Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Application Security
Page 1 / 2   >   >>
Insurance Giant Chubb Might Be Ransomware Victim
Quick Hits  |  3/26/2020  | 
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
Missing Patches, Misconfiguration Top Technical Breach Causes
News  |  3/25/2020  | 
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
Tupperware Hit by Card Skimmer Attack
Quick Hits  |  3/25/2020  | 
Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.
Do DevOps Teams Need a Company Attorney on Speed Dial?
Commentary  |  3/25/2020  | 
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
Malware Found Hidden in Android Utility Apps, Children's Games
Quick Hits  |  3/24/2020  | 
The 'Tekya' malware, as researchers call it, is designed to imitate the user's actions to click advertisements.
How to Secure Your Kubernetes Deployments
Commentary  |  3/24/2020  | 
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
538 Million Weibo Users' Info for Sale on Dark Web
Quick Hits  |  3/23/2020  | 
The user data, which does not include passwords, purportedly comes from a mid-2019 breach.
200M Records of US Citizens Leaked in Unprotected Database
News  |  3/20/2020  | 
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
Quick Hits  |  3/19/2020  | 
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
Achieving DevSecOps Requires Cutting Through the Jargon
Commentary  |  3/19/2020  | 
Establishing a culture where security can work easily with developers starts with making sure they can at least speak the same language.
500,000 Documents Exposed in Open S3 Bucket Incident
Quick Hits  |  3/18/2020  | 
The open database exposed highly sensitive financial and business documents related to two financial organizations.
Attorney General Directs DoJ to Prioritize Coronavirus Crime
Quick Hits  |  3/17/2020  | 
Criminal activity related to the pandemic cannot be tolerated, William Barr states in memo.
Startup Offering Secure Access to Corporate Apps Emerges from Stealth
News  |  3/17/2020  | 
Axis Security has raised $17 million in VC funding.
Hellman & Friedman Acquires Checkmarx for $1.15B
Quick Hits  |  3/16/2020  | 
The private equity firm will buy Checkmarx from Insight Partners, which will continue to own a minority interest.
Fewer Vulnerabilities in Web Frameworks, but Exploits Remain Steady
News  |  3/16/2020  | 
Attackers continue to focus on web and application frameworks, such as Apache Struts and WordPress, fighting against a decline in vulnerabilities, according to an analysis.
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Quick Hits  |  3/11/2020  | 
The federal commission outlined more than 60 recommendations to remedy major security problems.
How Microsoft Disabled Legacy Authentication Across the Company
News  |  3/9/2020  | 
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.
Malware Campaign Feeds on Coronavirus Fears
Quick Hits  |  3/9/2020  | 
A new malware campaign that offers a "coronavirus map" delivers a well-known data-stealer.
7 Cloud Attack Techniques You Should Worry About
Slideshows  |  3/6/2020  | 
Security pros detail the common and concerning ways attackers target enterprise cloud environments.
Former Acting Inspector General Charged in Federal Fraud Scheme
Quick Hits  |  3/6/2020  | 
A federal grand jury has indicted Charles K. Edwards on 16 counts related to a conspiracy to steal software from one department and sell an enhanced version to another.
3 Data Breaches Disclosed This Week: J.Crew, T-Mobile, and Carnival
Quick Hits  |  3/5/2020  | 
The separate incidents show how data theft knows no market-based limits.
CISOs Who Want a Seat at the DevOps Table Better Bring Value
Commentary  |  3/4/2020  | 
Here are four ways to make inroads with the DevOps team -- before it's too late.
Cathay Pacific Hit with Fine for Long-Lasting Breach
Quick Hits  |  3/4/2020  | 
The breach, which was active for four years, resulted in the theft of personal information on more than 9 million people.
3 Ways to Strengthen Your Cyber Defenses
Commentary  |  3/4/2020  | 
By taking proactive action, organizations can face down threats with greater agility and earned confidence.
Gotta Patch 'Em All? Not Necessarily, Experts Say
News  |  3/3/2020  | 
When it's impossible to remediate all vulnerabilities in an organization, data can indicate which bugs should be prioritized.
Avoiding the Perils of Electronic Communications
Commentary  |  3/3/2020  | 
Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
Former Microsoft Software Engineer Convicted of Fraud
Quick Hits  |  3/3/2020  | 
The 25-year-old was convicted of 18 charges stemming from illegal access to money stored in online gift cards.
