Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
8 Cryptomining Malware Families to Keep on the Radar
The Equifax Breach One Year Later: 6 Action Items for Security Pros
The SOC Gets a Makeover
7 Ways Blockchain is Being Used for Security
TLS 1.3 Won't Break Everything
News & Commentary
Microsoft Deletes Passwords for Azure Active Directory Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
By Kelly Sheridan Staff Editor, Dark Reading, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
6 Dark Web Pricing Trends
Steve Zurier, Freelance Writer
For cybercriminals, the Dark Web grows more profitable every day.
By Steve Zurier Freelance Writer, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
'Scan4Yyou' Operator Gets 14-Year Sentence
Dark Reading Staff, Quick Hits
The counter antivirus service, which was shut down in 2016, caused a total loss amount of $20.5 billion, according to the DoJ.
By Dark Reading Staff , 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
Hacking Back: Simply a Bad Idea
Carolyn Crandall, Chief Deception Officer at Attivo NetworksCommentary
While the concept may sound appealing, it's rife with drawbacks and dangers.
By Carolyn Crandall Chief Deception Officer at Attivo Networks, 9/24/2018
Comment1 Comment  |  Read  |  Post a Comment
The 'Opsec Fail' That Helped Unmask a North Korean State Hacker
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How Park Jin Hyok – charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks – inadvertently blew his cover via email accounts.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
Dark Reading Staff, Quick Hits
Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.
By Dark Reading Staff , 9/21/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Ericka Chickowski, Contributing Writer, Dark Reading
Move beyond generic, annual security awareness training with these important tips.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/21/2018
Comment1 Comment  |  Read  |  Post a Comment
US Approves Cyber Weapons Against Foreign Enemies
Dark Reading Staff, Quick Hits
The White House is changing the rules on its use of digital weapons to fight adversaries targeting US networks.
By Dark Reading Staff , 9/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Data Manipulation: How Security Pros Can Respond to an Emerging Threat
PJ Kirner, CTO & Founder, IllumioCommentary
Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
By PJ Kirner CTO & Founder, Illumio, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Executive Branch Makes Significant Progress As DMARC Deadline Nears
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The DHS directive on email security has an approaching deadline that most departments in the executive branch might actually meet.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Think Like An Attacker: How a Red Team Operates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Retail Sector Second-Worst Performer on Application Security
Jai Vijayan, Freelance writerNews
A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
By Jai Vijayan Freelance writer, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Account Takeover Attacks Become a Phishing Fave
Dark Reading Staff, Quick Hits
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
By Dark Reading Staff , 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
3 Drivers Behind the Increasing Frequency of DDoS Attacks
Carlos Morales, Vice President of Global Sales Engineering and Operations at NETSCOUTCommentary
What's causing the uptick? Motivation, opportunity, and new capabilities.
By Carlos Morales Vice President of Global Sales Engineering and Operations at NETSCOUT, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Japanese Cryptocurrency Exchange Hit with $60M Theft
Dark Reading Staff, Quick Hits
The incident highlights a broader problem of poor security in cryptocurrency exchanges throughout the country.
By Dark Reading Staff , 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin SystemsCommentary
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018
Comment4 comments  |  Read  |  Post a Comment
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Suit underscores longtime battle between vendors and labs over control of security testing protocols.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/19/2018
Comment4 comments  |  Read  |  Post a Comment
Cryptojackers Grow Dramatically on Enterprise Networks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new report shows that illicit cryptomining malware is growing by leaps and bounds on the networks of unsuspecting victims.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
As Tech Drives the Business, So Do CISOs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
Mirai Hackers' Sentence Includes No Jail Time
Dark Reading Staff, Quick Hits
The trio behind Mirai sentenced to probation and public service in return for cooperation with law enforcement and researchers.
By Dark Reading Staff , 9/19/2018
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Verizon Digital Media Services adds managed security services to its cloud solution for enterprises
CrowdStrike and Secureworks Form Partnership to Integrate Secureworks’ Red Cloak Behavioral Analytics with CrowdStrike’s Endpoint Protection Platform
World-renowned Cybersecurity Veteran Richard Bejtlich Joins Corelight as Principal Security Strategist
Appdome Releases Two New Mobile App Security Protections
Varonis Announces Interoperability with RSA Identity Governance and Lifecycle
HTG 360, Vade Secure Partner to Strengthen Anti-Phishing Capabilities for Office 365 Clients
ThreatConnect Now Integrates with Dragos Worldview Intelligence
Corelight Secures $25 Million in Series B Funding Led by General Catalyst
More Products & Releases
PR Newswire
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17437
PUBLISHED: 2018-09-24
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17438
PUBLISHED: 2018-09-24
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17439
PUBLISHED: 2018-09-24
An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.
CVE-2018-17432
PUBLISHED: 2018-09-24
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
CVE-2018-17433
PUBLISHED: 2018-09-24
A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Flash Poll
Video
Slideshows
Twitter Feed