Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
White House Cybersecurity Strategy at a Crossroads
10 Ways to Protect Protocols That Aren't DNS
8 Big Processor Vulnerabilities in 2018
What We Talk About When We Talk About Risk
6 M&A Security Tips
News & Commentary
70 US Election Jurisdictions Adopt Free Website Security Service
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Hawaii, Idaho, North Carolina, and Rhode Island are among states now using gratis DDoS mitigation, firewall, and user access control service from Cloudflare.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Cyberattacks in Finland Surge During Trump-Putin Summit
Jai Vijayan, Freelance writerNews
Attackers targeted IoT devices like they did during Trump's June meeting with North Korea's Kim Jong-un, but this time China was the top-attacking nation.
By Jai Vijayan Freelance writer, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Robotic Vacuums May Hoover Your Data
Dark Reading Staff, Quick Hits
Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
By Dark Reading Staff , 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Free New Scanner Aims to Protect Home Networks
Dark Reading Staff, Quick Hits
Free software pinpoints vulnerabilities and offers suggestions for remediation.
By Dark Reading Staff , 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure MentemCommentary
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
By Ira Winkler CISSP, President, Secure Mentem, 7/19/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Ways to Tell an Insider Has Gone Rogue
Jai Vijayan, Freelance writer
Malicious activity by trusted users can be very hard to catch, so look for these red flags.
By Jai Vijayan Freelance writer, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Beyond Passwords: Why Your Company Should Rethink Authentication
Rajiv Dholakia, VP Products, Nok Nok LabsCommentary
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
By Rajiv Dholakia VP Products, Nok Nok Labs, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Number of Retailers Impacted by Breaches Doubles
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The retail race for digital transformation is being run without the safety of security measures.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.
By Kelly Sheridan Staff Editor, Dark Reading, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
Messenger Apps Top Risk Hit Parade
Dark Reading Staff, Quick Hits
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
By Dark Reading Staff , 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
Make Security Boring Again
Joel Fulton, Chief Information Security Officer for SplunkCommentary
In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.
By Joel Fulton Chief Information Security Officer for Splunk, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
New Subscription Service Takes on Ransomware Protection
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Moves Up As Phishers' Favorite Target for Brand Spoofing
Dark Reading Staff, Quick Hits
Researchers compiled a list of the most common brands to impersonate by detecting and analyzing new phishing URLs.
By Dark Reading Staff , 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
From Bullets to Clicks: The Evolution of the Cyber Arms Race
Nir Gaist, CTO and Founder of NyotronCommentary
Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.
By Nir Gaist CTO and Founder of Nyotron, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Trump administration's initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/17/2018
Comment6 comments  |  Read  |  Post a Comment
One-Third of Businesses Lack a Cybersecurity Expert
Kelly Sheridan, Staff Editor, Dark ReadingNews
Alarming, yes, but it's actually an improvement over past years, a new Gartner survey of more than 3,000 CIOs reveals.
By Kelly Sheridan Staff Editor, Dark Reading, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Gunter Ollmann, CTO, Security, Microsoft Cloud and AI Division Commentary
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
By Gunter Ollmann CTO, Security, Microsoft Cloud and AI Division , 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Nearly Half of Security Pros Reuse Passwords
Dark Reading Staff, Quick Hits
Survey exposes poor security practices by the people who should know better.
By Dark Reading Staff , 7/17/2018
Comment1 Comment  |  Read  |  Post a Comment
SCADA/ICS Dangers & Cybersecurity Strategies
Peter Newton, Senior Director of Product Marketing at FortinetCommentary
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
By Peter Newton Senior Director of Product Marketing at Fortinet, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
7 Nigerians Indicted for Fraud Operation on Dating Sites
Dark Reading Staff, Quick Hits
Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.
By Dark Reading Staff , 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Mimecast Opens Early Adopter Program for New Web Security Service
Verodin Closes $21M Series B Financing
new MoneyTaker case resulting in theft of $1M from Russian bank
NYU Tandon Business Incubator Creates Penteston, SaaS Platform to Assess Cyber Risk
Fastly Secures $40M Investment to Help Companies Deliver Secure Content at Scale
Netskope Acquires Sift Security
Former DuPont Employee Pleads Guilty to Stealing Trade Secrets and Lying to the FBI
Backbase and Jumio Form Global Alliance for AI-Powered Identity Verification
More Products & Releases
PR Newswire
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise security—the IT team members tasked with protecting critical data from cyber threats—and will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10869
PUBLISHED: 2018-07-19
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
CVE-2018-10870
PUBLISHED: 2018-07-19
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
CVE-2018-12959
PUBLISHED: 2018-07-19
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
CVE-2018-14336
PUBLISHED: 2018-07-19
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
CVE-2018-10620
PUBLISHED: 2018-07-19
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code t...
Flash Poll
Video
Slideshows
Twitter Feed