News & Commentary

Latest Content
Page 1 / 2   >   >>
Privacy Ops: The New Nexus for CISOs & DPOs
Commentary  |  2/18/2019  | 
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
Hackers Found Phishing for Facebook Credentials
Quick Hits  |  2/15/2019  | 
A "very realistic-looking" login prompt is designed to capture users' Facebook credentials, researchers report.
Staffing Shortage Makes Vulnerabilities Worse
Quick Hits  |  2/15/2019  | 
Businesses don't have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute.
ICS/SCADA Attackers Up Their Game
News  |  2/15/2019  | 
With attackers operating more aggressively and stealthily, some industrial network operators are working to get a jump on the threats.
Post-Quantum Crypto Standards Arent All About the Math
News  |  2/15/2019  | 
The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Commentary  |  2/15/2019  | 
These programs are now an essential strategy in keeping the digital desperados at bay.
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
News  |  2/14/2019  | 
New initiative offers five principles for greater IoT security.
From 'O.MG' to NSA, What Hardware Implants Mean for Security
News  |  2/14/2019  | 
A wireless device resembling an Apple USB-Lightning cable that can exploit any system via keyboard interface highlights risks associated with hardware Trojans and insecure supply chains.
High Stress Levels Impacting CISOs Physically, Mentally
News  |  2/14/2019  | 
Some have even turned to alcohol and medication to cope with pressure.
Toyota Prepping 'PASTA' for its GitHub Debut
News  |  2/14/2019  | 
Carmaker's open source car-hacking tool platform soon will be available to the research community.
Valentine's Emails Laced with Gandcrab Ransomware
News  |  2/14/2019  | 
In the weeks leading up to Valentine's Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails.
Coffee Meets Bagel Confirms Hack on Valentine's Day
Quick Hits  |  2/14/2019  | 
The dating app says users' account data may have been obtained by an unauthorized party.
New Professional Development Institute Aims to Combat Cybersecurity Skills Shortage
Quick Hits  |  2/14/2019  | 
The (ISC)2 announces a new institute for working cybersecurity professionals to continue their education.
Diversity Is Vital to Advance Security
Commentary  |  2/14/2019  | 
Meet five female security experts who are helping to propel our industry forward.
How to Create a Dream Team for the New Age of Cybersecurity
Commentary  |  2/14/2019  | 
When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.
Security Spills: 9 Problems Causing the Most Stress
Slideshows  |  2/14/2019  | 
Security practitioners reveal what's causing them the most frustration in their roles.
2018 Was Second-Most Active Year for Data Breaches
News  |  2/13/2019  | 
Hacking by external actors caused most breaches, but Web intrusions and exposures compromised more records, according to Risk Based Security.
Windows Executable Masks Mac Malware
News  |  2/13/2019  | 
A new strain of MacOS malware hides inside a Windows executable to avoid detection.
Ex-US Intel Officer Charged with Helping Iran Target Her Former Colleagues
News  |  2/13/2019  | 
Monica Witt, former Air Force and counterintel agent, has been indicted for conspiracy activities with Iranian government, hackers.
Researchers Dig into Microsoft Office Functionality Flaws
News  |  2/13/2019  | 
An ongoing study investigating security bugs in Microsoft Office has so far led to two security patches.
5 Expert Tips for Complying with the New PCI Software Security Framework
Commentary  |  2/13/2019  | 
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
Scammers Fall in Love with Valentine's Day
News  |  2/13/2019  | 
Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.
70% of Consumers Want Biometrics in the Workplace
News  |  2/13/2019  | 
Speed, simplicity, and security underscore their desire, a new study shows.
Lessons Learned from a Hard-Hitting Security Review
Commentary  |  2/13/2019  | 
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
Up to 100,000 Reported Affected in Landmark White Data Breach
News  |  2/12/2019  | 
Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.
Microsoft, Adobe Both Close More Than 70 Security Issues
News  |  2/12/2019  | 
With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
News  |  2/12/2019  | 
All data belonging to US usersincluding backup copieshave been deleted in catastrophe, VMEmail says.
Cybersecurity and the Human Element: We're All Fallible
Commentary  |  2/12/2019  | 
We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.
