Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Containerized Apps: An 8-Point Security Checklist
7 Variants (So Far) of Mirai
I, for One, Welcome Our Robotic Security Overlords
Dark Reading Launches Second INsecurity Conference
10 Open Source Security Tools You Should Know
News & Commentary
Trump-Kim Meeting Was a Magnet For Russian Cyberattacks
Jai Vijayan, Freelance writerNews
Attacks directed at targets in Singapore went through the roof earlier this week.
By Jai Vijayan Freelance writer, 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Email, Social Media Still Security Nightmares
Dark Reading Staff, Quick Hits
Phishing and banking trojans continue to be major threats brought into the enterprise.
By Dark Reading Staff , 6/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Hackers Crack iPhone Defense Built to Block Forensic Tools
Dark Reading Staff, Quick Hits
Grayshift, the company behind a system to help police break into iPhones, says it found a workaround for USB Restricted Mode.
By Dark Reading Staff , 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Modern Cybersecurity Demands a Different Corporate Mindset
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Intel Discloses Yet Another Side Channel Vulnerability
Jai Vijayan, Freelance writerNews
Moderate severity Lazy FP restore flaw affects Intel Core-based microprocessors.
By Jai Vijayan Freelance writer, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
Demystifying Mental Health in the Infosec Community
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts talk about burnout, diversity, mental health, and legal issues in a new Community track at Black Hat USA.
By Kelly Sheridan Staff Editor, Dark Reading, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
Kaspersky Lab Freezes Work with Europol in Protest of EU Vote
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New European Parliament document calls out Kaspersky Lab software as 'malicious' and says it should be banned.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften TechnologiesCommentary
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
By David Shefter Chief Technology Officer at Ziften Technologies, 6/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Mobile App Threats Continue to Grow
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Criminals looking to profit from corporate resources and information keep going after mobile devices, two new reports confirm.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
23,000 Compromised in HealthEquity Data Breach
Dark Reading Staff, Quick Hits
HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.
By Dark Reading Staff , 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer
Here are eight measures to take to ensure the security of your containerized application environment.
By Jai Vijayan Freelance writer, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, CorelightCommentary
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
By Greg Bell CEO, Corelight, 6/14/2018
Comment1 Comment  |  Read  |  Post a Comment
DDoS Amped Up: DNS, Memcached Attacks Rise
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
China and the US are the world's leading sources of distributed denial-of-service botnet attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/13/2018
Comment0 comments  |  Read  |  Post a Comment
Blockchain All the Rage But Comes With Numerous Risks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
By Kelly Sheridan Staff Editor, Dark Reading, 6/13/2018
Comment0 comments  |  Read  |  Post a Comment
World Cup Cyberattack Likely, Experts Say
Dark Reading Staff, Quick Hits
The majority of security professionals anticipate attacks on the 2018 FIFA World Cup's network, social media.
By Dark Reading Staff , 6/13/2018
Comment0 comments  |  Read  |  Post a Comment
LeBron vs. Steph: The NBA Version of Cyber Defense vs. Cyberattacks
Donald Meyer, Head of Cloud and Data Center, Check Point SoftwareCommentary
It takes an aggressive, swarming approach to overcome the most dangerous threats today.
By Donald Meyer Head of Cloud and Data Center, Check Point Software, 6/13/2018
Comment0 comments  |  Read  |  Post a Comment
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for SplunkCommentary
We deserve a seat at the executive table, and we'll be much better at our jobs once we take it.
By Joel Fulton Chief Information Security Officer for Splunk, 6/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark ReadingNews
The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
By Kelly Sheridan Staff Editor, Dark Reading, 6/12/2018
Comment1 Comment  |  Read  |  Post a Comment
MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security bypass weakness in macOS APIs let attackers impersonate Apple to sign malicious code and evade third-party security tools.
By Kelly Sheridan Staff Editor, Dark Reading, 6/12/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Paladin Cyber Introduces Paladin Browser Protection as Google Chrome Extension
US Cyber Challenge Kicks Off 2018 Camp Season at Virginia Tech
Pulse Secure Virtual Application Delivery Controller Extends Availability to AWS GovCloud (US)
Teams & Enterprises Can Now Sign On With a Single Click on Wickr Pro
Symantec Introduces Cloud-Based Network Security Solution with Web Isolation; adds Complete Endpoint Protection
Hacker Known As 'Vigilance' Charged for Cyberattacks On Minnesota State Government Databases
Corelight Expands Product Portfolio with New Network Visibility Sensors
68% of EU, US Crypto Exchanges and Wallets Fail on Proper Customer Identity Checks
More Products & Releases
PR Newswire
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  6/11/2018
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise security—the IT team members tasked with protecting critical data from cyber threats—and will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12026
PUBLISHED: 2018-06-17
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in tur...
CVE-2018-12027
PUBLISHED: 2018-06-17
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said ...
CVE-2018-12028
PUBLISHED: 2018-06-17
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an e...
CVE-2018-12029
PUBLISHED: 2018-06-17
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12071
PUBLISHED: 2018-06-17
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.
Flash Poll
Video
Slideshows
Twitter Feed