Cracking 2FA: How It's Done and How to Stay Safe
Dark Reading Conference Call for Speakers Closes Friday
7 Tools for Stronger IoT Security, Visibility
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
8 Ways Hackers Can Game Air Gap Protections
News & Commentary
ZipperDown Vulnerability Could Hit 10% of iOS Apps
Dark Reading Staff, Quick Hits
A newly discovered vulnerability could affect thousands of iOS apps -- and Android users may not be spared.
By Dark Reading Staff , 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
Pet Tracker Flaws Expose Pets and Their Owners to Cybercrime
Dark Reading Staff, Quick Hits
Hackers can exploit vulnerabilities in popular pet trackers to intercept location coordinates and access owners' personal data.
By Dark Reading Staff , 5/22/2018
Comment1 Comment  |  Read  |  Post a Comment
The State of Information Sharing: 20 Years after the First White House Mandate
Paul Kurtz, CEO & Cofounder, TruSTAR TechnologyCommentary
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
By Paul Kurtz CEO & Cofounder, TruSTAR Technology, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
North Korean Defectors Targeted with Malicious Apps on Google Play
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sun Team hacking group is behind RedDawn, which steals victims' photos and data and passes them to threat actors.
By Kelly Sheridan Staff Editor, Dark Reading, 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
New BIND Vulnerabilities Threaten DNS Availability
Dark Reading Staff, Quick Hits
A pair of vulnerabilities in BIND could leave some organizations without DNS.
By Dark Reading Staff , 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Conference Call for Speakers Closes Friday
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Don't be shy, security practitioners. Share your best practices at our 2nd annual INsecurity Conference, to be held Oct. 23-25 in Chicago.
By Sara Peters Senior Editor at Dark Reading, 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
Google to Delete 'Secure' Label from HTTPS Sites
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
Google acknowledges HTTPS as the Internet standard with plans to remove secure from all HTTPS sites.
By Kelly Sheridan Staff Editor, Dark Reading, 5/21/2018
Comment1 Comment  |  Read  |  Post a Comment
'Roaming Mantis' Android Malware Evolves, Expands Targets
Dark Reading Staff, Quick Hits
Roaming Mantis has evolved rapidly, adding geographies, platforms, and capabilities to its original scope.
By Dark Reading Staff , 5/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Get Smart About Network Segmentation & Traffic Routing
Jack Hamm, Principal Information Security Engineer, Gigamon
Through a combination of intelligent segmentation and traffic routing to tools, you can gain much better visibility into your network. Here's how.
By Jack Hamm Principal Information Security Engineer, Gigamon, 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, CybereasonCommentary
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
By Lital Asher-Dotan Senior Director, Security Research and Content, Cybereason, 5/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Actor Advertises Japanese PII on Chinese Underground
Kelly Sheridan, Staff Editor, Dark ReadingNews
The dataset contains 200 million rows of information stolen from websites across industries, likely via opportunistic access.
By Kelly Sheridan Staff Editor, Dark Reading, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff, Quick Hits
Using DDoS for hire services and possessing firearms as a felon combine to land a New Mexico man 15 years in federal prison.
By Dark Reading Staff , 5/18/2018
Comment2 comments  |  Read  |  Post a Comment
Syrian Electronic Army Members Indicted for Conspiracy
Dark Reading Staff, Quick Hits
Two men have been charged for their involvement in a plot to commit computer hacking as members of the Syrian Electronic Army.
By Dark Reading Staff , 5/18/2018
Comment1 Comment  |  Read  |  Post a Comment
How to Hang Up on Fraud
Patrick Cox, Chairman and CEO of TRUSTIDCommentary
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
By Patrick Cox Chairman and CEO of TRUSTID, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
New Research Seeks to Shorten Attack Dwell Time
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
It can take months for an organization to know they've been hacked. A new DARPA-funded project seeks to reduce that time to hours.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
Get Ready for 'WannaCry 2.0'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Another widespread worm attack is "inevitable," but spreading a different more lucrative or destructive payload, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2018
Comment1 Comment  |  Read  |  Post a Comment
Federal Jury Convicts Operator of Massive Counter-Antivirus Service
Jai Vijayan, Freelance writerNews
Scan4You helped thousands of criminals check if AV products could detect and block their malware tools.
By Jai Vijayan Freelance writer, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
The Risks of Remote Desktop Access Are Far from Remote
Matt Ahrens,  Security Team Leader at CoalitionCommentary
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
By Matt Ahrens Security Team Leader at Coalition, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Tanium's Valuation Reaches $5 Billion With New Investment
Dark Reading Staff, Quick Hits
Tanium has received a $175 million investment from TPG Growth.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Get Smart About Network Segmentation & Traffic Routing
Through a combination of intelligent segmentation and traffic routing to tools, you can gain much better visibility into your network. Here's how. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise securitythe IT team members tasked with protecting critical data from cyber threatsand will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11321
PUBLISHED: 2018-05-22
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
CVE-2018-11322
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
CVE-2018-11323
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
CVE-2018-11324
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
CVE-2018-11325
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Flash Poll
Video
Slideshows
Twitter Feed