News & Commentary
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Ofer Amitai, CEO, PortnoxCommentary
The network no longer provides an air gap against external threats, but access devices can take up the slack.
By Ofer Amitai CEO, Portnox, 1/17/2019
Comment2 comments  |  Read  |  Post a Comment
'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers
Sara Peters, Senior Editor at Dark ReadingNews
New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.
By Sara Peters Senior Editor at Dark Reading, 1/17/2019
Comment0 comments  |  Read  |  Post a Comment
SCOTUS Says Suit Over Fiat-Chrysler Hack Can Move Forward
Dark Reading Staff, Quick Hits
A class-action suit over a 2015 attack demonstration against a Jeep Cherokee can move forward, US Supreme Court rules.
By Dark Reading Staff , 1/11/2019
Comment3 comments  |  Read  |  Post a Comment
Consumers Demand Security from Smart Device Makers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Poll shows individuals want better security from IoT device manufacturers as connected products flood the market.
By Kelly Sheridan Staff Editor, Dark Reading, 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Security Concerns Limit Remote Work Opportunities
Dark Reading Staff, Quick Hits
When companies limit the remote work options that they know will benefit the organization, security concerns are often to blame.
By Dark Reading Staff , 1/9/2019
Comment3 comments  |  Read  |  Post a Comment
Your Life Is the Attack Surface: The Risks of IoT
Jason Haddix, Vice President of Researcher Growth at BugcrowdCommentary
To protect yourself, you must know where you're vulnerable and these tips can help.
By Jason Haddix Vice President of Researcher Growth at Bugcrowd, 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Report: Consumers Buy New Smart Devices But Don't Trust Them
Dark Reading Staff, Quick Hits
The gap between acceptance and trust for new smart devices is huge, according to a new survey.
By Dark Reading Staff , 1/7/2019
Comment1 Comment  |  Read  |  Post a Comment
Threat of a Remote Cyberattack on Today's Aircraft Is Real
Bruce Jackson, President and Managing Director of Air InformaticsCommentary
We need more stringent controls and government action to prevent a catastrophic disaster.
By Bruce Jackson President and Managing Director of Air Informatics, 1/7/2019
Comment2 comments  |  Read  |  Post a Comment
Android Malware Hits Victims in 196 Countries
Dark Reading Staff, Quick Hits
Malware disguised as games and utilities struck more than 100,000 victims before being taken out of Google Play.
By Dark Reading Staff , 1/3/2019
Comment1 Comment  |  Read  |  Post a Comment
Redefining Critical Infrastructure for the Age of Disinformation
Tim Helming, Director of Product Management, DomainToolsCommentary
In an era of tighter privacy laws, it's important to create an online environment that uses threat intelligence productively to defeat disinformation campaigns and bolster democracy.
By Tim Helming Director of Product Management, DomainTools, 1/3/2019
Comment0 comments  |  Read  |  Post a Comment
US-CERT Offers Tips for Securing Internet-Connected Holiday Gifts
Dark Reading Staff, Quick Hits
Key steps to making those home Internet of Things devices just a bit safer.
By Dark Reading Staff , 1/2/2019
Comment0 comments  |  Read  |  Post a Comment
IoT Bug Grants Access to Home Video Surveillance
Dark Reading Staff, Quick Hits
Due to a shared Amazon S3 credential, all users of a certain model of the Guardzilla All-In-One Video Security System can view each other's videos.
By Dark Reading Staff , 12/27/2018
Comment3 comments  |  Read  |  Post a Comment
Spending Spree: What's on Security Investors' Minds for 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 12/26/2018
Comment2 comments  |  Read  |  Post a Comment
Amazon Slip-Up Shows How Much Alexa Really Knows
Dark Reading Staff, Quick Hits
Amazon mistakenly sent one user's Alexa recordings to a stranger but neglected to disclose the error.
By Dark Reading Staff , 12/21/2018
Comment3 comments  |  Read  |  Post a Comment
Criminals Move Markets to Remain in the Shadows
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
While malware families and targets continue to evolve, the most important shift might be happening in the background.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/21/2018
Comment2 comments  |  Read  |  Post a Comment
2018 In the Rearview Mirror
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Among this year's biggest news stories: epic hardware vulnerabilities, a more lethal form of DDoS attack, Olympic 'false flags,' hijacked home routers, fileless malware and a new world's record for data breaches.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018
Comment3 comments  |  Read  |  Post a Comment
The Economics Fueling IoT (In)security
Ariel Kriger, VP Business Development at VDOOCommentary
Attackers understand the profits that lie in the current lack of security. That must change.
By Ariel Kriger VP Business Development at VDOO, 12/13/2018
Comment2 comments  |  Read  |  Post a Comment
Anti-Botnet Guide Aims to Tackle Automated Threats
Kelly Sheridan, Staff Editor, Dark ReadingNews
The international guide is intended to help organizations defend their networks and systems from automated and distributed attacks.
By Kelly Sheridan Staff Editor, Dark Reading, 11/29/2018
Comment1 Comment  |  Read  |  Post a Comment
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff, Quick Hits
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
By Dark Reading Staff , 11/16/2018
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.