7 Low-Cost Security Tools
Name That Toon: The Advanced Persistent Threat
Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage
6 Questions to Ask While Buying a Connected Car
Embracing DevSecOps: 5 Processes to Improve DevOps Security
News & Commentary
'Critical' Denial-of-Service Bug Patched in Facebook Fizz
Dark Reading Staff, Quick Hits
Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.
By Dark Reading Staff , 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
TLS 1.3: A Good News/Bad News Scenario
Paula Musich, Research Director, Enterprise Management AssociatesCommentary
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office Dominates Most Exploited List
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attack Size Drops 85% in Q4 2018
Kelly Sheridan, Staff Editor, Dark ReadingNews
The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
6 Ways Mature DevOps Teams Are Killing It in Security
Ericka Chickowski, Contributing Writer, Dark Reading
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
The Case of the Missing Data
Mike McKee, CEO of ObserveITCommentary
The latest twist in the Equifax breach has serious implications for organizations.
By Mike McKee CEO of ObserveIT, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Norsk Hydro Shuts Plants Amid Ransomware Attack
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Technology Journalist/Data ResearcherNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDLCommentary
A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
By Alex Haynes Chief Information Security Officer, CDL, 3/19/2019
Comment3 comments  |  Read  |  Post a Comment
New Mirai Version Targets Business IoT Devices
Dark Reading Staff, Quick Hits
The notorious Internet of Things botnet is evolving to attack more types of devices including those found in enterprises.
By Dark Reading Staff , 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
New IoT Security Bill: Third Time's the Charm?
Robert Lemos, Technology Journalist/Data ResearcherNews
The latest bill to set security standards for connected devices sold to the US government has fewer requirements, instead leaving recommendations to the National Institute of Standards and Technology.
By Robert Lemos Technology Journalist/Data Researcher, 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
New Europol Protocol Addresses Cross-Border Cyberattacks
Dark Reading Staff, Quick Hits
The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.
By Dark Reading Staff , 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
Dragos Buys ICS Firm with US Dept. of Energy Roots
Dark Reading Staff, Quick Hits
NexDefense ICS security tool will be offered for free by Dragos.
By Dark Reading Staff , 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
Are You Prepared for a Zombie (Domain) Apocalypse?
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
7 Low-Cost Security Tools
Curtis Franklin Jr., Senior Editor at Dark Reading
Security hardware doesn't have to be expensive or complex to do the job. Here are seven examples of low-cost hardware that could fill a need in your security operations.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/15/2019
Comment0 comments  |  Read  |  Post a Comment
Could Beto O'Rourke Become the First Hacker President?
Dark Reading Staff, Quick Hits
New report details the Democratic candidate's time as a member of Cult of the Dead Cow.
By Dark Reading Staff , 3/15/2019
Comment2 comments  |  Read  |  Post a Comment
Proof-of-Concept Tracking System Finds RATs Worldwide
Robert Lemos, Technology Journalist/Data ResearcherNews
Using a combination of Shodan scans and data from partners, Recorded Future finds nearly 500 malware controllers for 14 different families of remote-access Trojans, as well as the corporate networks they have infected.
By Robert Lemos , 3/15/2019
Comment0 comments  |  Read  |  Post a Comment
On Norman Castles and the Internet
Dr. Mike Lloyd, CTO of RedSealCommentary
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
By Dr. Mike Lloyd CTO of RedSeal, 3/15/2019
Comment0 comments  |  Read  |  Post a Comment
Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites
Jai Vijayan, Freelance writerNews
New JavaScript sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.
By Jai Vijayan Freelance writer, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
Ransomware's New Normal
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
GandCrab's evolution underscores a shift in ransomware attack methods.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Reading Schneier's Friday Squid Blog again?
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Flash Poll
Video
Slideshows
Twitter Feed