Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

Holiday Hacks: 6 Cyberthreats to Watch Right Now

6 Ways to Strengthen Your GDPR Compliance Efforts

Top Stories

6 CISO Resolutions for 2019

Holiday Hacks: 6 Cyberthreats to Watch ...

Name That Toon: I Spy

6 Ways to Strengthen Your GDPR Compliance ...

7 Common Breach Disclosure Mistakes

News & Commentary

Facebook: Photo API Bug Exposed 6.8M User Photos

Quick Hits

The flaw let developers access images that users may not have shared publicly, including those they started to upload but didn’t post.

By Dark Reading Staff , 12/17/2018

0 comments | Read | Post a Comment

Shhhhh! The Secret to Secrets Management

Mark B. Cooper, President and Founder, PKI Solutions

Commentary

Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.

By Mark B. Cooper President and Founder, PKI Solutions, 12/17/2018

0 comments | Read | Post a Comment

Email Bomb Threats Follow Sextortion Playbook

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/14/2018

0 comments | Read | Post a Comment

Iranian Hackers Target Nuclear Experts, US Officials

Quick Hits

Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.

By Dark Reading Staff , 12/14/2018

0 comments | Read | Post a Comment

Who Are You, Really? A Peek at the Future of Identity

Kelly Sheridan, Staff Editor, Dark Reading

News

Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.

By Kelly Sheridan Staff Editor, Dark Reading, 12/14/2018

0 comments | Read | Post a Comment

Retailers: Avoid the Hackable Holidaze

Commentary

The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.

By Fred Kneip CEO at CyberGRX, 12/14/2018

0 comments | Read | Post a Comment

2019 Attacker Playbook

Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.

By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018

1 Comment | Read | Post a Comment

Cybercriminals Change Tactics to Outwit Machine-Learning Defense

Quick Hits

The rise in machine learning for security has forced criminals to rethink how to avoid detection.

By Dark Reading Staff , 12/14/2018

0 comments | Read | Post a Comment

Universities Get Schooled by Hackers

News

Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/13/2018

0 comments | Read | Post a Comment

Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business

News

Enterprises are struggling with familiar old security challenges as a result, new survey shows.

By Jai Vijayan Freelance writer, 12/13/2018

0 comments | Read | Post a Comment

Cybercrime Is World's Biggest Criminal Growth Industry

Quick Hits

The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.

By Dark Reading Staff , 12/13/2018

0 comments | Read | Post a Comment

Setting the Table for Effective Cybersecurity: 20 Culinary Questions

Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA

Commentary

Even the best chefs will produce an inferior product if they begin with the wrong ingredients.

By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 12/13/2018

0 comments | Read | Post a Comment

Education Gets an 'F' for Cybersecurity

Quick Hits

The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.

By Dark Reading Staff , 12/13/2018

0 comments | Read | Post a Comment

The Economics Fueling IoT (In)security

Ariel Kriger, VP Business Development at VDOO

Commentary

Attackers understand the profits that lie in the current lack of security. That must change.

By Ariel Kriger VP Business Development at VDOO, 12/13/2018

0 comments | Read | Post a Comment

Worst Password Blunders of 2018 Hit Organizations East and West

News

Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018

4 comments | Read | Post a Comment

Latest Comment: MarkSitkowski, I think this says it all: linkedin.com/pulse/watch-mark-sitkowski/

Bug Hunting Paves Path to Infosec Careers

News

Ethical hackers use bug bounty programs to build the skills they need to become security professionals.

By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018

0 comments | Read | Post a Comment

U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign

News

McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.

By Jai Vijayan Freelance writer, 12/12/2018

0 comments | Read | Post a Comment

Deception: Honey vs. Real Environments

Dr. Salvatore Stolfo, Fouder & CTO, Allure Security

Commentary

A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.

By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 12/12/2018

0 comments | Read | Post a Comment

Mac Malware Cracks WatchGuard’s Top 10 List

News

Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.

By Steve Zurier Freelance Writer, 12/12/2018

0 comments | Read | Post a Comment

Arctic Wolf Buys RootSecure

Quick Hits

The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.

By Dark Reading Staff , 12/12/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by MelBrandle

In every organization, teamwork is key to ensure that a specific set of goals can be met at the end of the day. It is not just about making sure that everyone can work together to get tasks done but it is ultimately to strive...

