Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
Insurance Giant Chubb Might Be Ransomware Victim
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/26/2020
Comment0 comments  |  Read  |  Post a Comment
Missing Patches, Misconfiguration Top Technical Breach Causes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
By Kelly Sheridan Staff Editor, Dark Reading, 3/25/2020
Comment0 comments  |  Read  |  Post a Comment
Tupperware Hit by Card Skimmer Attack
Dark Reading Staff, Quick Hits
Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.
By Dark Reading Staff , 3/25/2020
Comment0 comments  |  Read  |  Post a Comment
Do DevOps Teams Need a Company Attorney on Speed Dial?
Shahar Sperling, Chief Architect at HCL AppScanCommentary
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
By Shahar Sperling Chief Architect at HCL AppScan, 3/25/2020
Comment0 comments  |  Read  |  Post a Comment
Malware Found Hidden in Android Utility Apps, Children's Games
Dark Reading Staff, Quick Hits
The 'Tekya' malware, as researchers call it, is designed to imitate the user's actions to click advertisements.
By Dark Reading Staff , 3/24/2020
Comment0 comments  |  Read  |  Post a Comment
How to Secure Your Kubernetes Deployments
Gadi Naor, CTO and Co-Founder, AlcideCommentary
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
By Gadi Naor CTO and Co-Founder, Alcide, 3/24/2020
Comment0 comments  |  Read  |  Post a Comment
Three Ways Your BEC Defense Is Failing & How to Do Better
Curtis Franklin Jr., Senior Editor at Dark Reading
Business email compromises cost the economy billions of dollars. Experts have advice on how to stop them from hitting you for millions at a pop.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/23/2020
Comment0 comments  |  Read  |  Post a Comment
538 Million Weibo Users' Info for Sale on Dark Web
Dark Reading Staff, Quick Hits
The user data, which does not include passwords, purportedly comes from a mid-2019 breach.
By Dark Reading Staff , 3/23/2020
Comment0 comments  |  Read  |  Post a Comment
200M Records of US Citizens Leaked in Unprotected Database
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.
By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2020
Comment2 comments  |  Read  |  Post a Comment
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
Dark Reading Staff, Quick Hits
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
By Dark Reading Staff , 3/19/2020
Comment1 Comment  |  Read  |  Post a Comment
Achieving DevSecOps Requires Cutting Through the Jargon
Mario DiNatale, Head of Platform Security. ZeroNorthCommentary
Establishing a culture where security can work easily with developers starts with making sure they can at least speak the same language.
By Mario DiNatale Head of Platform Security. ZeroNorth, 3/19/2020
Comment2 comments  |  Read  |  Post a Comment
Quantifying Cyber Risk: Why You Must & Where to Start
Curtis Franklin Jr., Senior Editor at Dark Reading
Quantifying cybersecurity risks can be a critical step in understanding those risks and getting executive support to address them.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/19/2020
Comment1 Comment  |  Read  |  Post a Comment
500,000 Documents Exposed in Open S3 Bucket Incident
Dark Reading Staff, Quick Hits
The open database exposed highly sensitive financial and business documents related to two financial organizations.
By Dark Reading Staff , 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
Attorney General Directs DoJ to Prioritize Coronavirus Crime
Dark Reading Staff, Quick Hits
Criminal activity related to the pandemic cannot be tolerated, William Barr states in memo.
By Dark Reading Staff , 3/17/2020
Comment1 Comment  |  Read  |  Post a Comment
Startup Offering Secure Access to Corporate Apps Emerges from Stealth
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Axis Security has raised $17 million in VC funding.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/17/2020
Comment0 comments  |  Read  |  Post a Comment
Hellman & Friedman Acquires Checkmarx for $1.15B
Dark Reading Staff, Quick Hits
The private equity firm will buy Checkmarx from Insight Partners, which will continue to own a minority interest.
By Dark Reading Staff , 3/16/2020
Comment0 comments  |  Read  |  Post a Comment
Fewer Vulnerabilities in Web Frameworks, but Exploits Remain Steady
Robert Lemos, Contributing WriterNews
Attackers continue to focus on web and application frameworks, such as Apache Struts and WordPress, fighting against a decline in vulnerabilities, according to an analysis.
By Robert Lemos Contributing Writer, 3/16/2020
Comment1 Comment  |  Read  |  Post a Comment
CASB 101: Why a Cloud Access Security Broker Matters
Curtis Franklin Jr., Senior Editor at Dark Reading
A CASB isn't a WAF, isn't an NGF, and isn't an SWG. So what is it, precisely, and why do you need one to go along with all the other letters? Read on for the answer.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Dark Reading Staff, Quick Hits
The federal commission outlined more than 60 recommendations to remedy major security problems.
By Dark Reading Staff , 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
How Microsoft Disabled Legacy Authentication Across the Company
Kelly Sheridan, Staff Editor, Dark ReadingNews
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.
By Kelly Sheridan Staff Editor, Dark Reading, 3/9/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Jeremmy11
Current Conversations This is really scary..=((
In reply to: oh..no
Post Your Own Reply
More Conversations
PR Newswire
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.