Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 Threats Lurking on the Dark Web
Mastering MITRE's ATT&CK Matrix
Breaking Down the PROPagate Code Injection Attack
10 More Women in Security You May Not Know But Should
8 Steps Toward Safer Elections
News & Commentary
Oracle: Apply Out-of-Band Patch for Database Flaw ASAP
Jai Vijayan, Freelance writerNews
Flaw in the Java VM component of Oracle's Database Server is easily exploitable, security experts warn.
By Jai Vijayan Freelance writer, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Election Websites, Backend Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Both adult and kid hackers demonstrated at DEF CON how the hackable voting machine may be the least of our worries in the 2018 elections.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Flaws in Mobile Point of Sale Readers Displayed at Black Hat
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
Kelly Sheridan, Staff Editor, Dark ReadingNews
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
By Kelly Sheridan Staff Editor, Dark Reading, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Washington Man Sentenced in Ransomware Conspiracy
Dark Reading Staff, Quick Hits
A guilty plea brings 18-month sentence on money laundering charges for former Microsoft employee.
By Dark Reading Staff , 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
'Election Protection' Aims to Secure Candidates Running for Office
Dark Reading Staff, Quick Hits
The kit is designed to prevent credential theft targeting people running for federal, state, and local elected offices.
By Dark Reading Staff , 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Equifax Avoided Fines, but What If ...?
Mark Nunnikhoven, Vice President, Cloud Research, at Trend MicroCommentary
Let's imagine the consequences the company would have faced if current laws had been on the books earlier.
By Mark Nunnikhoven Vice President, Cloud Research, at Trend Micro, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Hacker Unlocks 'God Mode' and Shares the 'Key'
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Social Engineers Show Off Their Tricks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosures in 2018 So Far Outpacing Previous Years'
Jai Vijayan, Freelance writerNews
Nearly 17% of 10,644 vulnerabilities disclosed so far this year have been critical, according to new report from Risk Based Security.
By Jai Vijayan Freelance writer, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
'Hack the Marine Corps' Bug Bounty Event Held in Vegas
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
$80K in payouts went to handpicked hackers in nine-hour event during DEF CON in Las Vegas.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Nigerian National Convicted for Phishing US Universities
Dark Reading Staff, Quick Hits
Olayinka Olaniyi and his co-conspirator targeted the University of Virginia, Georgia Tech, and other educational institutions.
By Dark Reading Staff , 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
FBI Warns of Cyber Extortion Scam
Dark Reading Staff, Quick Hits
Spear-phishing techniques are breathing new life into an old scam.
By Dark Reading Staff , 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Francis Dinha, CEO & Co-Founder of OpenVPNCommentary
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
By Francis Dinha CEO & Co-Founder of OpenVPN, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Vulnerable Smart City Devices Can Be Exploited To Cause Panic, Chaos
Jai Vijayan, Freelance writerNews
False alerts about floods, radiation levels are just some of the ways attackers can abuse weakly protected IoT devices, researchers warn.
By Jai Vijayan Freelance writer, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
NSA Brings Nation-State Details to DEF CON
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
The Enigma of AI & Cybersecurity
Dr. Dongyan Wang, Chief AI Officer at DeepBrain ChainCommentary
We've only seen the beginning of what artificial intelligence can do for information security.
By Dr. Dongyan Wang Chief AI Officer at DeepBrain Chain, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
6 Eye-Raising Third-Party Breaches
Ericka Chickowski, Contributing Writer, Dark Reading
This year's headlines have featured a number of high-profile exposures caused by third parties working on behalf of major brands.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
Xori Adds Speed, Breadth to Disassembler Lineup
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new open source tool, introduced at Black Hat USA, places a priority on speed and automation.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network – and other findings – at Black Hat USA today.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Selfmade.Anuruddha
Current Conversations Cyber Aladeen 
In reply to: Re: Great Direction!
Post Your Own Reply
More Conversations
Products & Releases
Exabeam Raises $50 Million in Series D, Targets SIEM Market
Gigamon and Endace Partner to Provide Complete Visibility Into Network Traffic for Performance and Security Analytics
Imperva Completes the Acquisition of Prevoty
Spam and Phishing in Q2: Financial sector customers top targets of phishing attacks
Venafi Study: 93% of Security Professionals Say Election Infrastructure Is at Risk
Illusive Networks Expands FirstMove Services to Drive Adoption of Deception-based Security
Faxploit: Attackers Use Fax Machines to Take over Networks, Spread Malware, Check Point Finds
Digital Guardian Releases New User and Entity Behavior Analytics Capability
More Products & Releases
PR Newswire
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise security—the IT team members tasked with protecting critical data from cyber threats—and will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3937
PUBLISHED: 2018-08-14
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2018-3938
PUBLISHED: 2018-08-14
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST r...
CVE-2018-12537
PUBLISHED: 2018-08-14
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
CVE-2018-12539
PUBLISHED: 2018-08-14
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows,...
CVE-2018-3615
PUBLISHED: 2018-08-14
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
Flash Poll
Video
Slideshows
Twitter Feed