Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

Holiday Hacks: 6 Cyberthreats to Watch Right Now

6 Ways to Strengthen Your GDPR Compliance Efforts

Top Stories

6 CISO Resolutions for 2019

Holiday Hacks: 6 Cyberthreats to Watch ...

Name That Toon: I Spy

6 Ways to Strengthen Your GDPR Compliance ...

7 Common Breach Disclosure Mistakes

News & Commentary

Who Are You, Really? A Peek at the Future of Identity

Kelly Sheridan, Staff Editor, Dark Reading

News

Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.

By Kelly Sheridan Staff Editor, Dark Reading, 12/14/2018

0 comments | Read | Post a Comment

Retailers: Avoid the Hackable Holidaze

Commentary

The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.

By Fred Kneip CEO at CyberGRX, 12/14/2018

0 comments | Read | Post a Comment

2019 Attacker Playbook

Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.

By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018

0 comments | Read | Post a Comment

Cybercriminals Change Tactics to Outwit Machine-Learning Defense

Quick Hits

The rise in machine learning for security has forced criminals to rethink how to avoid detection.

By Dark Reading Staff , 12/14/2018

0 comments | Read | Post a Comment

Universities Get Schooled by Hackers

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/13/2018

0 comments | Read | Post a Comment

Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business

News

Enterprises are struggling with familiar old security challenges as a result, new survey shows.

By Jai Vijayan Freelance writer, 12/13/2018

0 comments | Read | Post a Comment

Cybercrime Is World's Biggest Criminal Growth Industry

Quick Hits

The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.

By Dark Reading Staff , 12/13/2018

0 comments | Read | Post a Comment

Setting the Table for Effective Cybersecurity: 20 Culinary Questions

Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA

Commentary

Even the best chefs will produce an inferior product if they begin with the wrong ingredients.

By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 12/13/2018

1 Comment | Read | Post a Comment

Education Gets an 'F' for Cybersecurity

Quick Hits

The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.

By Dark Reading Staff , 12/13/2018

0 comments | Read | Post a Comment

The Economics Fueling IoT (In)security

Ariel Kriger, VP Business Development at VDOO

Commentary

Attackers understand the profits that lie in the current lack of security. That must change.

By Ariel Kriger VP Business Development at VDOO, 12/13/2018

0 comments | Read | Post a Comment

Worst Password Blunders of 2018 Hit Organizations East and West

News

Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018

3 comments | Read | Post a Comment

Latest Comment: MarkSitkowski, I think this says it all: linkedin.com/pulse/watch-mark-sitkowski/

Bug Hunting Paves Path to Infosec Careers

News

Ethical hackers use bug bounty programs to build the skills they need to become security professionals.

By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018

0 comments | Read | Post a Comment

U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign

News

McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.

By Jai Vijayan Freelance writer, 12/12/2018

0 comments | Read | Post a Comment

Deception: Honey vs. Real Environments

Dr. Salvatore Stolfo, Fouder & CTO, Allure Security

Commentary

A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.

By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 12/12/2018

0 comments | Read | Post a Comment

Mac Malware Cracks WatchGuard’s Top 10 List

News

Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.

By Steve Zurier Freelance Writer, 12/12/2018

0 comments | Read | Post a Comment

Arctic Wolf Buys RootSecure

Quick Hits

The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.

By Dark Reading Staff , 12/12/2018

0 comments | Read | Post a Comment

Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3

Quick Hits

One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.

By Dark Reading Staff , 12/12/2018

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, I often receive the "your request to delete your gmail account will be processed...

Forget Shifting Security Left; It's Time to Race Left

Jerry Gamblin, Principal Security Engineer, Kenna Security

Commentary

Once DevOps teams decide to shift left, they can finally look forward instead of backward.

By Jerry Gamblin Principal Security Engineer, Kenna Security, 12/12/2018

0 comments | Read | Post a Comment

Higher Education: 15 Books to Help Cybersecurity Pros Be Better

Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018

5 comments | Read | Post a Comment

Latest Comment: cbear42, The Cybersecurity Canon of Books is maintained by Palo Alto Networks with this...

Battling Bots Brings Big-Budget Blow to Businesses

News

Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/11/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by acampbell448

Look deep into my eyes. You are getting sleepy, very sleepy......

