8 Big Processor Vulnerabilities in 2018
What We Talk About When We Talk About Risk
7 Ways to Keep DNS Safe
6 M&A Security Tips
Name That Toon: Mobile Threat
News & Commentary
Time to Yank Cybercrime into the Light
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Too many organizations are still operating blindfolded, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
GRU hackers used bitcoin to fund US computer network infrastructure supporting and hiding the operation.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/13/2018
Comment1 Comment  |  Read  |  Post a Comment
GandCrab Ransomware Continues to Evolve But Can't Spread Via SMB Shares Yet
Jai Vijayan, Freelance writerNews
Recent fears that this year's most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.
By Jai Vijayan Freelance writer, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
8 Big Processor Vulnerabilities in 2018
Ericka Chickowski, Contributing Writer, Dark Reading
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
Congressional Report Cites States Most Vulnerable to Election Hacking
Dark Reading Staff, Quick Hits
A new report details issues with 18 states along with suggestions on what can be done.
By Dark Reading Staff , 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
FBI: Email Account Compromise Losses Reach $12B
Dark Reading Staff, Quick Hits
There were more than 78K business email account (BEC) and email account compromise (EAC) scam incidents worldwide between October 2013 and May 2018.
By Dark Reading Staff , 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Tom Badders, Senior Product Manager, Secure Mobility, at Telos CorporationCommentary
To keep an organization safe, you must think about the entire IT ecosystem.
By Tom Badders Senior Product Manager, Secure Mobility, at Telos Corporation, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
SOCs Use Automation to Compensate for Training, Technology Issues
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
WordPress Sites Targeted in World Cup-Themed Spam Scam
Jai Vijayan, Freelance writerNews
Spammers using a 'spray & pray' approach to post comments on WordPress powered blogs, forums, says Imperva.
By Jai Vijayan Freelance writer, 7/12/2018
Comment1 Comment  |  Read  |  Post a Comment
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Web app security pioneer dishes on his teenage security career, his love of electric scooters, Ace Ventura and a new baby food business venture with his wife and famed chef, Kathy Fang.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESETCommentary
Establishing an entre into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.
By Lysa Myers Security Researcher, ESET, 7/12/2018
Comment1 Comment  |  Read  |  Post a Comment
ICS Security: 'The Enemy Is in the Wire'
Wayne Lloyd, Federal CTO at RedSealCommentary
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
By Wayne Lloyd Federal CTO at RedSeal, 7/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Timehop Releases New Details About July 4 Breach
Dark Reading Staff, Quick Hits
Additional information includes PII affected and the authentication issue that led to the breach.
By Dark Reading Staff , 7/12/2018
Comment0 comments  |  Read  |  Post a Comment
Ukraine Security Service Stops VPNFilter Attack at Chlorine Station
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The facility's process control system and emergency-detection system were infected, Interfax Ukraine reports.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/12/2018
Comment0 comments  |  Read  |  Post a Comment
Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data
Jai Vijayan, Freelance writerNews
A moderately skilled hacker managed to steal export-restricted data pertaining to the Reaper drone and Abrams tank from computers belonging to two US Army officials.
By Jai Vijayan Freelance writer, 7/11/2018
Comment2 comments  |  Read  |  Post a Comment
Newly Found Spectre Variants Bring New Concerns
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
Critical Vulns Earn $2K Amid Rise of Bug Bounty Programs
Kelly Sheridan, Staff Editor, Dark ReadingNews
As of June, a total of $31 million has been awarded to security researchers for this year already a big jump from the $11.7 million awarded for the entire 2017.
By Kelly Sheridan Staff Editor, Dark Reading, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
Banks Suffer an Average of 3.8 Data Leak Incidents Per Week
Dark Reading Staff, Quick Hits
New study examines how financial services information gets sold and shared in the Dark Web.
By Dark Reading Staff , 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
Getting Safe, Smart & Secure on S3
Eric Thomas, Director of Cloud, ExtraHopCommentary
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
By Eric Thomas Director of Cloud, ExtraHop, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
This Is How Much a 'Mega Breach' Really Costs
Kelly Sheridan, Staff Editor, Dark ReadingNews
The average cost of a data breach is $3.86 million, but breaches affecting more than 1 million records are far more expensive.
By Kelly Sheridan Staff Editor, Dark Reading, 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by pokerdominoqq
Current Conversations very nice
In reply to: pokerdominoqq
Post Your Own Reply
More Conversations
PR Newswire
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise securitythe IT team members tasked with protecting critical data from cyber threatsand will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2638
PUBLISHED: 2018-07-16
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
CVE-2017-7468
PUBLISHED: 2018-07-16
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was...
CVE-2018-13387
PUBLISHED: 2018-07-16
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or ...
CVE-2018-14071
PUBLISHED: 2018-07-16
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.
CVE-2018-5229
PUBLISHED: 2018-07-16
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.
Flash Poll
Video
Slideshows
Twitter Feed