News & Commentary

Latest Content
Page 1 / 2   >   >>
Cyber Espionage Campaign Reuses Code from China's APT1
News  |  10/18/2018  | 
US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.
How to Get Consumers to Forgive You for a Breach
Quick Hits  |  10/18/2018  | 
It starts with already-established trust, a new survey shows.
New Security Woes for Popular IoT Protocols
News  |  10/18/2018  | 
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
Audits: The Missing Layer in Cybersecurity
Commentary  |  10/18/2018  | 
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
Former Equifax Manager Sentenced for Insider Trading
Quick Hits  |  10/18/2018  | 
Sudhakar Bonthu bought and sold Equifax stock options prior to the public disclosure of its 2017 data breach.
7 Ways A Collaboration System Could Wreck Your IT Security
Slideshows  |  10/18/2018  | 
The same traits that make collaboration systems so useful for team communications can help hackers, too.
Apache Access Vulnerability Could Affect Thousands of Applications
News  |  10/18/2018  | 
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.
Getting Up to Speed with "Always-On SSL"
Commentary  |  10/18/2018  | 
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
Inside the Dark Web's 'Help Wanted' Ads
News  |  10/18/2018  | 
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.
3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
News  |  10/17/2018  | 
In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.
Oracle Issues Massive Collection of Critical Security Updates
Quick Hits  |  10/17/2018  | 
The software updates from Oracle address a record number of vulnerabilities.
(ISC) : Global Cybersecurity Workforce Short 3 Million People
News  |  10/17/2018  | 
With the skills gap still wide, security leaders explain the challenges of hiring and retaining security experts.
Cybercrime-as-a-Service: No End in Sight
Commentary  |  10/17/2018  | 
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
SEC Warns Public Companies on Accounting Control Use
Quick Hits  |  10/17/2018  | 
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
Startup Spun Out of Securosis Secures $2.5 Million Seed Investment
News  |  10/17/2018  | 
DistruptOps officially rolls out its SaaS for automating control of cloud operations and security.
The Three Dimensions of the Threat Intelligence Scale Problem
Commentary  |  10/17/2018  | 
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
FICO & US Chamber of Commerce Score Cyber-Risk Across 10 Sectors
News  |  10/16/2018  | 
Media, telecom, and technology firms are far more likely to experience a data breach in the near future than organizations in sectors including energy, construction, and transportation.
A Cybersecurity Weak Link: Linux and IoT
Commentary  |  10/16/2018  | 
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
NC Water Utility Fights Post-Hurricane Ransomware
News  |  10/16/2018  | 
North Carolina's Onslow Water and Sewer Authority was hit with an advanced attack in the wake of Hurricane Florence.
Rapid7 Acquires tCell
Quick Hits  |  10/16/2018  | 
The purchase brings together a cloud security platform with a web application firewall.
6 Reasons Why Employees Violate Security Policies
Slideshows  |  10/16/2018  | 
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
Spies Among Us: Tracking, IoT & the Truly Inside Threat
Commentary  |  10/16/2018  | 
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
6 Security Trends for 2018/2019
News  |  10/15/2018  | 
Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.
IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training
News  |  10/15/2018  | 
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
Millions of Voter Records Found for Sale on the Dark Web
Quick Hits  |  10/15/2018  | 
Voter registration databases from 19 US states are being hawked in an underground hacking forum, researchers say.
3 Out of 4 Employees Pose a Security Risk
News  |  10/15/2018  | 
New MediaPRO study also finds that management performed worse than entry- and mid-level employees in how to handle a suspected phishing email.
DoD Travel System Breach Exposed Data of 30K Civilian, Military Employees
Quick Hits  |  10/15/2018  | 
Defense Dept. says contractor that handles travel management services was hacked.
4 Ways to Fight the Email Security Threat
Commentary  |  10/15/2018  | 
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
Most IT Security Pros Want to Change Jobs
Quick Hits  |  10/12/2018  | 
They cite five main reasons for wanting to move on and what it would take to retain them.
Facebook Update: 30 Million Users Actually Hit in its Recent Breach
News  |  10/12/2018  | 
The good news: That number is less than the original estimate of 50 million. The bad news: It might not have been the only attack.
Threat Hunters & Security Analysts: A Dynamic Duo
Commentary  |  10/12/2018  | 
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
12 Free, Ready-to-Use Security Tools
Slideshows  |  10/12/2018  | 
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
News  |  10/11/2018  | 
Many organizations have yet to create an effective cybersecurity strategy and it's costing them millions.
Chinese Intelligence Officer Under Arrest for Trade Secret Theft
News  |  10/11/2018  | 
Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.
Window Snyder Shares Her Plans for Intel Security
News  |  10/11/2018  | 
The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.
Most Malware Arrives Via Email
Quick Hits  |  10/11/2018  | 
Watch out for messages with the word "invoice" in the subject line, too.
Not All Multifactor Authentication Is Created Equal
Commentary  |  10/11/2018  | 
Users should be aware of the strengths and weaknesses of the various MFA methods.
Google Adds New Identity, Security Tools to Cloud Platform
News  |  10/11/2018  | 
A wave of cloud news includes new tools for identity and access management and policies for stronger controls on cloud resources.
One-Third of US Adults Hit with Identity Theft
Quick Hits  |  10/11/2018  | 
That's double the global average and more than three times the rate of French and German adults.
The Better Way: Threat Analysis & IIoT Security
Commentary  |  10/11/2018  | 
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
Meet 5 Women Shaping Microsoft's Security Strategy
Slideshows  |  10/10/2018  | 
Profiles of some of the women currently leading Microsoft security operations - and their efforts to drive inclusivity.
Russian Hacking Groups Intersect in Recent Cyberattacks
News  |  10/10/2018  | 
Two different hacking teams best known as Turla and Fancy Bear employed the same stealthy attack method in an unusual overlap of hacking activity.
New Threat Group Conducts Malwareless Cyber Espionage
News  |  10/10/2018  | 
Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult.
Imperva to Be Acquired by Thoma Bravo for $2.1 Billion
Quick Hits  |  10/10/2018  | 
But two law firms are investigating whether the security vendor breached its fiduciary duty to shareholders by not actively seeking buyers offering a higher price.
IIS Attacks Skyrocket, Hit 1.7M in Q2
Quick Hits  |  10/10/2018  | 
Drupal and Oracle WebLogic also were hit with more cyberattacks during same quarter.
Security Researchers Struggle with Bot Management Programs
Commentary  |  10/10/2018  | 
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
Google+ Vulnerability Hits Service, Leads to Shutdown
News  |  10/9/2018  | 
In response to the breach, Google is changing policies, modifying APIs, and shutting down Google+.
Git Gets Patched for Newly Found Flaw
Quick Hits  |  10/9/2018  | 
A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.
Lesser Skilled Cybercriminals Adopt Nation-State Hacking Methods
News  |  10/9/2018  | 
The trend underscores the need for organizations of all sizes to be prepared to detect and respond to threats faster, CrowdStrike says.
Constructing the Future of ICS Cybersecurity
News  |  10/9/2018  | 
As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.
Page 1 / 2   >   >>


12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.