Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

Inside Incident Response: 6 Key Tips to Keep in Mind

Name That Toon: The Advanced Persistent Threat

Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage

6 Questions to Ask While Buying a Connected Car

Top Stories

Inside Incident Response: 6 Key Tips to ...

7 Low-Cost Security Tools

Name That Toon: The Advanced Persistent ...

Trust, or Lack of It, Is a Key Theme on ...

6 Questions to Ask While Buying a ...

News & Commentary

Inside Incident Response: 6 Key Tips to Keep in Mind

Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.

By Kelly Sheridan Staff Editor, Dark Reading, 3/22/2019

0 comments | Read | Post a Comment

Two Found Guilty in Online Dating, BEC Scheme

Quick Hits

Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.

By Dark Reading Staff , 3/22/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Sex sells.

Security Lessons from My Game Closet

Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA

Commentary

In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.

By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 3/22/2019

0 comments | Read | Post a Comment

FIN7 Cybercrime Gang Rises Again

Robert Lemos, Technology Journalist/Data Researcher

News

The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.

By Robert Lemos Technology Journalist/Data Researcher, 3/21/2019

0 comments | Read | Post a Comment

Businesses Manage 9.7PB of Data but Struggle to Protect It

News

What's more, their attempts to secure it may be putting information at risk, a new report finds.

By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Facebook Employees for Years Could See Millions of User Passwords in Plain Text

Quick Hits

2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.

By Dark Reading Staff , 3/21/2019

3 comments | Read | Post a Comment

Latest Comment: REISEN1955, One of my managers once thought of a unique password, particularly if someone...

Hacker AI vs. Enterprise AI: A New Threat

Satish Abburi, Founder of Elysium Analytics

Commentary

Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.

By Satish Abburi Founder of Elysium Analytics, 3/21/2019

0 comments | Read | Post a Comment

SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats

Ericka Chickowski, Contributing Writer, Dark Reading

News

Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Microsoft Brings Defender Security Tools to Mac

News

Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.

By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Police Federation of England and Wales Suffers Apparent Ransomware Attack

Quick Hits

National Cyber Security Centre and National Crime Agency investigate random attack that locked down the association's data and deleted backups.

By Dark Reading Staff , 3/21/2019

0 comments | Read | Post a Comment

What the Transition to Smart Cards Can Teach the US Healthcare Industry

Joram Borenstein & Rebecca Weintraub, General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School

Commentary

Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.

By Joram Borenstein & Rebecca Weintraub General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School, 3/21/2019

0 comments | Read | Post a Comment

Researchers Seek Out Ways to Search IPv6 Space

News

Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day?

By Robert Lemos Technology Journalist/Data Researcher, 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: tom.kuznicki, This reminds me of a presentation I've seen about using patterns in IPv6 addressing...

BEC Scammer Pleads Guilty

Quick Hits

Business email compromise (BEC) operation resulted in $100 million in losses to a multinational technology company and a social media firm, according to the US Attorney's Office.

By Dark Reading Staff , 3/20/2019

2 comments | Read | Post a Comment

Latest Comment: REISEN1955, If you don't need it, don't read it, delete it.

Google Photos Bug Let Criminals Query Friends, Location

News

The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.

By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2019

0 comments | Read | Post a Comment

The Insider Threat: It's More Common Than You Think

Raj Ananthanpillai, Chairman & CEO, Endera

Commentary

A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.

By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Hey - your job can be outrsourced in a moment after you train your replacement...

Less Than 3% of Recycled Computing Devices Properly Wiped

News

Researchers find that companies that refurbish or accept old equipment as donations don't necessarily clean them of data as promised.

By Steve Zurier Freelance Writer, 3/20/2019

0 comments | Read | Post a Comment

'Critical' Denial-of-Service Bug Patched in Facebook Fizz

Quick Hits

Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.

By Dark Reading Staff , 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, It's good to see bug bounty programs gaining traction. It is truly an advocation...

TLS 1.3: A Good News/Bad News Scenario

Paula Musich, Research Director, Enterprise Management Associates

Commentary

Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.

By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019

0 comments | Read | Post a Comment

Microsoft Office Dominates Most Exploited List

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/19/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Office given huge user and install base would have to be the most exploited...

