6 Dark Web Pricing Trends
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
The Risk Management Struggle
Name that Toon: Risky Business
News & Commentary
Ex-NSA Developer Gets 5 1/2-Year Prison Sentence
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Nghia Hoang Pho, who illegally took home classified NSA information, also sentenced to three years of supervised release after prison term.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
The Cyber Kill Chain Gets A Makeover
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report demonstrates how the cyber kill chain is consolidating as criminals find ways to accelerate the spread of their targeted cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
Cryptomining Malware Continues Rapid Growth: Report
Dark Reading Staff, Quick Hits
Cryptomining malware is the fastest-growing category of malicious software, according to a new report.
By Dark Reading Staff , 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
The Cloud Security Conundrum: Assets vs. Infrastructure
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
Payment Security Compliance Takes a Turn for the Worse
Dark Reading Staff, Quick Hits
This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.
By Dark Reading Staff , 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
The Human Factor in Social Media Risk
Dr. Sam Small, Chief Security Officer at ZeroFOXCommentary
Your employees need help recognizing the warning signs and understanding how to protect themselves online.
By Dr. Sam Small Chief Security Officer at ZeroFOX, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
Fault-Tolerant Method Used for Security Purposes in New Framework
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
In Quiet Change, Google Now Automatically Logging Users Into Chrome
Jai Vijayan, Freelance writerNews
The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.
By Jai Vijayan Freelance writer, 9/24/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Deletes Passwords for Azure Active Directory Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
By Kelly Sheridan Staff Editor, Dark Reading, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
6 Dark Web Pricing Trends
Steve Zurier, Freelance Writer
For cybercriminals, the Dark Web grows more profitable every day.
By Steve Zurier Freelance Writer, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
'Scan4you' Operator Gets 14-Year Sentence
Dark Reading Staff, Quick Hits
The counter antivirus service, which was shut down in 2016, caused a total loss amount of $20.5 billion, according to the DoJ.
By Dark Reading Staff , 9/24/2018
Comment1 Comment  |  Read  |  Post a Comment
Hacking Back: Simply a Bad Idea
Carolyn Crandall, Chief Deception Officer at Attivo NetworksCommentary
While the concept may sound appealing, it's rife with drawbacks and dangers.
By Carolyn Crandall Chief Deception Officer at Attivo Networks, 9/24/2018
Comment1 Comment  |  Read  |  Post a Comment
The 'Opsec Fail' That Helped Unmask a North Korean State Hacker
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How Park Jin Hyok charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks inadvertently blew his cover via email accounts.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
Dark Reading Staff, Quick Hits
Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.
By Dark Reading Staff , 9/21/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Ericka Chickowski, Contributing Writer, Dark Reading
Move beyond generic, annual security awareness training with these important tips.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/21/2018
Comment1 Comment  |  Read  |  Post a Comment
US Approves Cyber Weapons Against Foreign Enemies
Dark Reading Staff, Quick Hits
The White House is changing the rules on its use of digital weapons to fight adversaries targeting US networks.
By Dark Reading Staff , 9/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Data Manipulation: How Security Pros Can Respond to an Emerging Threat
PJ Kirner, CTO & Founder, IllumioCommentary
Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
By PJ Kirner CTO & Founder, Illumio, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Executive Branch Makes Significant Progress As DMARC Deadline Nears
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The DHS directive on email security has an approaching deadline that most departments in the executive branch might actually meet.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Think Like An Attacker: How a Red Team Operates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Retail Sector Second-Worst Performer on Application Security
Jai Vijayan, Freelance writerNews
A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
By Jai Vijayan Freelance writer, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17538
PUBLISHED: 2018-09-26
Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection.
CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634
PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Flash Poll
Video
Slideshows
Twitter Feed