Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

Holiday Hacks: 6 Cyberthreats to Watch Right Now

6 Ways to Strengthen Your GDPR Compliance Efforts

Top Stories

6 CISO Resolutions for 2019

Holiday Hacks: 6 Cyberthreats to Watch ...

Name That Toon: I Spy

6 Ways to Strengthen Your GDPR Compliance ...

7 Common Breach Disclosure Mistakes

News & Commentary

Bug Hunting Paves Path to Infosec Careers

Kelly Sheridan, Staff Editor, Dark Reading

News

Ethical hackers use bug bounty programs to build the skills they need to become security professionals.

By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018

0 comments | Read | Post a Comment

U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign

News

McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.

By Jai Vijayan Freelance writer, 12/12/2018

0 comments | Read | Post a Comment

Deception: Honey vs. Real Environments

Dr. Salvatore Stolfo, Fouder & CTO, Allure Security

Commentary

A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.

By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 12/12/2018

0 comments | Read | Post a Comment

Mac Malware Cracks WatchGuard’s Top 10 List

News

Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.

By Steve Zurier Freelance Writer, 12/12/2018

0 comments | Read | Post a Comment

Arctic Wolf Buys RootSecure

Quick Hits

The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.

By Dark Reading Staff , 12/12/2018

0 comments | Read | Post a Comment

Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3

Quick Hits

One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.

By Dark Reading Staff , 12/12/2018

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, I often receive the "your request to delete your gmail account will be processed...

Forget Shifting Security Left; It's Time to Race Left

Jerry Gamblin, Principal Security Engineer, Kenna Security

Commentary

Once DevOps teams decide to shift left, they can finally look forward instead of backward.

By Jerry Gamblin Principal Security Engineer, Kenna Security, 12/12/2018

0 comments | Read | Post a Comment

Higher Education: 15 Books to Help Cybersecurity Pros Be Better

Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018

2 comments | Read | Post a Comment

Latest Comment: REISEN1955, The Cuckoo's Egg is a wonderful if terrifying book - if only for the complacency...

Battling Bots Brings Big-Budget Blow to Businesses

News

Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/11/2018

0 comments | Read | Post a Comment

Equifax Breach Underscores Need for Accountability, Simpler Architectures

Robert Lemos, Technology Journalist/Data Researcher

News

A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'

By Robert Lemos Technology Journalist/Data Researcher, 12/11/2018

0 comments | Read | Post a Comment

Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack

News

Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.

By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018

0 comments | Read | Post a Comment

Attackers Using New Exploit Kit to Hijack Home & Small Office Routers

News

Goal is to steal banking credentials by redirecting users to phishing sites.

By Jai Vijayan Freelance writer, 12/11/2018

0 comments | Read | Post a Comment

49% of Cloud Databases Left Unencrypted

News

Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.

By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018

0 comments | Read | Post a Comment

The Grinch Bot Before Christmas: A Security Story for the Holidays

Julian Waits, GM Cyber Security Business Unit, Devo Technology

Commentary

Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.

By Julian Waits GM Cyber Security Business Unit, Devo Technology, 12/11/2018

0 comments | Read | Post a Comment

NetSecOPEN Names Founding Members, Board of Directors

Quick Hits

The organization is charged with building open, transparent testing protocols for network security.

By Dark Reading Staff , 12/11/2018

0 comments | Read | Post a Comment

Grammarly Takes Bug Bounty Program Public

Quick Hits

The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.

By Dark Reading Staff , 12/11/2018

0 comments | Read | Post a Comment

How Well Is Your Organization Investing Its Cybersecurity Dollars?

Commentary

The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.

By Jack Jones Chairman, FAIR Institute, 12/11/2018

1 Comment | Read | Post a Comment

Latest Comment: tcorbeill, Security Instrumentation provides empirical evidence regarding security...

CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

But it still takes an average of 85 days to spot one, the security firm's incident response investigations found.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/11/2018

0 comments | Read | Post a Comment

DanaBot Malware Adds Spam to its Menu

News

A new generation of modular malware increases its value to criminals.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/10/2018

0 comments | Read | Post a Comment

'Highly Active' Seedworm Group Hits IT Services, Governments

News

Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.

By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by HPERPER

Since we installed the new security system we have not lost a single security camera.