DDoS Attack Size Drops 85% in Q4 2018

News

The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.

By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by REISEN1955

Sex sells.

In reply to: Ancient law of humanity throughout the centuries
Post Your Own Reply

Posted by REISEN1955

One of my managers once thought of a unique password, particularly if someone may be shoulder watching your screen: ******** True. Another user had just "guess: as a password and that drove me crazy fo...

In reply to: Re: This is the cloud - on secure passwords
Post Your Own Reply

Posted by RyanSepe

Very much agree with your parable. There is no reason the fact of FB having private data should be a surprise to anyone. "Secure Password" also feels like an oxymoron simply put, passwords are the least secure means of authenticating....

In reply to: Re: This is the cloud
Post Your Own Reply

Posted by drmrs

Well, at least it isn't Mobby Dick!

In reply to: The Attack Of The Octopus.
Post Your Own Reply

Posted by REISEN1955

FB as discussed is a perfect illustration of the danger of cloud apps. I have long felt that the simple view of this platform is as a enormously huge long RJ-45 cable from your system-network over the internet to another...

In reply to: This is the cloud
Post Your Own Reply

Posted by CASVPN

I have been reading about the social engineering thing lately, I am getting lots of phishing emails lately and I wonder where I went wrong. May be someone has got a hold of my email. I have become more aware now and I literally...

In reply to: What is Social Engineering really?
Post Your Own Reply

Posted by Kamlesh-Singh-Bisht

Thanks for sharing this incredible article. It really helps Microsoft users regard their usage and benefits.

In reply to: Outlook Office for Mac is an revolution.
Post Your Own Reply

Posted by jmgutierrezjr

That's what happens when you don't read the EULA Karen!

In reply to: Catoon Contest
Post Your Own Reply

Posted by cdunn355

Oh, password cracker! I thought you said you needed a password kraken!

In reply to: Password what?
Post Your Own Reply

Posted by jpappe

Nancy's got to stop using the WiFi at Kyosho. Seems she's brought that new IKA worm back in her bento.

In reply to: Bento No-No
Post Your Own Reply

Posted by TheVampireO

WoW! When the CFO siad we were underwater, I had no idea it was this bad...

In reply to: Underwater
Post Your Own Reply

Posted by bearwilson

Insider Threat Prevention activated!

In reply to: Name that Toom
Post Your Own Reply

More Conversations

Products & Releases

Checkmarx to Secure Software Development at DOE National Laboratory

Flashpoint Introduces Innovative Approach for Use Case-Driven Intelligence

Array Networks Launches Monitoring and Reporting System for Transforming Application Data into Actionable Intelligence

Nozomi Networks Expands ICS Cyber Security Research with Labs Launch

NETSCOUT Releases Annual Worldwide Infrastructure Security Report

Venafi Survey: 87 Percent of Security Professionals Say World is at Cyberwar

Onapsis and Exabeam Partner to Bring ERP to the Security Operations Center

Mocana Adds New Funding

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Crowdsourced vs. Traditional Pen Testing

Alex Haynes, Chief Information Security Officer, CDL, 3/19/2019

Facebook Employees for Years Could See Millions of User Passwords in Plain Text

Dark Reading Staff 3/21/2019

BEC Scammer Pleads Guilty

Dark Reading Staff 3/20/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Well, at least it isn't Mobby Dick!

Cartoon Archive

White Papers

Dark Reading Report Roundup

[Hadoop] 3 Trends That Affect Business

[CISO Primer] How to Prioritize Cybersecurity Risks

[Report] Under the Hood of Cyber Crime

Case Studies: Real World Incidents Detected & Stopped by Awake

More White Papers

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-20165
PUBLISHED: 2019-03-22

Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.

CVE-2019-1716
PUBLISHED: 2019-03-22

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability ...

CVE-2019-1763
PUBLISHED: 2019-03-22

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exist...

CVE-2019-1764
PUBLISHED: 2019-03-22

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the ...

CVE-2019-1765
PUBLISHED: 2019-03-22

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permis...

Reports

The State of Cyber Security Incident Response

Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

More Reports

Flash Poll

All Polls

Video