7 Cool New Security Tools to be Revealed at Black Hat Europe
Getting to Know Magecart: An Inside Look at 7 Groups
Understanding Evil Twin AP Attacks and How to Prevent Them
What You Should Know About Grayware (and What to Do About It)
The Morris Worm Turns 30
News & Commentary
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The public/private task force takes early steps toward securing the end-to-end supply chain.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff, Quick Hits
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
By Dark Reading Staff , 11/16/2018
Comment2 comments  |  Read  |  Post a Comment
BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance
Kelly Sheridan, Staff Editor, Dark ReadingNews
BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.
By Kelly Sheridan Staff Editor, Dark Reading, 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
26M Texts Exposed in Poorly Secured Vovox Database
Dark Reading Staff, Quick Hits
The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.
By Dark Reading Staff , 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
95% of Organizations Have Cultural Issues Around Cybersecurity
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/16/2018
Comment1 Comment  |  Read  |  Post a Comment
AI Poised to Drive New Wave of Exploits
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading
Building cybersecurity skills is a must; paying a lot for the education is optional. Here are seven options for increasing knowledge without depleting a budget.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Congress Passes Bill to Create New Federal Cybersecurity Agency
Jai Vijayan, Freelance writerNews
Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.
By Jai Vijayan Freelance writer, 11/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Cyber Crooks Diversify Business with Multi-Intent Malware
Avi Chesla, CEO and Founder, empowCommentary
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
By Avi Chesla CEO and Founder, empow, 11/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Cloud, China, Generic Malware Top Security Concerns for 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.
By Kelly Sheridan Staff Editor, Dark Reading, 11/15/2018
Comment0 comments  |  Read  |  Post a Comment
Japan Cyber Minister Says He Has Never Used a Computer
Dark Reading Staff, Quick Hits
Yoshitaka Sakurada, who recently took on the role after a cabinet shuffling, says it's up to the government to deal with it.
By Dark Reading Staff , 11/15/2018
Comment2 comments  |  Read  |  Post a Comment
More Than 50% of Free Mobile VPN Apps Have Chinese Ties
Dark Reading Staff, Quick Hits
In addition, most have "unacceptable" privacy policies and "non-existent user support."
By Dark Reading Staff , 11/15/2018
Comment0 comments  |  Read  |  Post a Comment
From Reactive to Proactive: Security as the Bedrock of the SDLC
Brian Rutledge, Principal Security Manager at SpanningCommentary
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
By Brian Rutledge Principal Security Manager at Spanning, 11/15/2018
Comment0 comments  |  Read  |  Post a Comment
Small-Time Cybercriminals Landing Steady Low Blows
Jai Vijayan, Freelance writerNews
High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.
By Jai Vijayan Freelance writer, 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
Security Teams Struggle with Container Security Strategy
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Fewer than 30% of firms have more than a basic container security plan in place.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
Cryptojacking, Mobile Malware Growing Threats to the Enterprise
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
At the same time, criminal organizations continue to look for new ways to attack their victims.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues
Tim Wilson, Editor in Chief, Dark Reading, News
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data and are fearful of a near-term breach of critical infrastructure.
By Tim Wilson, Editor in Chief, Dark Reading , 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
Airlines Have a Big Problem with Bad Bots
Kelly Sheridan, Staff Editor, Dark ReadingNews
Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.
By Kelly Sheridan Staff Editor, Dark Reading, 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard TechnologiesCommentary
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
By Ryan Orsi Director of Product Management for Wi-Fi at WatchGuard Technologies, 11/14/2018
Comment2 comments  |  Read  |  Post a Comment
Can Businesses Stand Up to Cybercrime? Only 61% Say Yes
Dark Reading Staff, Quick Hits
While 96% of US organizations say business resilience should be core to company strategy, only 61% say it actually is.
By Dark Reading Staff , 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Post a Comment
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15759
PUBLISHED: 2018-11-19
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perfo...
CVE-2018-15761
PUBLISHED: 2018-11-19
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges...
CVE-2018-17190
PUBLISHED: 2018-11-19
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code ...
CVE-2018-1841
PUBLISHED: 2018-11-19
IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901.
CVE-2018-18519
PUBLISHED: 2018-11-19
BestXsoftware Best Free Keylogger 5.2.9 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Flash Poll
Video
Slideshows
Twitter Feed