Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
Did Companies Fail to Disclose Being Affected by SolarWinds Breach?
News  |  6/21/2021  | 
The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.
Software-Container Supply Chain Sees Spike in Attacks
News  |  6/21/2021  | 
Attackers target companies' container supply chain, driving a sixfold increase in a year, aiming to steal processing time for cryptomining and compromise cloud infrastructure.
One in Five Manufacturing Firms Targeted by Cyberattacks
News  |  6/17/2021  | 
Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.
Google Launches SLSA, a New Framework for Supply Chain Integrity
Quick Hits  |  6/17/2021  | 
The "Supply chain Levels for Software Artifacts" aims to ensure the integrity of components throughout the software supply chain.
Security Experts Scrutinize Apple, Amazon IoT Networks
News  |  6/15/2021  | 
Both companies have done their due diligence in creating connected-device networks, but the pervasiveness of the devices worries some security researchers.
Cyber Analytics Database Exposed 5 Billion Records Online
Quick Hits  |  6/14/2021  | 
In an ironic twist, Cognyte's data alerts customers to third-party data exposures.
Google Workspace Adds Client-Side Encryption
Quick Hits  |  6/14/2021  | 
Users given control over encryption keys, Google says.
New Top 20 Secure-Coding List Positions PLCs as Plant 'Bodyguards'
News  |  6/14/2021  | 
Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.
Name That Toon: Sight Unseen
Commentary  |  6/14/2021  | 
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
News  |  6/11/2021  | 
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
Deepfakes Are on the Rise, but Don't Panic Just Yet
Commentary  |  6/10/2021  | 
Deepfakes will likely give way to deep suspicion, as users try to sort legitimate media from malicious.
New Security Event @Hack to Take Place in Saudi Arabia
Quick Hits  |  6/9/2021  | 
The Saudi Federation of Cybersecurity, Programming, and Drones (SAFCSP) and Informa Tech will launch a multi-day event in Riyadh this November.
Ransomware Is Not the Problem
Commentary  |  6/9/2021  | 
Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.
Microsoft Patches 6 Zero-Days Under Active Attack
News  |  6/8/2021  | 
The June 2021 Patch Tuesday fixes 50 vulnerabilities, six of which are under attack and three of which were publicly known at the time of disclosure.
Colonial Pipeline CEO: Ransomware Attack Started via Pilfered 'Legacy' VPN Account
Quick Hits  |  6/8/2021  | 
No multifactor authentication was attached to the stolen VPN password used by the attackers, Colonial Pipeline president & CEO Joseph Blount told a Senate committee today.
First Known Malware Surfaces Targeting Windows Containers
News  |  6/7/2021  | 
Siloscape is designed to create a backdoor in Kubernetes clusters to run malicious containers.
Cartoon Caption Winner: Road Trip
Commentary  |  6/7/2021  | 
And the winner of Dark Reading's cartoon caption contest is ...
Organizations Shift Further Left in App Development
Quick Hits  |  6/4/2021  | 
Most IT and security professionals surveyed think security is a critical enough reason to pause app development.
Google Experts Explore Open Source Security Challenges & Fixes
News  |  6/3/2021  | 
An open source security event brought discussions of supply chain security and managing flaws in open source projects.
Processor Morphs Its Architecture to Make Hacking Really Hard
News  |  6/2/2021  | 
Researchers create a processor that uses encryption to modify its memory architecture during runtime, making it very difficult for hackers to exploit memory-based vulnerabilities.
New Barebones Ransomware Strain Surfaces
News  |  6/1/2021  | 
The authors of Epsilon Red have offloaded many tasks that are usually integrated into the ransomware -- such as Volume Shadow Copy deletion -- to PowerShell scripts.
Plug-ins for Code Editors Pose Developer-Security Threat
News  |  5/28/2021  | 
There are two critical vulnerabilities in plug-ins for the popular Visual Studio Code editor, now patched, but security firm Snyk warns that popular plug-ins could put development environments in jeopardy.
Most Mobile Apps Can Be Compromised in 15 Minutes or Less
Commentary  |  5/28/2021  | 
In the name of releasing apps quickly and delivering a smooth user experience, mobile app security is often given short shrift.
DHS Orders Pipeline Operators to Report Cyberattacks, Review Security Posture
News  |  5/27/2021  | 
On the heels of the Colonial Pipeline attack, the US Department of Homeland Security aims to force a reticent industry to improve its ability to detect and respond to cybersecurity attacks.
Bug Bounties and the Cobra Effect
Commentary  |  5/26/2021  | 
Are bug bounty programs allowing software companies to skirt their responsibility to make better, more secure products from the get-go?
Messaging Apps: The Latest Hotbed in the Fraud Ecosystem
Commentary  |  5/26/2021  | 
Telegram and other secure messaging apps have become a haven for professional criminals to wreak havoc and turn a profit.
