Dark Reading | Security | Protect The Business

Network Computing Darkreading

Advertise

About Us

WhatsApp: Mobile Phishing's Newest Attack Target

6 Reasons Security Awareness Programs Go Wrong

Top Stories

How Data Breaches Affect the Enterprise

7 Steps to Start Searching with Shodan

WhatsApp: Mobile Phishing's Newest Attack ...

Cartoon: Hack the Vote

6 Reasons Security Awareness Programs Go ...

News & Commentary

Machine Identities Need Protection, Too

Quick Hits

A new study shows that device identities need a level of protection that they're not getting from most organizations.

By Dark Reading Staff , 8/31/2018

0 comments | Read | Post a Comment

How Hackers Hit Printers

News

New Booz Allen Hamilton report advises companies to include printers in their overall security strategy.

By Steve Zurier Freelance Writer, 8/31/2018

0 comments | Read | Post a Comment

Why Automation Will Free Security Pros to Do What They Do Best

Commentary

There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.

By Roy Katmor CEO & Co-Founder, enSilo, 8/31/2018

0 comments | Read | Post a Comment

Cryptocurrency Scams Replacing Ransomware as Attackers' Fave

Ericka Chickowski, Contributing Writer, Dark Reading

News

Cryptojacking miners and fileless malware see biggest growth in first half of 2018.

By Ericka Chickowski Contributing Writer, Dark Reading, 8/30/2018

2 comments | Read | Post a Comment

Latest Comment: colad1930, Yes sir, agree with your say, spam is not an option and we are not still prepared...

Lessons From the Black Hat USA NOC

Curtis Franklin Jr., Senior Editor at Dark Reading

Commentary

The conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/30/2018

0 comments | Read | Post a Comment

Who's At Greatest Risk for BEC Attacks? Not the CEO

Kelly Sheridan, Staff Editor, Dark Reading

News

CEOs only make up 2.2% of business email compromise targets, a sign most victims are further down the corporate ladder.

By Kelly Sheridan Staff Editor, Dark Reading, 8/30/2018

0 comments | Read | Post a Comment

Botnets Serving Up More Multipurpose Malware

News

Attackers increasingly are distributing malware that can be used for a variety of different tasks, Kaspersky Lab says.

By Jai Vijayan Freelance writer, 8/30/2018

0 comments | Read | Post a Comment

Carbanak/Cobalt/FIN7 Group Targets Russian, Romanian Banks in New Attacks

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Latest campaign by the hard-to-kill cybercrime group hides malicious code behind legitimate files, Windows processes.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/30/2018

0 comments | Read | Post a Comment

New Pen Test Tool Tricks Targets with Microsoft WCX Files

Quick Hits

The open-source tool lets penetration testers gather credentials by convincing targets to open a Microsoft WCX file.

By Dark Reading Staff , 8/30/2018

0 comments | Read | Post a Comment

4 Benefits of a World with Less Privacy

Commentary

The privacy issue is a problem for a lot of people. I see it differently.

By Reg Harnish CEO, GreyCastle Security, 8/30/2018

5 comments | Read | Post a Comment

Latest Comment: dan91266, I consider myself similarly optimistic. However my optimism springs from the...

'Celebgate' Hacker Heading to Prison

Quick Hits

Connecticut man gets eight months for role in attack involving leak of personal celebrity photos, including those of actress Jennifer Lawrence.

By Dark Reading Staff , 8/30/2018

0 comments | Read | Post a Comment

'Security Fatigue' Could Put Business at Risk

News

The relentless march of security breaches may cause some individuals to drop their guard, but there's more to the story than that.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/29/2018

0 comments | Read | Post a Comment

IT Professionals Think They're Better Than Their Security

Quick Hits

More than half of professionals think they have a good shot at a successful insider attack.

By Dark Reading Staff , 8/29/2018

0 comments | Read | Post a Comment

Windows Zero-Day Flaw Disclosed Via Twitter

News

Security experts confirm the privilege escalation vulnerability in Microsoft Windows still works.

By Kelly Sheridan Staff Editor, Dark Reading, 8/29/2018

0 comments | Read | Post a Comment

Overestimating WebAssembly's Security Benefits Is Risky for Developers

Commentary Video

Although WebAssembly technology promises both better performance and better security to developers, it also creates a new risk for native exploits in the browser.

By Dark Reading Staff , 8/29/2018

0 comments | Read | Post a Comment

Telecommunications Industry in the Bullseye

News

New report cites higher volume and increased sophistication of threats to the sector.

