Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
6 Eye-Raising Third-Party Breaches
10 Threats Lurking on the Dark Web
Breaking Down the PROPagate Code Injection Attack
10 More Women in Security You May Not Know But Should
News & Commentary
Necurs Botnet Goes Phishing for Banks
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new Necurs botnet campaign targets thousands of banks with a malicious file dropping the FlawedAmmyy remote-access Trojan.
By Kelly Sheridan Staff Editor, Dark Reading, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Researcher Finds MQTT Hole in IoT Defenses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A commonly used protocol provides a gaping backdoor when misconfigured.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Active Third-Party Content the Bane of Web Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New reports shows many of the world's most popular sites serve up active content from risky sources.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Facebook Awards $1M for Defense-Based Research
Dark Reading Staff, Quick Hits
The company today awarded $200,000 to winners of the Internet Defense Prize after spending $800,000 on the Secure the Internet grants.
By Dark Reading Staff , 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Overcoming 'Security as a Silo' with Orchestration and Automation
Jen Andre, Senior Director at Rapid7Commentary
When teams work in silos, the result is friction and miscommunication. Automation changes that.
By Jen Andre Senior Director at Rapid7, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new side-channel speculative execution vulnerability takes aim at a different part of the CPU architecture than similar vulnerabilities that came before it.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/15/2018
Comment2 comments  |  Read  |  Post a Comment
Miller & Valasek: Security Stakes Higher for Autonomous Vehicles
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Car hacking specialists shift gears and work on car defense in their latest gigs - at GM subsidiary Cruise Automation.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Kelly Sheridan, Staff Editor, Dark Reading
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/15/2018
Comment0 comments  |  Read  |  Post a Comment
Gartner Says IT Security Spending to Hit $124B in 2019
Dark Reading Staff, Quick Hits
Global IT security spending will grow 12.4% in 2018 and another 8.7% in 2019.
By Dark Reading Staff , 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Instagram Hack: Hundreds Affected, Russia Suspected
Dark Reading Staff, Quick Hits
Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.
By Dark Reading Staff , 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
New PHP Exploit Chain Highlights Dangers of Deserialization
Ericka Chickowski, Contributing Writer, Dark ReadingNews
PHP unserialization can be triggered by other vulnerabilities previously considered low-risk.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/15/2018
Comment0 comments  |  Read  |  Post a Comment
Open Source Software Poses a Real Security Threat
Jeff Williams, CTO, Contrast SecurityCommentary
It's true that open source software has many benefits, but it also has weak points. These four practical steps can help your company stay safer.
By Jeff Williams CTO, Contrast Security, 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Oracle: Apply Out-of-Band Patch for Database Flaw ASAP
Jai Vijayan, Freelance writerNews
Flaw in the Java VM component of Oracle's Database Server is easily exploitable, security experts warn.
By Jai Vijayan Freelance writer, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Both adult and kid hackers demonstrated at DEF CON how the hackable voting machine may be the least of our worries in the 2018 elections.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/14/2018
Comment3 comments  |  Read  |  Post a Comment
Flaws in Mobile Point of Sale Readers Displayed at Black Hat
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
Kelly Sheridan, Staff Editor, Dark ReadingNews
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
By Kelly Sheridan Staff Editor, Dark Reading, 8/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Washington Man Sentenced in Ransomware Conspiracy
Dark Reading Staff, Quick Hits
A guilty plea brings 18-month sentence on money laundering charges for former Microsoft employee.
By Dark Reading Staff , 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
'Election Protection' Aims to Secure Candidates Running for Office
Dark Reading Staff, Quick Hits
The kit is designed to prevent credential theft targeting people running for federal, state, and local elected offices.
By Dark Reading Staff , 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Equifax Avoided Fines, but What If ...?
Mark Nunnikhoven, Vice President, Cloud Research, at Trend MicroCommentary
Let's imagine the consequences the company would have faced if current laws had been on the books earlier.
By Mark Nunnikhoven Vice President, Cloud Research, at Trend Micro, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Hacker Unlocks 'God Mode' and Shares the 'Key'
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Exabeam Raises $50 Million in Series D, Targets SIEM Market
Gigamon and Endace Partner to Provide Complete Visibility Into Network Traffic for Performance and Security Analytics
Imperva Completes the Acquisition of Prevoty
Spam and Phishing in Q2: Financial sector customers top targets of phishing attacks
Venafi Study: 93% of Security Professionals Say Election Infrastructure Is at Risk
Illusive Networks Expands FirstMove Services to Drive Adoption of Deception-based Security
Faxploit: Attackers Use Fax Machines to Take over Networks, Spread Malware, Check Point Finds
Digital Guardian Releases New User and Entity Behavior Analytics Capability
More Products & Releases
PR Newswire
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise security—the IT team members tasked with protecting critical data from cyber threats—and will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567
PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122
PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509
PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.
Flash Poll
Video
Slideshows
Twitter Feed