7 Places Where Privacy and Security Collide
7 Ways Cybercriminals Are Scamming a Fortune from Cryptocurrencies
AppSec in the World of 'Serverless'
Containerized Apps: An 8-Point Security Checklist
Dark Reading Launches Second INsecurity Conference
News & Commentary
New Drupal Exploit Mines Monero for Attackers
Dark Reading Staff, Quick Hits
A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.
By Dark Reading Staff , 6/22/2018
Comment0 comments  |  Read  |  Post a Comment
Cracking Cortana: The Dangers of Flawed Voice Assistants
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
By Kelly Sheridan Staff Editor, Dark Reading, 6/22/2018
Comment0 comments  |  Read  |  Post a Comment
'Pay Up or Get WannaCry Hit' Extortion Email Spreading
Dark Reading Staff, Quick Hits
Sophos warns of a 'protection racket' scam email that threatens to infect victims with the ransomware variant if they don't pay the attackers.
By Dark Reading Staff , 6/22/2018
Comment0 comments  |  Read  |  Post a Comment
White House Email Security Faux Pas?
E.J. Whaley, Solutions Engineer at GreatHornCommentary
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
By E.J. Whaley Solutions Engineer at GreatHorn, 6/22/2018
Comment0 comments  |  Read  |  Post a Comment
Destructive Nation-State Cyberattacks Will Rise
Jai Vijayan, Freelance writerNews
More than 90 percent of respondents in a Tripwire survey in Europe expect attacks by state-sponsored threat actors to increase in the next 12 months.
By Jai Vijayan Freelance writer, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Four New Vulnerabilities in Phoenix Contact Industrial Switches
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Artificial Intelligence & the Security Market
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Click2Gov Breaches Attributed to WebLogic Application Flaw
Dark Reading Staff, Quick Hits
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
By Dark Reading Staff , 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
7 Places Where Privacy and Security Collide
Curtis Franklin Jr., Senior Editor at Dark Reading
Privacy and security can experience tension at a number of points in the enterprise. Here are seven plus some possibilities for easing the strain.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Jason McKay, CTO, LogicworksCommentary
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
By Jason McKay CTO, Logicworks, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office: The Go-To Platform for Zero-Day Exploits
Kelly Sheridan, Staff Editor, Dark ReadingNews
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
By Kelly Sheridan Staff Editor, Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
AppSec in the World of 'Serverless'
Boris Chen, Co-founder and VP Engineering, tCell, Inc.Commentary
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
By Boris Chen Co-founder and VP Engineering, tCell, Inc., 6/21/2018
Comment1 Comment  |  Read  |  Post a Comment
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment3 comments  |  Read  |  Post a Comment
China-Based Cyber Espionage Campaign Targets Satellite, Telecom, Defense Firms
Jai Vijayan, Freelance writerNews
Threat group Thrip is using three computers based in China to steal data from targeted companies in Southeast Asia and the US, Symantec says.
By Jai Vijayan Freelance writer, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, PreemptCommentary
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
By Ajit Sancheti CEO and Co-Founder, Preempt, 6/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Intel VP Talks Data Security Focus Amid Rise of Blockchain, AI
Kelly Sheridan, Staff Editor, Dark ReadingNews
Intel vice president Rick Echevarria discusses the challenges of balancing data security with new technologies like blockchain and artificial intelligence.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Alphabet Launches VirusTotal Monitor to Stop False Positives
Dark Reading Staff, Quick Hits
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
By Dark Reading Staff , 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Improving the Adoption of Security Automation
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Four barriers to automation and how to overcome them.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Best and Worst Tasks for Security Automation
Kelly Sheridan, Staff Editor, Dark Reading
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Mylobot Malware Brings New Sophistication to Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise securitythe IT team members tasked with protecting critical data from cyber threatsand will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7682
PUBLISHED: 2018-06-22
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
CVE-2018-12689
PUBLISHED: 2018-06-22
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVE-2018-12538
PUBLISHED: 2018-06-22
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage...
CVE-2018-12684
PUBLISHED: 2018-06-22
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
CVE-2018-12687
PUBLISHED: 2018-06-22
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.
Flash Poll
Video
Slideshows
Twitter Feed