6 CISO Resolutions for 2019
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Name That Toon: I Spy
6 Ways to Strengthen Your GDPR Compliance Efforts
7 Common Breach Disclosure Mistakes
News & Commentary
Bug Hunting Paves Path to Infosec Careers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
Jai Vijayan, Freelance writerNews
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
By Jai Vijayan Freelance writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Deception: Honey vs. Real Environments
Dr. Salvatore Stolfo, Fouder & CTO, Allure SecurityCommentary
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Mac Malware Cracks WatchGuards Top 10 List
Steve Zurier, Freelance WriterNews
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
By Steve Zurier Freelance Writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Arctic Wolf Buys RootSecure
Dark Reading Staff, Quick Hits
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.
By Dark Reading Staff , 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Dark Reading Staff, Quick Hits
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
By Dark Reading Staff , 12/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Forget Shifting Security Left; It's Time to Race Left
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment2 comments  |  Read  |  Post a Comment
Battling Bots Brings Big-Budget Blow to Businesses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Equifax Breach Underscores Need for Accountability, Simpler Architectures
Robert Lemos, Technology Journalist/Data ResearcherNews
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
By Robert Lemos Technology Journalist/Data Researcher, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Attackers Using New Exploit Kit to Hijack Home & Small Office Routers
Jai Vijayan, Freelance writerNews
Goal is to steal banking credentials by redirecting users to phishing sites.
By Jai Vijayan Freelance writer, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
49% of Cloud Databases Left Unencrypted
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
The Grinch Bot Before Christmas: A Security Story for the Holidays
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
NetSecOPEN Names Founding Members, Board of Directors
Dark Reading Staff, Quick Hits
The organization is charged with building open, transparent testing protocols for network security.
By Dark Reading Staff , 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Grammarly Takes Bug Bounty Program Public
Dark Reading Staff, Quick Hits
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
By Dark Reading Staff , 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Jack Jones, Chairman, FAIR InstituteCommentary
The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.
By Jack Jones Chairman, FAIR Institute, 12/11/2018
Comment1 Comment  |  Read  |  Post a Comment
CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But it still takes an average of 85 days to spot one, the security firm's incident response investigations found.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
DanaBot Malware Adds Spam to its Menu
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new generation of modular malware increases its value to criminals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'Highly Active' Seedworm Group Hits IT Services, Governments
Kelly Sheridan, Staff Editor, Dark ReadingNews
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6705
PUBLISHED: 2018-12-12
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
CVE-2018-15717
PUBLISHED: 2018-12-12
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.
CVE-2018-15718
PUBLISHED: 2018-12-12
Open Dental before version 18.4 transmits the entire user database over the network when a remote unathenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.
CVE-2018-15719
PUBLISHED: 2018-12-12
Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.
CVE-2018-6704
PUBLISHED: 2018-12-12
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
Flash Poll
Video
Slideshows
Twitter Feed