'Picnic' Passes Test for Protecting IoT From Quantum Hacks
Quick Hits  |  2/12/2019  | 
Researchers from DigiCert, Utimaco, and Microsoft Research gives thumbs-up to a new algorithm for implementing quantum hacking-proof digital certificates.
Symantec Acquires Luminate to Build on Cloud Security
Quick Hits  |  2/12/2019  | 
Luminate Security, which specializes in software-defined perimeter technology, will extend Symantec's integrated defense platform.
Identifying, Understanding & Combating Insider Threats
Commentary  |  2/12/2019  | 
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
2019 Security Spending Outlook
Slideshows  |  2/12/2019  | 
Cybersecurity and IT risk budgets continue to grow. Here's how they'll be spent.
Client-Side DNS Attack Emerges From Academic Research
News  |  2/11/2019  | 
A new DNS cache poisoning attack is developed as part of the research toward a dissertation.
Experian: US Suffers the Most Online Fraud
News  |  2/11/2019  | 
New data from the credit reporting firm shows the sheer scale of online activity in the US also has made businesses and consumers there prime targets.
New Encryption Mode Brings Sincerity and Discretion to Low-Cost Android Devices
Quick Hits  |  2/11/2019  | 
Adantium, developed by Google, brings communication encryption to bear on storage security.
OkCupid Denies Data Breach Amid Account Hack Complaints
Quick Hits  |  2/11/2019  | 
Users on the dating website report hackers breaking into their accounts, changing email addresses, and resetting passwords.
Security Pros Agree Military Should Conduct Offensive Hacking
Quick Hits  |  2/11/2019  | 
But it can't operate in a bubble, a new Washington Post study indicates.
What the Government Shutdown Teaches Us about Cybersecurity
Commentary  |  2/11/2019  | 
As lawmakers face a Friday deadline to prevent the federal government from closing a second time, we examine the cost to the digital domain, both public and private.
US Law Enforcement Busts Romanian Online Crime Operation
News  |  2/8/2019  | 
Twelve members of 20-person group extradited to US to face charges related to theft of millions via fake ads other scams.
New Zombie 'POODLE' Attack Bred from TLS Flaw
News  |  2/8/2019  | 
Citrix issues update for encryption weakness dogging the popular security protocol.
6 Reasons to Be Wary of Encryption in Your Enterprise
Slideshows  |  2/8/2019  | 
Encryption can be critical to data security, but it's not a universal panacea.
Malware Campaign Hides Ransomware in Super Mario Wrapper
Quick Hits  |  2/8/2019  | 
A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.
A Dog's Life: Dark Reading Caption Contest Winners
Commentary  |  2/8/2019  | 
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...
We Need More Transparency in Cybersecurity
Commentary  |  2/8/2019  | 
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.
Cyberattack Hits Australian Parliament
Quick Hits  |  2/8/2019  | 
Officials believe a nation-state is to blame for the incident, which took place Thursday night into Friday morning.
Ransomware Attack Via MSP Locks Customers Out of Systems
News  |  2/7/2019  | 
Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.
Carbonite Announces Webroot Purchase
Quick Hits  |  2/7/2019  | 
The purchase will add WebRoot's cloud-based security to the cloud-based data backup and recovery platform of Carbonite.
Apple Patches Group FaceTime Flaw
Quick Hits  |  2/7/2019  | 
Teenaged Fortnite player gets credit for finding the bug.
4 Payment Security Trends for 2019
Commentary  |  2/7/2019  | 
Visa's chief risk officer anticipates some positive changes ahead.
Security Bugs in Video Chat Tools Enable Remote Attackers
News  |  2/7/2019  | 
Lifesize is issuing a hotfix to address vulnerabilities in its enterprise collaboration devices, which could give hackers a gateway into target organizations.
Page 1 / 2   >   >>


Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
CVE-2019-8919
PUBLISHED: 2019-02-18
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2019-8917
PUBLISHED: 2019-02-18
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...
CVE-2019-8908
PUBLISHED: 2019-02-18
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/g...
CVE-2019-8909
PUBLISHED: 2019-02-18
An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.