Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

News & Commentary
Attackers Scan for Vulnerable BIG-IP Devices After Flaw Disclosure
Robert Lemos, Contributing WriterNews
The US Cybersecurity and Infrastructure Security Agency encourages organizations to patch a critical flaw in the BIG-IP family of application delivery controllers, as firms find evidence that attackers are scanning for the critical vulnerability.
By Robert Lemos Contributing Writer, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
Credit-Card Skimmer Seeks Websites Running Microsoft's ASP.NET
Dark Reading Staff, Quick Hits
The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.
By Dark Reading Staff , 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
How to Assess More Sophisticated IoT Threats
Jack Mannino, CEO, nVisiumCommentary
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.
By Jack Mannino CEO, nVisium, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity's Lament: There Are No Cooks in Space
Curtis Franklin Jr., Senior Editor at Dark Reading
Cybersecurity staff are on edge for the same reason that there are no cooks on the ISS: Organizations are carefully watching expenses for jobs that don't require dedicated team members.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/3/2020
Comment0 comments  |  Read  |  Post a Comment
Building Security Strategies in Sub-Saharan Africa: Trends and Concerns
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts discuss the rise in cybercrime affecting sub-Saharan Africa and the necessary changes to improve security.
By Kelly Sheridan Staff Editor, Dark Reading, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
BIG-IP Vulnerabilities Could be Big Trouble for Customers
Dark Reading Staff, Quick Hits
Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
By Dark Reading Staff , 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Businesses Invest in Cloud Security Tools Despite Concerns
Kelly Sheridan, Staff Editor, Dark ReadingNews
A majority of organizations say the acceleration was driven by a need to support more remote employees.
By Kelly Sheridan Staff Editor, Dark Reading, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
New MacOS Ransomware Hides in Pirated Program
Dark Reading Staff, Quick Hits
A bogus installer for Little Snitch carries a ransomware hitchhiker.
By Dark Reading Staff , 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
4 Steps to a More Mature Identity Program
Mike Kiser, Global Security Advocate, Office of the CTO, SailPointCommentary
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
By Mike Kiser Global Security Advocate, Office of the CTO, SailPoint, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn
Robert Lemos, Contributing WriterNews
After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it.
By Robert Lemos Contributing Writer, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
5 New InfoSec Job Training Trends: What We're Studying During COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading
With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/26/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities Declining in Open Source, but Slow Patching Still a Problem
Robert Lemos, Contributing WriterNews
Even as more code is produced, indirect dependencies continue to undermine security.
By Robert Lemos Contributing Writer, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
Better Collaboration Between Security & Development
Dan Cornell, CTO, Denim GroupCommentary
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.
By Dan Cornell CTO, Denim Group, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
Lucifer Malware Aims to Become Broad Platform for Attacks
Robert Lemos, Contributing WriterNews
The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems.
By Robert Lemos Contributing Writer, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
Apple Buys Fleetsmith
Dark Reading Staff, Quick Hits
The fleet management company becomes part of Apple in a deal announced today.
By Dark Reading Staff , 6/24/2020
Comment0 comments  |  Read  |  Post a Comment
Rethinking Enterprise Access, Post-COVID-19
Dor Knafo, Co-Founder & CEO of Axis SecurityCommentary
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
By Dor Knafo Co-Founder & CEO of Axis Security, 6/24/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter Says Business Users Were Vulnerable to Data Breach
Dark Reading Staff, Quick Hits
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find.
By Dark Reading Staff , 6/23/2020
Comment1 Comment  |  Read  |  Post a Comment
Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
Robert Lemos, Contributing WriterNews
Networking devices sold under at least one major brand have a firmware vulnerability that allows hackers to take control of the device, a cybersecurity firm claims.
By Robert Lemos Contributing Writer, 6/22/2020
Comment0 comments  |  Read  |  Post a Comment
Employees Say They're Working From Home Without Security Guidance
Dark Reading Staff, Quick Hits
Working from home is new for many enterprise employees, yet many say they've received little in the way of new training or technology to keep them safe.
By Dark Reading Staff , 6/22/2020
Comment2 comments  |  Read  |  Post a Comment
Cloud Security Alliance Offers Tips to Protect Telehealth Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 6/19/2020
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by NoahSorell
Current Conversations Really!
In reply to: Re: Not surprising
Post Your Own Reply
Posted by xfygx
Current Conversations Why it happen?
In reply to: Why
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5595
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute...
CVE-2020-5596
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a mali...
CVE-2020-5597
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products o...
CVE-2020-5598
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop ...
CVE-2020-5599
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remo...