By Steve Zurier Freelance Writer, 8/29/2018

0 comments | Read | Post a Comment

Passport Numbers Exposed in Air Canada Data Breach

Quick Hits

Mobile app hit in cyberattack that compromised 20K user accounts.

By Dark Reading Staff , 8/29/2018

0 comments | Read | Post a Comment

Instagram Debuts New Security Tools

Quick Hits

Updates include a new feature to verify the authenticity of popular accounts and a means of integrating two-factor authentication.

By Dark Reading Staff , 8/29/2018

0 comments | Read | Post a Comment

How One Company’s Cybersecurity Problem Becomes Another's Fraud Problem

Curtis Jordan, Lead Security Engineer, TruSTAR

Commentary

The solution: When security teams see something in cyberspace, they need to say something.

By Curtis Jordan Lead Security Engineer, TruSTAR, 8/29/2018

8 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, @Dr.T: Sure, virtualization and gapping measures can be great for security...

7 Steps to Start Searching with Shodan

The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/29/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by colad1930

Yes sir, agree with your say, spam is not an option and we are not still prepared to take and control Ransomware. Innovation is a must to be done thing to protect from smartcric ransomware.

In reply to: Smartcric Pendulum ">Re: Smartcric Pendulum
Post Your Own Reply

Posted by dan91266

I consider myself similarly optimistic. However my optimism springs from the good sense of the electorate. We seem, here in the US to stagger between twin abysses of facism and socialism. We walk a zig zag path like...

In reply to: Re: Less Privacy is Good?-NOT
Post Your Own Reply

Posted by rharnish

I tend to be more of a "glass half full" kinda guy. :)

In reply to: Re: Less Privacy is Good?-NOT
Post Your Own Reply

Posted by dan91266

All we have to do to reduce cybercrime is surrender our privacy.... said every tyrant ever! While we are at it, let's give the government DNA and blood samples universally, just so they can catch the criminals....

In reply to: Less Privacy is Good?-NOT
Post Your Own Reply

Posted by markgrogan

I'd be quite frighted to see that some of the automated appliances and systems around me are so easily hacked by people who intend to misuse the information there. I'm probably watching way too many movies, but it really...

In reply to: Re: Great Stuff!
Post Your Own Reply

Posted by Joe Stanganelli

There's definitely been a big turn over the past so-many years. The spam business isn't what it used to be, allowing ransomware to really take off as a business model. The pendulum appears to be swinging back to the...

In reply to: Pendulum
Post Your Own Reply

Posted by Joe Stanganelli

@Dr.T: Sure, virtualization and gapping measures can be great for security and tenant isolation...but more to the point, certain systems have to interact with each other -- and the security issues flow just as readily as...

In reply to: Re: Fraud
Post Your Own Reply

Posted by Joe Stanganelli

@Dr.T: Actually, nope, that's not what happened; this was not a case of PEBKAC. The problem lay with security issues at Amazon and Apple respectively. Here's Honan's account of his digital nightmare: wired.com/2012/08/ap...

In reply to: Re: Honan example
Post Your Own Reply

Posted by StephenGiderson

Mobile messaging apps are really a lifesaver when we want to communicate with friends and family and even co-workers at an instant. However, when they are being used for a different purpose that involves the dark web, it...

In reply to: hi
Post Your Own Reply

Posted by Marilyn Cohodas

Thanks for catching that typo! It's been fixed in the text.

In reply to: Re: Confusion
Post Your Own Reply

Posted by username007

Title: 4 Benefits of a World with Less Privacy Content: With that said, here are three benefits of a world with less privacy:... Actual content: "4 things I do not really understand but from a high level it sounds good...

In reply to: Confusion
Post Your Own Reply

Posted by chillywilly

An SDP approach for end users make sense and should be extended to all entitiies; machines, vm's, and containers. Great post!

In reply to: SDP makes sesnse
Post Your Own Reply

More Conversations

Products & Releases

Andreessen Horowitz Leads $8.5 Million Investment in Very Good Security

OWASP Announces Lineup for AppSec USA 2018 Conference

Asigra TrueNAS Backup Appliance Built on iXsystems Storage to be Unveiled at VMWorld 2018

Managed Methods, Cylance Team Up on Endpoint Protection for Cloud Applications

Lacework Closes $24 Million Series B Financing with Sutter Hill Ventures

Nearly Half of Businesses Report an Unrecoverable Data Event in the Last Three Years: Study

Plurilock Surpasses $1M Revenue, Launches SaaS Products for Behavioral-Biometric Security

Trend Micro Research Launches New Program to Help IoT Device Makers

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

How One Company's Cybersecurity Problem Becomes Another's Fraud Problem

Curtis Jordan, Lead Security Engineer, TruSTAR, 8/29/2018

Free Cybersecurity Services Offer a First Step to Securing US Elections

Kelly Jackson Higgins, Executive Editor at Dark Reading, 8/28/2018

4 Benefits of a World with Less Privacy

Reg Harnish, CEO, GreyCastle Security, 8/30/2018

Partner Perspectives

What's This?

