8 Big Processor Vulnerabilities in 2018
What We Talk About When We Talk About Risk
7 Ways to Keep DNS Safe
6 M&A Security Tips
Name That Toon: Mobile Threat
News & Commentary
SCADA/ICS Dangers & Cybersecurity Strategies
Peter Newton, Senior Director of Product Marketing at FortinetCommentary
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
By Peter Newton Senior Director of Product Marketing at Fortinet, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
7 Nigerians Indicted for Fraud Operation on Dating Sites
Dark Reading Staff, Quick Hits
Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.
By Dark Reading Staff , 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Russian National Vulnerability Database Operation Raises Suspicions
Jai Vijayan, Freelance writerNews
Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.
By Jai Vijayan Freelance writer, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Less Than Half of Cyberattacks Detected via Antivirus: SANS
Kelly Sheridan, Staff Editor, Dark ReadingNews
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Trump Dismisses Russian Interference Indictments in Presser with Putin
Dark Reading Staff, Quick Hits
Russian President Vladamir Putin 'just said it's not Russia,' US President Trump said.
By Dark Reading Staff , 7/16/2018
Comment1 Comment  |  Read  |  Post a Comment
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
India Telecom Regulator: Users Have Primary Data Rights
Dark Reading Staff, Quick Hits
Organizations 'should be restrained from using metadata to identify individual users,' says the Telecom Regulatory Authority of India.
By Dark Reading Staff , 7/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Time to Yank Cybercrime into the Light
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Too many organizations are still operating blindfolded, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
GRU hackers used bitcoin to fund US computer network infrastructure supporting and hiding the operation.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/13/2018
Comment2 comments  |  Read  |  Post a Comment
GandCrab Ransomware Continues to Evolve But Can't Spread Via SMB Shares Yet
Jai Vijayan, Freelance writerNews
Recent fears that this year's most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.
By Jai Vijayan Freelance writer, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
8 Big Processor Vulnerabilities in 2018
Ericka Chickowski, Contributing Writer, Dark Reading
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
Congressional Report Cites States Most Vulnerable to Election Hacking
Dark Reading Staff, Quick Hits
A new report details issues with 18 states along with suggestions on what can be done.
By Dark Reading Staff , 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
FBI: Email Account Compromise Losses Reach $12B
Dark Reading Staff, Quick Hits
There were more than 78K business email account (BEC) and email account compromise (EAC) scam incidents worldwide between October 2013 and May 2018.
By Dark Reading Staff , 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Tom Badders, Senior Product Manager, Secure Mobility, at Telos CorporationCommentary
To keep an organization safe, you must think about the entire IT ecosystem.
By Tom Badders Senior Product Manager, Secure Mobility, at Telos Corporation, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
SOCs Use Automation to Compensate for Training, Technology Issues
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
WordPress Sites Targeted in World Cup-Themed Spam Scam
Jai Vijayan, Freelance writerNews
Spammers using a 'spray & pray' approach to post comments on WordPress powered blogs, forums, says Imperva.
By Jai Vijayan Freelance writer, 7/12/2018
Comment1 Comment  |  Read  |  Post a Comment
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Web app security pioneer dishes on his teenage security career, his love of electric scooters, Ace Ventura and a new baby food business venture with his wife and famed chef, Kathy Fang.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/12/2018
Comment2 comments  |  Read  |  Post a Comment
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESETCommentary
Establishing an entre into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.
By Lysa Myers Security Researcher, ESET, 7/12/2018
Comment2 comments  |  Read  |  Post a Comment
ICS Security: 'The Enemy Is in the Wire'
Wayne Lloyd, Federal CTO at RedSealCommentary
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
By Wayne Lloyd Federal CTO at RedSeal, 7/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Timehop Releases New Details About July 4 Breach
Dark Reading Staff, Quick Hits
Additional information includes PII affected and the authentication issue that led to the breach.
By Dark Reading Staff , 7/12/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by ydv3622
Current Conversations I like to see your post.
In reply to: Meeting
Post Your Own Reply
More Conversations
PR Newswire
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESET,  7/12/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise securitythe IT team members tasked with protecting critical data from cyber threatsand will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Cyberspace is much less secure than my old lamp.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6681
PUBLISHED: 2018-07-17
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
CVE-2018-13864
PUBLISHED: 2018-07-17
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.
CVE-2018-14338
PUBLISHED: 2018-07-17
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.
CVE-2018-14337
PUBLISHED: 2018-07-17
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
CVE-2018-14329
PUBLISHED: 2018-07-17
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.
Flash Poll
Video
Slideshows
Twitter Feed