7 Low-Cost Security Tools
Name That Toon: The Advanced Persistent Threat
Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage
6 Questions to Ask While Buying a Connected Car
Embracing DevSecOps: 5 Processes to Improve DevOps Security
News & Commentary
Hacker AI vs. Enterprise AI: A New Threat
Satish Abburi, Founder of Elysium AnalyticsCommentary
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.
By Satish Abburi Founder of Elysium Analytics, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Brings Defender Security Tools to Mac
Kelly Sheridan, Staff Editor, Dark ReadingNews
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Police Federation of England and Wales Suffers Apparent Ransomware Attack
Dark Reading Staff, Quick Hits
National Cyber Security Centre and National Crime Agency investigate random attack that locked down the association's data and deleted backups.
By Dark Reading Staff , 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Joram Borenstein & Rebecca Weintraub, General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical SchoolCommentary
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
By Joram Borenstein & Rebecca Weintraub General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Seek Out Ways to Search IPv6 Space
Robert Lemos, Technology Journalist/Data ResearcherNews
Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day?
By Robert Lemos Technology Journalist/Data Researcher, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
BEC Scammer Pleads Guilty
Dark Reading Staff, Quick Hits
Business email compromise (BEC) operation resulted in $100 million in losses to a multinational technology company and a social media firm, according to the US Attorney's Office.
By Dark Reading Staff , 3/20/2019
Comment2 comments  |  Read  |  Post a Comment
Google Photos Bug Let Criminals Query Friends, Location
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.
By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
The Insider Threat: It's More Common Than You Think
Raj Ananthanpillai, Chairman & CEO, EnderaCommentary
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Less Than 3% of Recycled Computing Devices Properly Wiped
Steve Zurier, Freelance WriterNews
Researchers find that companies that refurbish or accept old equipment as donations don't necessarily clean them of data as promised.
By Steve Zurier Freelance Writer, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
'Critical' Denial-of-Service Bug Patched in Facebook Fizz
Dark Reading Staff, Quick Hits
Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.
By Dark Reading Staff , 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
TLS 1.3: A Good News/Bad News Scenario
Paula Musich, Research Director, Enterprise Management AssociatesCommentary
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office Dominates Most Exploited List
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attack Size Drops 85% in Q4 2018
Kelly Sheridan, Staff Editor, Dark ReadingNews
The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
6 Ways Mature DevOps Teams Are Killing It in Security
Ericka Chickowski, Contributing Writer, Dark Reading
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
The Case of the Missing Data
Mike McKee, CEO of ObserveITCommentary
The latest twist in the Equifax breach has serious implications for organizations.
By Mike McKee CEO of ObserveIT, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Norsk Hydro Shuts Plants Amid Ransomware Attack
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Technology Journalist/Data ResearcherNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDLCommentary
A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
By Alex Haynes Chief Information Security Officer, CDL, 3/19/2019
Comment3 comments  |  Read  |  Post a Comment
New Mirai Version Targets Business IoT Devices
Dark Reading Staff, Quick Hits
The notorious Internet of Things botnet is evolving to attack more types of devices including those found in enterprises.
By Dark Reading Staff , 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
New IoT Security Bill: Third Time's the Charm?
Robert Lemos, Technology Journalist/Data ResearcherNews
The latest bill to set security standards for connected devices sold to the US government has fewer requirements, instead leaving recommendations to the National Institute of Standards and Technology.
By Robert Lemos Technology Journalist/Data Researcher, 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Insider Threat Prevention activated!
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7238
PUBLISHED: 2019-03-21
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
CVE-2017-16253
PUBLISHED: 2019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriti...
CVE-2017-16254
PUBLISHED: 2019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP re...
CVE-2017-16255
PUBLISHED: 2019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP re...
CVE-2018-3968
PUBLISHED: 2019-03-21
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy i...
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Flash Poll
Video
Slideshows
Twitter Feed