6 CISO Resolutions for 2019
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Name That Toon: I Spy
6 Ways to Strengthen Your GDPR Compliance Efforts
7 Common Breach Disclosure Mistakes
News & Commentary
Facebook: Photo API Bug Exposed 6.8M User Photos
Dark Reading Staff, Quick Hits
The flaw let developers access images that users may not have shared publicly, including those they started to upload but didnt post.
By Dark Reading Staff , 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Shhhhh! The Secret to Secrets Management
Mark B. Cooper, President and Founder, PKI SolutionsCommentary
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
By Mark B. Cooper President and Founder, PKI Solutions, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Email Bomb Threats Follow Sextortion Playbook
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Iranian Hackers Target Nuclear Experts, US Officials
Dark Reading Staff, Quick Hits
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
By Dark Reading Staff , 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Who Are You, Really? A Peek at the Future of Identity
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
By Kelly Sheridan Staff Editor, Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Retailers: Avoid the Hackable Holidaze
Fred Kneip, CEO at CyberGRXCommentary
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
By Fred Kneip CEO at CyberGRX, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Cybercriminals Change Tactics to Outwit Machine-Learning Defense
Dark Reading Staff, Quick Hits
The rise in machine learning for security has forced criminals to rethink how to avoid detection.
By Dark Reading Staff , 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Universities Get Schooled by Hackers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business
Jai Vijayan, Freelance writerNews
Enterprises are struggling with familiar old security challenges as a result, new survey shows.
By Jai Vijayan Freelance writer, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Is World's Biggest Criminal Growth Industry
Dark Reading Staff, Quick Hits
The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.
By Dark Reading Staff , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Education Gets an 'F' for Cybersecurity
Dark Reading Staff, Quick Hits
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
By Dark Reading Staff , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Economics Fueling IoT (In)security
Ariel Kriger, VP Business Development at VDOOCommentary
Attackers understand the profits that lie in the current lack of security. That must change.
By Ariel Kriger VP Business Development at VDOO, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment4 comments  |  Read  |  Post a Comment
Bug Hunting Paves Path to Infosec Careers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
Jai Vijayan, Freelance writerNews
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
By Jai Vijayan Freelance writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Deception: Honey vs. Real Environments
Dr. Salvatore Stolfo, Fouder & CTO, Allure SecurityCommentary
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Mac Malware Cracks WatchGuards Top 10 List
Steve Zurier, Freelance WriterNews
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
By Steve Zurier Freelance Writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Arctic Wolf Buys RootSecure
Dark Reading Staff, Quick Hits
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.
By Dark Reading Staff , 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20173
PUBLISHED: 2018-12-17
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.
CVE-2017-18352
PUBLISHED: 2018-12-17
Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.
CVE-2017-18353
PUBLISHED: 2018-12-17
Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application.
CVE-2017-18354
PUBLISHED: 2018-12-17
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.
CVE-2017-18355
PUBLISHED: 2018-12-17
Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files.
Flash Poll
Video
Slideshows
Twitter Feed