In reply to: Teamwork cooperation
Post Your Own Reply

Posted by MelBrandle

We can never escape the clench of internet threats which are evolving alongside technological advancements. The more resources there are, the more opportunities there would be for threats to make progress. From our end,...

In reply to: Giving chances to threats
Post Your Own Reply

Posted by acampbell448

Look deep into my eyes. You are getting sleepy, very sleepy......

In reply to: AI Hypnotist!
Post Your Own Reply

Posted by StephenGiderson

This is not the first coverage I have read whereby usually the employees of that very company are the ones to be doing all the dirty work. Most of the time it is about money whereas on other occasions, it could be out of...

In reply to: Be on guard
Post Your Own Reply

Posted by StephenGiderson

I bet the hackers of the world are just waiting for Toyota to launch some competition for this now. It's probably going to be the best way to test if their security team has done a good enough job trying to protect their...

In reply to: Hit or miss…
Post Your Own Reply

Posted by MarkSindone

I reckon that people in all walks of life need to be given an opportunity to understand the impact of the work that they are doing. It's not just about being in privacy, but even the people who are working in waste collection...

In reply to: Find your passion
Post Your Own Reply

Posted by Ritu_G

Why are these areas always the focus when the topic of cybercrime is being discussed? The same culprits are just there improving their techniques whilst we are out here falling victims to their clever scamming. More users...

In reply to: The same faces
Post Your Own Reply

Posted by Ritu_G

It has become ever so often that we hear of organizations being fined due to their security lax that led to breaches. However, where do those hefty sums of money go to? Are they being channelled to a proper platform that...

In reply to: Channel the fine properly
Post Your Own Reply

Posted by cumberbatch00111

camera, camera everywhere, not a single news to rely on

In reply to: Caption goes like:
Post Your Own Reply

Posted by CameronRobertson

Sadly, I have to admit that I have personally taken online quizzes too just for fun. Some of them even offered rewards which are not that great but hey, who wouldn't want a free gift just for taking an easy 5-minute quiz?...

In reply to: Too easy
Post Your Own Reply

Posted by CameronRobertson

Scammers have been doing this job for decades so they are getting better as we speak. Look at the percentage of victims who became vulnerable just over a phonecall. We need to be vigilant at all costs because only we have...

In reply to: Scam game
Post Your Own Reply

Posted by MarkSitkowski

I think this says it all: linkedin.com/pulse/watch-mark-sitkowski/

In reply to: Is It Really The Password's Fault?
Post Your Own Reply

More Conversations

Products & Releases

CrowdStrike Part of MITRE ATT&CK Product Evaluation

Vodafone Announces 2019 Global Trends Report, Enterprise Brand Refresh

Trend Micro Research Uncovers Major Flaws in Leading IoT Protocols 12/4/18 7:00 am CST

Application Security for AWS Lambda Customers

Venafi Secures $100M Financing Round Led by TCV

Steve Lipner Appointed Chair of NIST Information Security and Privacy Advisory Board

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

King & Union and Farsight Security Announce Strategic Partnership

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Higher Education: 15 Books to Help Cybersecurity Pros Be Better

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

Worst Password Blunders of 2018 Hit Organizations East and West

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

2019 Attacker Playbook

Ericka Chickowski, Contributing Writer, Dark Reading, 12/14/2018

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......

Cartoon Archive

White Papers

Reducing the Human Attack Surface with Phishing Simulations

The Year in Security 2018

STIX/TAXII: What You Need to Know

Know Your Unknowns With a Master IP Address List Audit

Shutting Down Banking Trojans

More White Papers

Current Issue

10 Best Practices That Could Reshape Your IT Security Department

This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-20173
PUBLISHED: 2018-12-17

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.

CVE-2017-18352
PUBLISHED: 2018-12-17

Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.

CVE-2017-18353
PUBLISHED: 2018-12-17

Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application.

CVE-2017-18354
PUBLISHED: 2018-12-17

Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.

CVE-2017-18355
PUBLISHED: 2018-12-17

Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files.

Reports

How Enterprises Are Using IT Threat Intelligence

Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.

Download Now!

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

More Reports

Flash Poll

All Polls

Video