In reply to: AI Hypnotist!
Post Your Own Reply

Posted by StephenGiderson

This is not the first coverage I have read whereby usually the employees of that very company are the ones to be doing all the dirty work. Most of the time it is about money whereas on other occasions, it could be out of...

In reply to: Be on guard
Post Your Own Reply

Posted by StephenGiderson

I bet the hackers of the world are just waiting for Toyota to launch some competition for this now. It's probably going to be the best way to test if their security team has done a good enough job trying to protect their...

In reply to: Hit or miss…
Post Your Own Reply

Posted by MarkSindone

I reckon that people in all walks of life need to be given an opportunity to understand the impact of the work that they are doing. It's not just about being in privacy, but even the people who are working in waste collection...

In reply to: Find your passion
Post Your Own Reply

Posted by Ritu_G

Why are these areas always the focus when the topic of cybercrime is being discussed? The same culprits are just there improving their techniques whilst we are out here falling victims to their clever scamming. More users...

In reply to: The same faces
Post Your Own Reply

Posted by Ritu_G

It has become ever so often that we hear of organizations being fined due to their security lax that led to breaches. However, where do those hefty sums of money go to? Are they being channelled to a proper platform that...

In reply to: Channel the fine properly
Post Your Own Reply

Posted by cumberbatch00111

camera, camera everywhere, not a single news to rely on

In reply to: Caption goes like:
Post Your Own Reply

Posted by CameronRobertson

Sadly, I have to admit that I have personally taken online quizzes too just for fun. Some of them even offered rewards which are not that great but hey, who wouldn't want a free gift just for taking an easy 5-minute quiz?...

In reply to: Too easy
Post Your Own Reply

Posted by CameronRobertson

Scammers have been doing this job for decades so they are getting better as we speak. Look at the percentage of victims who became vulnerable just over a phonecall. We need to be vigilant at all costs because only we have...

In reply to: Scam game
Post Your Own Reply

Posted by MarkSitkowski

I think this says it all: linkedin.com/pulse/watch-mark-sitkowski/

In reply to: Is It Really The Password's Fault?
Post Your Own Reply

Posted by tdsan

I wanted to address some of the statements listed: → "Always have a different password for every different service."...and it's impossible to manage them all without technology to help manage the digital identity." Yes,...

In reply to: Interesting article, but I am not so sure the information he provided is correct
Post Your Own Reply

Posted by wkilburn

So now we are monitoring the monitor?

In reply to: Cartoon contest
Post Your Own Reply

More Conversations

Products & Releases

CrowdStrike Part of MITRE ATT&CK Product Evaluation

Vodafone Announces 2019 Global Trends Report, Enterprise Brand Refresh

Trend Micro Research Uncovers Major Flaws in Leading IoT Protocols 12/4/18 7:00 am CST

Application Security for AWS Lambda Customers

Venafi Secures $100M Financing Round Led by TCV

Steve Lipner Appointed Chair of NIST Information Security and Privacy Advisory Board

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

King & Union and Farsight Security Announce Strategic Partnership

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Higher Education: 15 Books to Help Cybersecurity Pros Be Better

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

'PowerSnitch' Hacks Androids via Power Banks

Kelly Jackson Higgins, Executive Editor at Dark Reading, 12/8/2018

Worst Password Blunders of 2018 Hit Organizations East and West

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......

Cartoon Archive

White Papers

Reducing the Human Attack Surface with Phishing Simulations

NotPetya: One Year Later

Threatscape of the US Election from Anomali Labs

Cybersecurity Checklist for SaaS Applications

Malware Review Q2-Q3 2018

More White Papers

Current Issue

10 Best Practices That Could Reshape Your IT Security Department

This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-1848
PUBLISHED: 2018-12-14

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ...

CVE-2018-1977
PUBLISHED: 2018-12-14

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.

CVE-2018-18006
PUBLISHED: 2018-12-14

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.

CVE-2018-18984
PUBLISHED: 2018-12-14

Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.

CVE-2018-19003
PUBLISHED: 2018-12-14

GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails...

Reports

How Enterprises Are Using IT Threat Intelligence

Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.

Download Now!

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

More Reports

Flash Poll

All Polls

Video