7 Cool New Security Tools to be Revealed at Black Hat Europe
Getting to Know Magecart: An Inside Look at 7 Groups
Understanding Evil Twin AP Attacks and How to Prevent Them
What You Should Know About Grayware (and What to Do About It)
The Morris Worm Turns 30
News & Commentary
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The public/private task force takes early steps toward securing the end-to-end supply chain.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff, Quick Hits
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
By Dark Reading Staff , 11/16/2018
Comment1 Comment  |  Read  |  Post a Comment
BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance
Kelly Sheridan, Staff Editor, Dark ReadingNews
BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.
By Kelly Sheridan Staff Editor, Dark Reading, 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
26M Texts Exposed in Poorly Secured Vovox Database
Dark Reading Staff, Quick Hits
The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.
By Dark Reading Staff , 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
95% of Organizations Have Cultural Issues Around Cybersecurity
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/16/2018
Comment1 Comment  |  Read  |  Post a Comment
AI Poised to Drive New Wave of Exploits
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading
Building cybersecurity skills is a must; paying a lot for the education is optional. Here are seven options for increasing knowledge without depleting a budget.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/15/2018
Comment2 comments  |  Read  |  Post a Comment
Congress Passes Bill to Create New Federal Cybersecurity Agency
Jai Vijayan, Freelance writerNews
Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.
By Jai Vijayan Freelance writer, 11/15/2018
Comment0 comments  |  Read  |  Post a Comment
Cyber Crooks Diversify Business with Multi-Intent Malware
Avi Chesla, CEO and Founder, empowCommentary
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
By Avi Chesla CEO and Founder, empow, 11/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Cloud, China, Generic Malware Top Security Concerns for 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.
By Kelly Sheridan Staff Editor, Dark Reading, 11/15/2018
Comment0 comments  |  Read  |  Post a Comment
Japan Cyber Minister Says He Has Never Used a Computer
Dark Reading Staff, Quick Hits
Yoshitaka Sakurada, who recently took on the role after a cabinet shuffling, says it's up to the government to deal with it.
By Dark Reading Staff , 11/15/2018
Comment1 Comment  |  Read  |  Post a Comment
More Than 50% of Free Mobile VPN Apps Have Chinese Ties
Dark Reading Staff, Quick Hits
In addition, most have "unacceptable" privacy policies and "non-existent user support."
By Dark Reading Staff , 11/15/2018
Comment0 comments  |  Read  |  Post a Comment
From Reactive to Proactive: Security as the Bedrock of the SDLC
Brian Rutledge, Principal Security Manager at SpanningCommentary
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
By Brian Rutledge Principal Security Manager at Spanning, 11/15/2018
Comment0 comments  |  Read  |  Post a Comment
Small-Time Cybercriminals Landing Steady Low Blows
Jai Vijayan, Freelance writerNews
High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.
By Jai Vijayan Freelance writer, 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
Security Teams Struggle with Container Security Strategy
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Fewer than 30% of firms have more than a basic container security plan in place.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
Cryptojacking, Mobile Malware Growing Threats to the Enterprise
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
At the same time, criminal organizations continue to look for new ways to attack their victims.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues
Tim Wilson, Editor in Chief, Dark Reading, News
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data and are fearful of a near-term breach of critical infrastructure.
By Tim Wilson, Editor in Chief, Dark Reading , 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
Airlines Have a Big Problem with Bad Bots
Kelly Sheridan, Staff Editor, Dark ReadingNews
Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.
By Kelly Sheridan Staff Editor, Dark Reading, 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard TechnologiesCommentary
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
By Ryan Orsi Director of Product Management for Wi-Fi at WatchGuard Technologies, 11/14/2018
Comment2 comments  |  Read  |  Post a Comment
Can Businesses Stand Up to Cybercrime? Only 61% Say Yes
Dark Reading Staff, Quick Hits
While 96% of US organizations say business resilience should be core to company strategy, only 61% say it actually is.
By Dark Reading Staff , 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by James D. Jones
Current Conversations Really healpful information.
In reply to: nice
Post Your Own Reply
More Conversations
PR Newswire
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19355
PUBLISHED: 2018-11-19
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfi...
CVE-2008-7320
PUBLISHED: 2018-11-18
** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision.
CVE-2018-19358
PUBLISHED: 2018-11-18
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig...
CVE-2018-19351
PUBLISHED: 2018-11-18
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHand...
CVE-2018-19352
PUBLISHED: 2018-11-18
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Flash Poll
Video
Slideshows
Twitter Feed