises security teams on what they should know about the underground payment card seller.
By Dark Reading Staff , 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading
The right password manager can help bring enterprise-class security to small businesses. Here are a half-dozen candidates to strengthen your access management.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff,  News
Security researcher Stanislas Lejay offers a preview of his upcoming Black Hat Europe talk on automotive engine computer management and hardware reverse engineering.
By By Alex Wawro, Special to Dark Reading , 11/7/2019
Comment1 Comment  |  Read  |  Post a Comment
Google Announces App Defense Alliance
Dark Reading Staff, Quick Hits
The industry partnership will scan apps for malware before they're published on the Google Play Store.
By Dark Reading Staff , 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
California DMV Leak Spills Data from Thousands of Drivers
Dark Reading Staff, Quick Hits
Federal agencies reportedly had improper access to Social Security data belonging to 3,200 license holders.
By Dark Reading Staff , 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
Proofpoint Acquires ObserveIT to Bolster DLP Capabilities
Dark Reading Staff, Quick Hits
The $225 million acquisition will help Proofpoint expand its data loss prevention capabilities with email, CASB, and data at rest.
By Dark Reading Staff , 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Enterprise Web Security: Risky Business
Rui Ribeiro, CEO & Co-Founder at JscramblerCommentary
Web development is at much more risk than commonly perceived. As attackers eye the enterprise, third-party code provides an easy way in.
By Rui Ribeiro CEO & Co-Founder at Jscrambler, 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Slow Retreat from Python 2 Threatens Code Security
Robert Lemos, Contributing WriterNews
The end of life is near for Python 2, and there will be no rising from the grave this time. So why are some companies and developers risking a lack of security patches to stay with the old version of the programming language?
By Robert Lemos Contributing Writer, 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook Says Israeli Firm Was Involved in Recent WhatsApp Intrusion
Jai Vijayan, Contributing WriterNews
Evidence suggests NSO Group used WhatsApps servers to distribute mobile spyware to targeted devices.
By Jai Vijayan Contributing Writer, 10/30/2019
Comment0 comments  |  Read  |  Post a Comment
Security Pros Fear Insider Attacks Stem from Cloud Apps
Dark Reading Staff, Quick Hits
More than half of security practitioners surveyed say insider attack detection has grown more difficult since migrating to cloud.
By Dark Reading Staff , 10/30/2019
Comment0 comments  |  Read  |  Post a Comment
8 Trends in Vulnerability and Patch Management
Jai Vijayan, Contributing Writer
Unpatched flaws continue to be a major security issue for many organizations.
By Jai Vijayan Contributing Writer, 10/30/2019
Comment0 comments  |  Read  |  Post a Comment
Why Cloud-Native Applications Need Cloud-Native Security
Trevor Pott, Product Marketing Director at Juniper NetworksCommentary
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
By Trevor Pott Product Marketing Director at Juniper Networks, 10/29/2019
Comment0 comments  |  Read  |  Post a Comment
US Lawmakers Fear Chinese-Owned TikTok Poses Security Risk
Dark Reading Staff, Quick Hits
The popular video app has more than 110 million downloads in the United States and could give China access to users' personal data, they say.
By Dark Reading Staff , 10/28/2019
Comment0 comments  |  Read  |  Post a Comment
Database Error Exposes 7.5 Million Adobe Customer Records
Dark Reading Staff, Quick Hits
The database was open for approximately one week before the problem was discovered.
By Dark Reading Staff , 10/28/2019
Comment0 comments  |  Read  |  Post a Comment
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Eddie Habibi & Jason Haward-Grau, Founder & CEO and Chief Information Security Officer at PASCommentary
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
By Eddie Habibi & Jason Haward-Grau Founder & CEO and Chief Information Security Officer at PAS, 10/28/2019
Comment0 comments  |  Read  |  Post a Comment
Online Beauty Store Hit by Magecart Attack
Dark Reading Staff, Quick Hits
An e-skimmer placed on the Procter & Gambleowned First Aid Beauty site to steal payment card data went undetected for five months.
By Dark Reading Staff , 10/25/2019
Comment1 Comment  |  Read  |  Post a Comment
40% of Security Pros Job Hunting as Satisfaction Drops
Kelly Sheridan, Staff Editor, Dark ReadingNews
Symptoms of job dissatisfaction creep into an industry already plagued with gaps in diversity and work-life balance.
By Kelly Sheridan Staff Editor, Dark Reading, 10/24/2019
Comment8 comments  |  Read  |  Post a Comment
FBI Expands Election Security Initiative
Dark Reading Staff, Quick Hits
The program offers resources and advice to help protect elections at every level within the US.
By Dark Reading Staff , 10/24/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by debrajohansen
Current Conversations thanks
In reply to: thanks
Post Your Own Reply
Posted by anthonydrobbins
Current Conversations hihihi
In reply to: thank for somuch
Post Your Own Reply
More Conversations
PR Newswire
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.