Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
6 CISO Resolutions for 2019
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Name That Toon: I Spy
6 Ways to Strengthen Your GDPR Compliance Efforts
7 Common Breach Disclosure Mistakes
News & Commentary
DanaBot Malware Adds Spam to its Menu
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new generation of modular malware increases its value to criminals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'Highly Active' Seedworm Group Hits IT Services, Governments
Kelly Sheridan, Staff Editor, Dark ReadingNews
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
Satan Ransomware Variant Exploits 10 Server-Side Flaws
Jai Vijayan, Freelance writerNews
Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
By Jai Vijayan Freelance writer, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
New Google+ Breach Will Lead to Early Service Shutdown
Dark Reading Staff, Quick Hits
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
By Dark Reading Staff , 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'Dr. Shifro' Prescribes Fake Ransomware Cure
Dark Reading Staff, Quick Hits
A Russian firm aims to capitalize on ransomware victims' desperation by offering to unlock files then passing money to attackers.
By Dark Reading Staff , 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
6 Cloud Security Predictions for 2019
Ory Segal, CTO, PureSecCommentary
How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.
By Ory Segal CTO, PureSec, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
6 CISO Resolutions for 2019
Ericka Chickowski, Contributing Writer, Dark Reading
The ultimate to-do list for ambitious security leaders.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/10/2018
Comment1 Comment  |  Read  |  Post a Comment
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher demonstrates how attackers could steal data from smartphones while they're charging.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/8/2018
Comment3 comments  |  Read  |  Post a Comment
Criminals Use Locally Connected Devices to Attack, Loot Banks
Jai Vijayan, Freelance writerNews
Tens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.
By Jai Vijayan Freelance writer, 12/7/2018
Comment1 Comment  |  Read  |  Post a Comment
'Simplify Everything': Google Talks Container Security in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.
By Kelly Sheridan Staff Editor, Dark Reading, 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
Iranian Nationals Charged for Atlanta Ransomware Attack
Dark Reading Staff, Quick Hits
The March attack used SamSam ransomware to infect 3,789 computers.
By Dark Reading Staff , 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
Kubernetes Deployments Around the World Show Vulnerabilities
Dark Reading Staff, Quick Hits
Kubernetes owners who expose APIs to the Internet are leaving their systems open to hackers.
By Dark Reading Staff , 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
Insider Threats & Insider Objections
Richard Ford, Chief Scientist, ForcepointCommentary
The ‘tyranny of the urgent’ and three other reasons why it’s hard for CISOs to establish a robust insider threat prevention program.
By Richard Ford Chief Scientist, Forcepoint, 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
Kubernetes Vulnerability Hits Top of Severity Scale
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Adobe Flash Zero-Day Spreads via Office Docs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Adobe has patched a zero-day in its Flash player after attackers leveraged the exploit in an active campaign.
By Kelly Sheridan Staff Editor, Dark Reading, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Bringing Compliance into the SecDevOps Process
Joe Ward, Senior Security Analyst, Bishop FoxCommentary
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
By Joe Ward Senior Security Analyst, Bishop Fox, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
4 Lessons Die Hard Teaches About Combating Cyber Villains
Keith Graham, Chief Technology Officer, SecureAuthCommentary
With proper planning, modern approaches, and tools, we can all be heroes in the epic battle against the cyber threat.
By Keith Graham Chief Technology Officer, SecureAuth, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Apple Issues Security Fixes Across Mac, iOS
Dark Reading Staff, Quick Hits
Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
55% of Companies Don't Offer Mandatory Security Awareness Training
Dark Reading Staff, Quick Hits
Even those that provide employee training do so sparingly, a new study finds.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
7 Common Breach Disclosure Mistakes
Jai Vijayan, Freelance writer
How you report a data breach can have a big impact on its fallout.
By Jai Vijayan Freelance writer, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
MITRE ATT&CK Product Evaluation Puts CrowdStrike on Top
Vodafone Announces 2019 Global Trends Report, Enterprise Brand Refresh
Trend Micro Research Uncovers Major Flaws in Leading IoT Protocols 12/4/18 7:00 am CST
Application Security for AWS Lambda Customers
Venafi Secures $100M Financing Round Led by TCV
Steve Lipner Appointed Chair of NIST Information Security and Privacy Advisory Board
More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report
King & Union and Farsight Security Announce Strategic Partnership
More Products & Releases
PR Newswire
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: New camera 2FA closed loop!
White Papers
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20059
PUBLISHED: 2018-12-11
jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.
CVE-2018-20056
PUBLISHED: 2018-12-11
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.
CVE-2018-20057
PUBLISHED: 2018-12-11
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter.
CVE-2018-20058
PUBLISHED: 2018-12-11
In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634.
CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
Flash Poll
Video
Slideshows
Twitter Feed