Walgreens' Mobile App Exposes Customers' Info
Quick Hits  |  3/2/2020  | 
An error in the app allowed some secure chat users to see medical information that wasn't theirs.
Clearview AI Customers Exposed in Data Breach
Quick Hits  |  2/27/2020  | 
Customers for the controversial facial recognition company were detailed in a log file leaked to news organizations.
Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions
Commentary  |  2/26/2020  | 
Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.
Google Adds More Security Features Via Chronicle Division
News  |  2/25/2020  | 
Order out of chaos? The saga of Chronicle continues with new security features for the Google Cloud Platform.
Verizon: Attacks on Mobile Devices Rise
News  |  2/25/2020  | 
Companies of all sizes are being hit by mobile attacks and feeling the effects for extended periods of time, according to the 2020 Verizon Mobile Security Index.
California Man Arrested for Politically Motivated DDoS
Quick Hits  |  2/21/2020  | 
The distributed denial-of-service attacks took a congressional candidate's website offline for a total of 21 hours during the campaign for office.
Security Now Merges With Dark Reading
News  |  2/21/2020  | 
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
Ransomware Damage Hit $11.5B in 2019
Quick Hits  |  2/20/2020  | 
A new report shows the scale of ransomware's harm and the growth of that damage year-over-year -- an average of $141,000 per incident.
Users Have Risky Security Habits, but Security Pros Aren't Much Better
News  |  2/19/2020  | 
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
DHS's CISA Warns of New Critical Infrastructure Ransomware Attack
Quick Hits  |  2/19/2020  | 
An attack on a natural gas compression facility sent the operations offline for two days.
DHS Warns of Cyber Heartbreak
Quick Hits  |  2/14/2020  | 
Fraudulent dating and relationship apps and websites raise the risks for those seeking online romance on Valentine's Day.
Apps Remain Favorite Mobile Attack Vector
Quick Hits  |  2/13/2020  | 
Mobile apps are used in nearly 80% of attacks targeting mobile devices, followed by network and operating system attacks.
Forget Hacks... Ransomware, Phishing Are Election Year's Real Threats
Commentary  |  2/13/2020  | 
As we gear up for the voting season, let's put aside any links between foreign interference and voting machine security and focus on the actual risks threatening election security.
Avast Under Investigation by Czech Privacy Agency
Quick Hits  |  2/12/2020  | 
The software security maker is suspected of selling data about more than 100 million users to companies including Google, Microsoft, and Home Depot.
Microsoft Patches Exploited Internet Explorer Flaw
News  |  2/11/2020  | 
This month's Patch Tuesday brings fixes for 99 CVEs, including one IE flaw seen exploited in the wild.
Israel's Entire Voter Registry Exposed in Massive Incident
Quick Hits  |  2/10/2020  | 
Personal details of nearly 6.5 million Israelis were out in the open after the entire registry was uploaded to an notably insecure app.
Google Takeout Serves Up Video Files to Strangers
Quick Hits  |  2/7/2020  | 
A limited number of user videos were shared with others in a five-day incident from November.
RSAC Sets Finalists for Innovation Sandbox
Slideshows  |  2/6/2020  | 
The 10 finalists will each have three minutes to make their case for being the most innovative, promising young security company of the year.
Department of Energy Adds Attivo Decoys for Critical Infrastructure Security
Quick Hits  |  2/5/2020  | 
The decoys and lures will help redirect attacks away from devices that can't be protected through traditional means.
Companies Pursue Zero Trust, but Implementers Are Hesitant
News  |  2/4/2020  | 
Almost three-quarters of enterprises plan to have a zero-trust access model by the end of the year, but nearly half of cybersecurity professionals lack the knowledge to implement the right technologies, experts say.
SharePoint Bug Proves Popular Weapon for Nation-State Attacks
News  |  2/4/2020  | 
Thousands of servers could be exposed to SharePoint vulnerability CVE-2019-0604, recently used in cyberattacks against Middle East government targets.
Microsoft DART Finds Web Shell Threat on the Rise
Quick Hits  |  2/4/2020  | 
Various APT groups are successfully using Web shell attacks on a more frequent basis.
Twitter Suspends Fake Accounts Abusing Feature that Matches Phone Numbers and Users
Quick Hits  |  2/4/2020  | 
The company believes state-sponsored actors may also be involved.
Page 1 / 2   >   >>


How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.