In reply to: Name That Toon: I Spy
Post Your Own Reply

Posted by REISEN1955

The Cuckoo's Egg is a wonderful if terrifying book - if only for the complacency so many military sites and sys admins felt about their passwords, user accounts and walls. Incredible and fun read but full of lessons...

In reply to: Great picks
Post Your Own Reply

Posted by REISEN1955

I often receive the "your request to delete your gmail account will be processed ....." --- delete when I know I never requested it. Good rule. If you did not do it, delete it. (If you don't need,...

In reply to: Generic Microsoft Email
Post Your Own Reply

Posted by Blaze007

"Rumor has it that if you try to review the security film, you'll get trapped in a honeypot!"

In reply to: Re: It's 'toon time again at Dark Reading!
Post Your Own Reply

Posted by tcorbeill

Security Instrumentation provides empirical evidence regarding security investments that enables executives to define metrics to capture the ROI of their security investments with quantifiable, evidence-based data.

In reply to: Security Instrumentation
Post Your Own Reply

Posted by markgrogan

These 2 terms really create a huge contrast between having to salvage our situation or being able to prevent that very difficult situation from even happening. In business, the latter is usually a huge cost-saver and at...

In reply to: Hit it first
Post Your Own Reply

Posted by ThomasMaloney

We have to be aware that every single process that we undertake comes with its own risks. This simply means that we cannot put a guarantee that what we are handling right now is 100% safe. We can be made aware by the many...

In reply to: Risks to take
Post Your Own Reply

Posted by ThomasMaloney

Honestly, I'm really not surprised at how many of these scam centres are popping up. It seems like every other day I'm getting a new type of phishing email or some other long lost aunt who wants to bequeath to me a few million...

In reply to: Recognization is key!
Post Your Own Reply

Posted by NathanDavidson

I have heard a story from a family friend that there was a candidate applying for a similar role who was perfect for that position and was hired on the spot. It was because of the personal experience that he shared with...

In reply to: Personal experience
Post Your Own Reply

Posted by StephenGiderson

Acquisitions are most often than not tied to business expansions. The aim of the company is to maintain their current consumer pool while being able to extend their portfolio from the newly-bought sector. At the same time,...

In reply to: Business expansion
Post Your Own Reply

Posted by aarrowood

Huh, looks like someone took my "but who's going to watch the watchers?!?" comment too far...

In reply to: caption
Post Your Own Reply

Posted by pdcz

Still if you are able to trick anyone to install your app then transferring data over power charger seems to me as un-necessary burden. Anyway it is good reminder that there are multiple paths how to obtain data from devices....

In reply to: Re: Whats the point?
Post Your Own Reply

More Conversations

Products & Releases

CrowdStrike Part of MITRE ATT&CK Product Evaluation

Vodafone Announces 2019 Global Trends Report, Enterprise Brand Refresh

Trend Micro Research Uncovers Major Flaws in Leading IoT Protocols 12/4/18 7:00 am CST

Application Security for AWS Lambda Customers

Venafi Secures $100M Financing Round Led by TCV

Steve Lipner Appointed Chair of NIST Information Security and Privacy Advisory Board

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

King & Union and Farsight Security Announce Strategic Partnership

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

'PowerSnitch' Hacks Androids via Power Banks

Kelly Jackson Higgins, Executive Editor at Dark Reading, 12/8/2018

Higher Education: 15 Books to Help Cybersecurity Pros Be Better

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3

Dark Reading Staff 12/12/2018

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Since we installed the new security system we have not lost a single security camera.

Cartoon Archive

White Papers

Fact vs. Fiction: Mobile Support

STIX/TAXII: What You Need to Know

Discovering Your Total Cloud Footprint

10 Best Practices That Could Reshape Your IT Security Department

Shutting Down Banking Trojans

More White Papers

Current Issue

10 Best Practices That Could Reshape Your IT Security Department

This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-6705
PUBLISHED: 2018-12-12

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

CVE-2018-15717
PUBLISHED: 2018-12-12

Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.

CVE-2018-15718
PUBLISHED: 2018-12-12

Open Dental before version 18.4 transmits the entire user database over the network when a remote unathenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.

CVE-2018-15719
PUBLISHED: 2018-12-12

Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.

CVE-2018-6704
PUBLISHED: 2018-12-12

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

Reports

How Enterprises Are Using IT Threat Intelligence

Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.

Download Now!

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

More Reports

Flash Poll

All Polls

Video