A Cybersecurity Christmas Story

Automation and orchestration will be essential components of security in 2017. Read >>

Investments In Security Operations Centers Are Paying Off, Study Finds

0 comments

Are Unconscious Biases Weakening Your Security Posture?

0 comments

More Stories

Partner Perspectives

What's This?

'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle

These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>

Report: Only 2 in 3 Cyber Attacks Can Be Stopped with Current Defenses

3 comments

How to Secure Hyperconverged Infrastructures & Why It Is Different

0 comments

More Stories

Partner Perspectives

What's This?

A Sneak Peek at the New NIST Cybersecurity Framework

Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>

Misleading Cyber Foes with Deception Technology

0 comments

Enabling Better Risk Mitigation with Threat Intelligence

0 comments

More Stories

Partner Perspectives

What's This?

Cloud Misconceptions Are Pervasive Across Enterprises

Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>

How to Leverage Artificial Intelligence for Cybersecurity

0 comments

Avoiding the Ransomware Mistakes that Crippled Atlanta

8 comments

More Stories

Partner Perspectives

What's This?

An Industry In Transition: Key Tech Trends In 2018

Read >>

Get Smart About Network Segmentation & Traffic Routing

0 comments

Report: More Breaches Despite Increasing Security Budgets

0 comments

More Stories

Partner Perspectives

What's This?

Continuous Compliance and Effective Audit Preparation for the Cloud

Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>

5 Factors to Secure & Streamline Your Cloud Deployment

0 comments

Cloud Complexity Mandates Security Visibility

0 comments

More Stories

Partner Perspectives

What's This?

Boosting Security Effectiveness with 'Adjuvants'

How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>

Electroneum Cryptomining Targets Microsoft IIS 6.0 Vulnerability

0 comments

4 Critical Applications and How to Protect Them

0 comments

More Stories

Partner Perspectives

What's This?

Breach Defense Playbook: Cybersecurity Governance

Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>

Breach Defense Playbook: Incident Response Readiness (Part 2)

0 comments

Breach Defense Playbook: Incident Response Readiness (Part 1)

0 comments

More Stories

Partner Perspectives

What's This?

Let's Get Smarter About Security By Working Together

We all need help, and only by working together can we move the needle on security. Read >>

Cybersecurity Self-Esteem: 4 Things Confident Teams Are Doing

0 comments

How the Adoption of EDR Transforms a SOC’s Effectiveness

0 comments

More Stories

Partner Perspectives

What's This?

WanaCrypt0r Hits Worldwide

Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>

Malspam Causing Havoc for Mac & Windows

0 comments

OSX.Bella: Mac Malware Strikes Again

1 Comment

More Stories

Partner Perspectives

What's This?

Endpoint Security: Putting The Focus On What Matters

Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>

Are You Making This Endpoint Security Mistake?

0 comments

Asset Segmentation: The Key To Control

0 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Build Your Communications & Collaboration Future

Enterprise Connect Orlando 2019 Registration is Open!

Cartoon

Latest Comment: Setting aside the humor for a second, this situation could arguably happen without a hack. There's a certain popular romance to Putin in some ...

Cartoon Archive

White Papers

Budget & Buy-in: Get Your C-Level Invested in Cybersecurity

Understanding Cyber-Attacks

The Practical Security Guide To Prevent Cyber Extortion

SD-WAN Partner Checklist

Big Telco Translation Guide

More White Papers

Current Issue

The Biggest Cybersecurity Breaches of 2018 (So Far)

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-16450
PUBLISHED: 2018-09-04

CraftedWeb through 2013-09-24 has reflected XSS via the p parameter.

CVE-2018-16444
PUBLISHED: 2018-09-04

An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.

CVE-2018-16445
PUBLISHED: 2018-09-04

An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request.

CVE-2018-16446
PUBLISHED: 2018-09-04

An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.

CVE-2018-16447
PUBLISHED: 2018-09-04

Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.

Reports

How Data Breaches Affect the Enterprise

This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!

Download Now!

The State of IT and Cybersecurity

0 comments

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

More Reports

Flash Poll

All Polls

Video