2018 Pwnie Awards: Who Pwned, Who Got Pwned
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
6 Eye-Raising Third-Party Breaches
10 Threats Lurking on the Dark Web
Breaking Down the PROPagate Code Injection Attack
News & Commentary
Ohio Man Sentenced to 15 Years for BEC Scam
Dark Reading Staff, Quick Hits
Olumuyiwa Adejumo and co-conspirators targeted CEOs, CFOs, and other enterprise leaders in the US with fraudulent emails.
By Dark Reading Staff , 8/20/2018
Comment0 comments  |  Read  |  Post a Comment
Google Updates: Cloud HSM Beta, Binary Authorization for Kubernetes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google's latest cloud security rollouts include early releases of its cloud-hosted security module and a container security tool to verify signed images.
By Kelly Sheridan Staff Editor, Dark Reading, 8/20/2018
Comment0 comments  |  Read  |  Post a Comment
Augusta University Health Reports Major Data Breach
Dark Reading Staff, Quick Hits
Over 400K individuals affected by the breach, which was the result of a successful phishing attack that occurred in September 2017.
By Dark Reading Staff , 8/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Staff, CommentaryVideo
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
By Dark Reading Staff , 8/20/2018
Comment0 comments  |  Read  |  Post a Comment
Real Estate Industry Remains Rich Target for Cybercrime
Steve Zurier, Freelance WriterNews
Trojans, file downloaders, stolen credentials, and BEC scams, hitting the real estate sector.
By Steve Zurier Freelance Writer, 8/20/2018
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Compliance and Risk Management Officer, AvePoint, IncCommentary
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
By Dana Simberkoff Chief Compliance and Risk Management Officer, AvePoint, Inc, 8/20/2018
Comment2 comments  |  Read  |  Post a Comment
How Better Intel Can Reduce, Prevent Payment Card Fraud
Dark Reading Staff, CommentaryVideo
Royal Bank of Canada machine learning researcher and Terbium Labs chief scientist discuss how they use intelligence about the carding market to predict the next payment card fraud victims.
By Dark Reading Staff , 8/20/2018
Comment0 comments  |  Read  |  Post a Comment
Make a Wish: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 8/18/2018
Comment0 comments  |  Read  |  Post a Comment
Researchers Find New Fast-Acting Side-Channel Vulnerability
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/17/2018
Comment1 Comment  |  Read  |  Post a Comment
Malicious Cryptomining & Other Shifting Threats
Dark Reading Staff, CommentaryVideo
Skybox Security CMO Michelle Johnson Cobb discloses research results that include a spike in malicious cryptomining during Bitcoins peak, a shift to outside-the-perimeter mobile threats, and more.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
The Economics of AI-Enabled Security
Dark Reading Staff, CommentaryVideo
While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Using Threat Deception on Malicious Insiders
Dark Reading Staff, CommentaryVideo
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Filtering the Threat Intelligence Tsunami
Dark Reading Staff, CommentaryVideo
Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Ensuring Web Applications Are Hardened, Secure
Dark Reading Staff, CommentaryVideo
Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Marap Malware Appears, Targeting Financial Sector
Dark Reading Staff, Quick Hits
A new form of modular downloader packs the ability to download other modules and payloads.
By Dark Reading Staff , 8/17/2018
Comment1 Comment  |  Read  |  Post a Comment
Building Security into the DevOps Pipeline
Dark Reading Staff, CommentaryVideo
As companies pump more code into production at a faster pace, CA Veracode VP of Security Research Chris Eng stresses the importance of avoiding vulnerabilities by building security directly into the DevOps pipeline.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Supplementing the SOC with Cyber-as-a-Service
Dark Reading Staff, CommentaryVideo
Raytheon Cyber Protection Solutions CTO Mark Orlando suggests under-resourced SOCs enhance their effectiveness at-scale by tapping the advanced cyber defense automation his company has developed.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Exploring, Exploiting Active Directory Admin Flaws
Kelly Sheridan, Staff Editor, Dark ReadingNews
Common methods AD administrators use to protect their environments can easily be exploited. Here's how.
By Kelly Sheridan Staff Editor, Dark Reading, 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Assessing & Mitigating Increased Exposure to Third-Party Risk
Dark Reading Staff, CommentaryVideo
As we increasingly connect with each other digitally, CyberGRX CRO Scott Schneider believes we need to be much more diligent about sharing validated insight into the infosec maturity of our organizations.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Australian Teen Hacked Apple Network
Dark Reading Staff, Quick Hits
More Stories
Current Conversations
More Conversations
PR Newswire
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Compliance and Risk Management Officer, AvePoint, Inc,  8/20/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise securitythe IT team members tasked with protecting critical data from cyber threatsand will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12579
PUBLISHED: 2018-08-20
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attac...
CVE-2018-14020
PUBLISHED: 2018-08-20
An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one tha...
CVE-2018-14023
PUBLISHED: 2018-08-20
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.
CVE-2018-1394
PUBLISHED: 2018-08-20
Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.
CVE-2018-1517
PUBLISHED: 2018-08-20
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.
Flash Poll
Video
Slideshows
Twitter Feed