Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
6 Tax Season Tips for Security Pros
The Anatomy of a Lazy Phish
Making the Case for a Cybersecurity Moon Shot
Security Spills: 9 Problems Causing the Most Stress
2019 Security Spending Outlook
News & Commentary
Lessons From the War on Malicious Mobile Apps
Robert Lemos, Technology Journalist/Data ResearcherNews
Despite the openness of the Android platform, Google has managed to keep its Play store mainly free of malware and malicious apps. Outside of the marketplace is a different matter.
By Robert Lemos , 2/22/2019
Comment0 comments  |  Read  |  Post a Comment
New Malware Campaign Targets Job Seekers
Dark Reading Staff, Quick Hits
LinkedIn profiles provide a persistent, patient threat actor with the information required to craft spear-phishing messages.
By Dark Reading Staff , 2/22/2019
Comment0 comments  |  Read  |  Post a Comment
6 Tips for Getting the Most from Your VPN
Curtis Franklin Jr., Senior Editor at Dark Reading
VPNs are critical for information security. But simply having these cozy security tunnels in the toolkit isn't enough to keep an organization's data safe.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/22/2019
Comment1 Comment  |  Read  |  Post a Comment
New Legislation Builds on California Data Breach Law
Dark Reading Staff, Quick Hits
This bill requires businesses to notify consumers of compromised passport numbers and biometric data.
By Dark Reading Staff , 2/22/2019
Comment3 comments  |  Read  |  Post a Comment
To Mitigate Advanced Threats, Put People Ahead of Tech
Brandon Levene, Head of Applied Intelligence, ChronicleCommentary
Preventative technologies are only part of the picture and often come at the expense of the humans behind them.
By Brandon Levene Head of Applied Intelligence, Chronicle, 2/22/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Propose New Approach to Address Online Password-Guessing Attacks
Jai Vijayan, Freelance writerNews
Recommended best practices not effective against certain types of attacks, they say.
By Jai Vijayan Freelance writer, 2/21/2019
Comment0 comments  |  Read  |  Post a Comment
Attack Campaign Experiments with Rapid Changes in Email Lure Content
Ericka Chickowski, Contributing Writer, Dark ReadingNews
It's like polymorphic behavior — only the changes are in the email lures themselves, with randomized changes to headers, subject lines, and body content.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/21/2019
Comment0 comments  |  Read  |  Post a Comment
Human Negligence to Blame for the Majority of Insider Threats
Steve Zurier, Freelance WriterNews
In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web – a 20% jump from 2018.
By Steve Zurier Freelance Writer, 2/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Why Cybersecurity Burnout Is Real (and What to Do About It)
Chris Schueler, Senior VP, Managed Security Services, TrustwaveCommentary
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
By Chris Schueler Senior VP, Managed Security Services, Trustwave, 2/21/2019
Comment1 Comment  |  Read  |  Post a Comment
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff, Quick Hits
CRXcavator scans extensions in real time based on factors including permissions, external calls, and third-party libraries.
By Dark Reading Staff , 2/21/2019
Comment2 comments  |  Read  |  Post a Comment
Cyber Extortionists Can Earn $360,000 a Year
Kelly Sheridan, Staff Editor, Dark ReadingNews
Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.
By Kelly Sheridan Staff Editor, Dark Reading, 2/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Analysts Are Only Human
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 2/21/2019
Comment2 comments  |  Read  |  Post a Comment
Insurer Offers GDPR-Specific Coverage for SMBs
Jai Vijayan, Freelance writerNews
Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.
By Jai Vijayan Freelance writer, 2/20/2019
Comment0 comments  |  Read  |  Post a Comment
As Businesses Move Critical Data to Cloud, Security Risks Abound
Kelly Sheridan, Staff Editor, Dark ReadingNews
Companies think their data is safer in the public cloud than in on-prem data centers, but the transition is driving security issues.
By Kelly Sheridan Staff Editor, Dark Reading, 2/20/2019
Comment1 Comment  |  Read  |  Post a Comment
POS Vendor Announces January Data Breach
Dark Reading Staff, Quick Hits
More than 120 restaurants were affected by an incident that exposed customer credit card information.
By Dark Reading Staff , 2/20/2019
Comment2 comments  |  Read  |  Post a Comment
Mastercard, GCA Create Small Business Cybersecurity Toolkit
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new toolkit developed by the Global Cybersecurity Alliance aims to give small businesses a cookbook for better cybersecurity.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/20/2019
Comment0 comments  |  Read  |  Post a Comment
9 Years After: From Operation Aurora to Zero Trust
Andy Ellis, Chief Security Officer, AkamaiCommentary
How the first documented nation-state cyberattack is changing security today.
By Andy Ellis Chief Security Officer, Akamai, 2/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks
Dark Reading Staff, Quick Hits
A recent wave of cybercrime has targeted organizations with employees in Belgium, France, Germany, Poland, Romania, and Serbia.
By Dark Reading Staff , 2/20/2019
Comment0 comments  |  Read  |  Post a Comment
The Anatomy of a Lazy Phish
Jordan Shakhsheer, Information Security Engineer, Bluestone AnalyticsCommentary
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
By Jordan Shakhsheer Information Security Engineer, Bluestone Analytics, 2/20/2019
Comment0 comments  |  Read  |  Post a Comment
'Formjacking' Compromises 4,800 Sites Per Month. Could Yours Be One?
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals see formjacking as a simple opportunity to take advantage of online retailers – and all they need is a small piece of JavaScript.
By Kelly Sheridan Staff Editor, Dark Reading, 2/20/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Illusive Networks Introduces Interactive Cyber Intelligence to Defend Organizations Against Human Attackers
K2 Cyber Security Unveils Cloud Workload Protection Platform to Prevent Zero-Day Attacks in Real Time
Prevalent Announces New CEO, Expands Leadership Team with 3 New C-Suite Positions
R-CISC Changes Name to Retail and Hospitality ISAC
Report Details AI and ML Cybersecurity Arms Race
Cyber and Physical Convergence is Creating New Attack Opportunities for Cybercriminals
DIGITAL GUARDIAN NAMES MORDECAI ROSEN AS CEO
Farsight Security to Introduce DNSDB Community Edition at the RSA Conference
More Products & Releases
PR Newswire
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6485
PUBLISHED: 2019-02-22
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5...
CVE-2019-9020
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc...
CVE-2019-9021
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file...
CVE-2019-9022
PUBLISHED: 2019-02-22
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parser...
CVE-2019-9023
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcom...
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Flash Poll
Video
Slideshows
Twitter Feed