6 CISO Resolutions for 2019
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Name That Toon: I Spy
6 Ways to Strengthen Your GDPR Compliance Efforts
7 Common Breach Disclosure Mistakes
News & Commentary
Battling Bots Brings Big-Budget Blow to Businesses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Equifax Breach Underscores Need for Accountability, Simpler Architectures
Robert Lemos, Technology JournalistNews
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
By Robert Lemos Technology Journalist, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Attackers Using New Exploit Kit to Hijack Home & Small Office Routers
Jai Vijayan, Freelance writerNews
Goal is to steal banking credentials by redirecting users to phishing sites.
By Jai Vijayan Freelance writer, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
49% of Cloud Databases Left Unencrypted
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
The Grinch Bot Before Christmas: A Security Story for the Holidays
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
NetSecOPEN Names Founding Members, Board of Directors
Dark Reading Staff, Quick Hits
The organization is charged with building open, transparent testing protocols for network security.
By Dark Reading Staff , 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Grammarly Takes Bug Bounty Program Public
Dark Reading Staff, Quick Hits
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
By Dark Reading Staff , 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Jack Jones, Chairman, FAIR InstituteCommentary
The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.
By Jack Jones Chairman, FAIR Institute, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But it still takes an average of 85 days to spot one, the security firm's incident response investigations found.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
DanaBot Malware Adds Spam to its Menu
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new generation of modular malware increases its value to criminals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'Highly Active' Seedworm Group Hits IT Services, Governments
Kelly Sheridan, Staff Editor, Dark ReadingNews
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
Satan Ransomware Variant Exploits 10 Server-Side Flaws
Jai Vijayan, Freelance writerNews
Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
By Jai Vijayan Freelance writer, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
New Google+ Breach Will Lead to Early Service Shutdown
Dark Reading Staff, Quick Hits
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
By Dark Reading Staff , 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'Dr. Shifro' Prescribes Fake Ransomware Cure
Dark Reading Staff, Quick Hits
A Russian firm aims to capitalize on ransomware victims' desperation by offering to unlock files then passing money to attackers.
By Dark Reading Staff , 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
6 Cloud Security Predictions for 2019
Ory Segal, CTO, PureSecCommentary
How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.
By Ory Segal CTO, PureSec, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
6 CISO Resolutions for 2019
Ericka Chickowski, Contributing Writer, Dark Reading
The ultimate to-do list for ambitious security leaders.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/10/2018
Comment1 Comment  |  Read  |  Post a Comment
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher demonstrates how attackers could steal data from smartphones while they're charging.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/8/2018
Comment3 comments  |  Read  |  Post a Comment
Criminals Use Locally Connected Devices to Attack, Loot Banks
Jai Vijayan, Freelance writerNews
Tens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.
By Jai Vijayan Freelance writer, 12/7/2018
Comment1 Comment  |  Read  |  Post a Comment
'Simplify Everything': Google Talks Container Security in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.
By Kelly Sheridan Staff Editor, Dark Reading, 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
The Case for a Human Security Officer
Ira Winkler, CISSP, President, Secure Mentem,  12/5/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8651
PUBLISHED: 2018-12-12
A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.
CVE-2018-8652
PUBLISHED: 2018-12-12
A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1.
CVE-2018-8617
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8618
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8619
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Exp...
Flash Poll
Video
Slideshows
Twitter Feed