8 Cryptomining Malware Families to Keep on the Radar
The Equifax Breach One Year Later: 6 Action Items for Security Pros
The SOC Gets a Makeover
7 Ways Blockchain is Being Used for Security
TLS 1.3 Won't Break Everything
News & Commentary
Think Like An Attacker: How a Red Team Operates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Retail Sector Second-Worst Performer on Application Security
Jai Vijayan, Freelance writerNews
A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
By Jai Vijayan Freelance writer, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Account Takeover Attacks Become a Phishing Fave
Dark Reading Staff, Quick Hits
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
By Dark Reading Staff , 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
3 Drivers Behind the Increasing Frequency of DDoS Attacks
Carlos Morales, Vice President of Global Sales Engineering and Operations at NETSCOUTCommentary
What's causing the uptick? Motivation, opportunity, and new capabilities.
By Carlos Morales Vice President of Global Sales Engineering and Operations at NETSCOUT, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Japanese Cryptocurrency Exchange Hit with $60M Theft
Dark Reading Staff, Quick Hits
The incident highlights a broader problem of poor security in cryptocurrency exchanges throughout the country.
By Dark Reading Staff , 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin SystemsCommentary
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018
Comment4 comments  |  Read  |  Post a Comment
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Suit underscores longtime battle between vendors and labs over control of security testing protocols.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/19/2018
Comment3 comments  |  Read  |  Post a Comment
Cryptojackers Grow Dramatically on Enterprise Networks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new report shows that illicit cryptomining malware is growing by leaps and bounds on the networks of unsuspecting victims.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
As Tech Drives the Business, So Do CISOs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
Mirai Hackers' Sentence Includes No Jail Time
Dark Reading Staff, Quick Hits
The trio behind Mirai sentenced to probation and public service in return for cooperation with law enforcement and researchers.
By Dark Reading Staff , 9/19/2018
Comment2 comments  |  Read  |  Post a Comment
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, YubicoCommentary
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
By John Fontana Standards & Identity Analyst, Yubico, 9/19/2018
Comment4 comments  |  Read  |  Post a Comment
FBI: Phishing Attacks Aim to Swap Payroll Information
Dark Reading Staff, Quick Hits
Social engineering scams target employees' payroll credentials so attackers can access and change their bank account data.
By Dark Reading Staff , 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Success for New CISOs
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
You've been hired to make an impact. These tips can help set you up for continued success.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
8 Keys to a Successful Penetration Test
Curtis Franklin Jr., Senior Editor at Dark Reading
Pen tests are expensive, but there are key factors that can make them worth the investment.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
Internet-Connected CCTV Cameras Vulnerable to 'Peekaboo' Hack
Jai Vijayan, Freelance writerNews
Zero-day flaw in China-based NUUO's video recorder technology still unfixed three months after vendor was alerted.
By Jai Vijayan Freelance writer, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
The Security Costs of Cloud-Native Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Websites Attack Attempts Rose in Q2
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New data shows hackers hit websites, on average, every 25 minutes.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
IoT Threats Triple Since 2017
Dark Reading Staff, Quick Hits
Rapidly evolving malware is posing an ever-greater threat to the IoT and business users of the Internet.
By Dark Reading Staff , 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Symantec Offers Free Website Security Service for Midterm Elections
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security vendor offers US election jurisdictions its Project Dolphin phishing/website spoofing-detection service and security resources.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by PanamaVet
Current Conversations White Privelege Day
In reply to: Cartoon Caption
Post Your Own Reply
More Conversations
PR Newswire
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: White Privelege Day
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17282
PUBLISHED: 2018-09-20
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
CVE-2018-14592
PUBLISHED: 2018-09-20
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
CVE-2018-15832
PUBLISHED: 2018-09-20
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI ha...
CVE-2018-16282
PUBLISHED: 2018-09-20
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
CVE-2018-16752
PUBLISHED: 2018-09-20
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Flash Poll
Video
Slideshows
Twitter Feed