Rise in Opportunistic Hacks and Info-Sharing Imperil Industrial Networks
News  |  5/25/2021  | 
Security researchers at Mandiant have seen an increasing wave of relatively simplistic attacks involving ICS systems - and attackers sharing their finds with one another - since 2020.
MacOS Zero-Day Let Attackers Bypass Privacy Preferences
Quick Hits  |  5/25/2021  | 
Apple has released security patches for vulnerabilities in macOS and tvOS that reports indicate have been exploited in the wild.
Your Network's Smallest Cracks Are Now Its Biggest Threats
Commentary  |  5/25/2021  | 
Bad actors have flipped the script by concentrating more on low-risk threats. Here's how to address the threat and the tactics.
As Threat Hunting Matures, Malware Labs Emerge
Commentary  |  5/24/2021  | 
By leveraging their analysis outputs, security pros can update detection rules engines and establish a stronger security posture in the process.
Dev-Sec Disconnect Undermines Secure Coding Efforts
News  |  5/20/2021  | 
Rather than continue to complain about each other, developers and security pros need to work together and celebrate their successes.
Lack of Skills, Maturity Hamper Threat Hunting at Many Organizations
News  |  5/20/2021  | 
When implemented correctly, threat hunting can help organizations stay head of threats, researcher says at RSA Conference.
100M Users' Data Exposed via Third-Party Cloud Misconfigurations
Quick Hits  |  5/20/2021  | 
Researchers who examined 23 Android apps report developers potentially exposed the data of more than 100 million people.
Automation & Pervasive, Connected Technology to Pose Cyber Threats in 2030
News  |  5/19/2021  | 
A project to look at potential cybersecurity threats in a decade sees hackers and marketers sending spam directly to our vision, while attackers' automated systems adapt faster than defenses.
How to Adapt to Rising Consumer Expectations of Invisible Security
Commentary  |  5/19/2021  | 
Working from home has changed users' ideas about seamless security. Here's how to address them.
Credential Stuffing Reaches 193 Billion Login Attempts Annually
News  |  5/19/2021  | 
More attacks does not necessarily mean more threats, but all attacks types have increased, according to Akamai's new "State of the Internet" report.
How Ransomware Encourages Opportunists to Become Criminals
Commentary  |  5/19/2021  | 
And what's needed to stop it: Better information sharing among private organizations and with law enforcement agencies.
How to Mitigate Against Domain Credential Theft
Commentary  |  5/18/2021  | 
Attackers routinely reuse stolen domain credentials. Here are some ways to thwart their access.
Agility Broke AppSec. Now It's Going to Fix It.
Commentary  |  5/17/2021  | 
Outnumbered 100 to 1 by developers, AppSec needs a new model of agility to catch up and protect everything that needs to be secured.
Name That Toon: Road Trip
Commentary  |  5/17/2021  | 
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Rapid7 Source Code Accessed in Supply Chain Attack
Quick Hits  |  5/14/2021  | 
An investigation of the Codecov attack revealed intruders accessed Rapid7 source code repositories containing internal credentials and alert-related data.
Wi-Fi Design, Implementation Flaws Allow a Range of Frag Attacks
News  |  5/14/2021  | 
Every Wi-Fi product is affected by at least one fragmentation and aggregation vulnerability, which could lead to a machine-in-the-middle attack, researcher says.
Firms Struggle to Secure Multicloud Misconfigurations
News  |  5/13/2021  | 
Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database.
When AI Becomes the Hacker
News  |  5/13/2021  | 
Bruce Schneier explores the potential dangers of artificial intelligence (AI) systems gone rogue in society.
Microsoft Adds GPS Location to Identity & Access Control in Azure AD
Quick Hits  |  5/13/2021  | 
New capabilities let admins restrict access to resources from privileged access workstations or regions based on GPS location.
Researchers Unearth 167 Fake iOS & Android Trading Apps
Quick Hits  |  5/12/2021  | 
The apps are disguised as financial trading, banking, and cryptocurrency apps from well-known and trusted organizations.
Hashes, Salts, and Rainbow Tables: Confessions of a Password Cracker
Commentary  |  5/12/2021  | 
Understanding a few basics about how password crackers think and behave could help you keep your users safer.
Microsoft Patch Tuesday: 4 Critical CVEs, 3 Publicly Known, 1 Wormable
News  |  5/11/2021  | 
Microsoft releases security patches for 55 vulnerabilities in its monthly roundup, which includes a critical, wormable flaw in the HTTP protocol stack.
Cartoon Caption Winner: Greetings, Earthlings
Commentary  |  5/11/2021  | 
And the winner of Dark Reading's April cartoon caption contest is ...
Most Organizations Feel More Vulnerable to Breaches Amid Pandemic
Quick Hits  |  5/7/2021  | 
More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.
Page 1 / 2   >   >>


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24376
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory w...
CVE-2021-24377
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on t...
CVE-2021-24378
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute w...
CVE-2021-24379
PUBLISHED: 2021-06-21
The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some...
CVE-2021-24383
PUBLISHED: 2021-06-21
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue