Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 Free DevOps-Friendly Security Tools Developers Will Love
Cracking 2FA: How It's Done and How to Stay Safe
Dark Reading Conference Call for Speakers Closes Friday
7 Tools for Stronger IoT Security, Visibility
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
News & Commentary
Android Malware Comes Baked into Some New Tablets, Phones
Dark Reading Staff, Quick Hits
Ad-loading malware is being built into the firmware and operating system of some new tablets and phones from three major manufacturers.
By Dark Reading Staff , 5/25/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
Sara Peters, Senior Editor at Dark ReadingNews
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
By Sara Peters Senior Editor at Dark Reading, 5/25/2018
Comment0 comments  |  Read  |  Post a Comment
Privacy Survey Says: Americans Don't Want to Sell Their Data
Dark Reading Staff, Quick Hits
A new survey shows the extent to which Americans are reluctant to sell their personal information for any price.
By Dark Reading Staff , 5/25/2018
Comment1 Comment  |  Read  |  Post a Comment
Privacy Group: Facebook, Google Policies Break GDPR Laws
Dark Reading Staff, News
Nonprofit 'None of Your Business' files complaints against Facebook, Google, WhatsApp, and Instagram.
By Dark Reading Staff , 5/25/2018
Comment0 comments  |  Read  |  Post a Comment
Wicked Mirai Brings New Exploits to IoT Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The latest variant of the venerable Mirai botnet malware combines approaches and brings new exploits to the world of IoT security challenges.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/25/2018
Comment0 comments  |  Read  |  Post a Comment
10 Free DevOps-Friendly Security Tools Developers Will Love
Ericka Chickowski, Contributing Writer, Dark Reading
Start building an affordable DevSecOps automation toolchain with these free application security tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/25/2018
Comment0 comments  |  Read  |  Post a Comment
Bridging the Cybersecurity Talent Gap
Shelley Westman, Principal, Cybersecurity, at EYCommentary
There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.
By Shelley Westman Principal, Cybersecurity, at EY, 5/25/2018
Comment0 comments  |  Read  |  Post a Comment
Most Expensive Data Breaches Start with Third Parties: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
By Kelly Sheridan Staff Editor, Dark Reading, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
DOJ Sinkholes VPNFilter Control Servers Found in US
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The US Department of Justice said the move aims to thwart the spread of the botnet as part of its investigation into Russian nation-state hacking group APT28 aka Fancy Bear.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
Ron Teicher, CEO & Founder, EverCompliantCommentary
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
By Ron Teicher CEO & Founder, EverCompliant, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
Jen Brown, Compliance and Data Protection Officer at Sumo LogicCommentary
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
Malwarebytes Buys Binisoft for Firewall Management
Dark Reading Staff, Quick Hits
Vendor plans to integrate Binisoft's Windows Firewall Control into the Malwarebytes endpoint protection platform.
By Dark Reading Staff , 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/24/2018
Comment3 comments  |  Read  |  Post a Comment
Fraud Drops 76% for Merchants Using EMV, Says Visa
Dark Reading Staff, Quick Hits
A new report from Visa says that the shift to chip cards has resulted in dramatically reduced credit card fraud levels.
By Dark Reading Staff , 5/23/2018
Comment1 Comment  |  Read  |  Post a Comment
Growing Job Pressures Increase Risk of Burnout for Cybersecurity Professionals
Jai Vijayan, Freelance writerNews
A new Trustwave survey shows information security executives and practitioners are under increasing pressure from trying to keep up with threats and compliance mandates.
By Jai Vijayan Freelance writer, 5/23/2018
Comment1 Comment  |  Read  |  Post a Comment
The Good & Bad News about Blockchain Security
Michael Raziel, CTO, CyberGuild VenturesCommentary
Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.
By Michael Raziel CTO, CyberGuild Ventures, 5/23/2018
Comment0 comments  |  Read  |  Post a Comment
Destructive 'VPNFilter' Attack Network Uncovered
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
More than 500K home/SOHO routers and storage devices worldwide commandeered in potential nation-state attack weapon - with Ukraine in initial bullseye.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/23/2018
Comment0 comments  |  Read  |  Post a Comment
What Should Post-Quantum Cryptography Look Like?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/23/2018
Comment1 Comment  |  Read  |  Post a Comment
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451Commentary
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
By Chris McDaniels Chief Information Security Officer of Mosaic451, 5/23/2018
Comment2 comments  |  Read  |  Post a Comment
Windows 10 Adoption Grew 75%, Adobe Flash Plummeted 188% in 2017: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
Authentication data reveals an increase in Apple devices, poor mobile security, and the rapid disappearance of Flash from browsers.
By Kelly Sheridan Staff Editor, Dark Reading, 5/23/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Facebook Sites Dominate Social Network Phishing in Q1 2018: Kaspersky Lab
Okta Releases New API Offering for App, Website Authentication
Okta, VMware Partner on Advanced Identity Capabilities for the Digital Workspace
Okta Announces Project Onramp for One-Click App Setup
Okta Launches 'Sign In with Okta,' Business Authentication for App Providers
SonicWall Splits from Quest, Surpasses Financial Objectives
Valimail Raises $25 Million in Series B Funding
TransUnion Announces Agreement to Acquire iovation
More Products & Releases
PR Newswire
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Get Smart About Network Segmentation & Traffic Routing
Through a combination of intelligent segmentation and traffic routing to tools, you can gain much better visibility into your network. Here's how. Read >>
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise security—the IT team members tasked with protecting critical data from cyber threats—and will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.
CVE-2018-11501
PUBLISHED: 2018-05-26
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2.
CVE-2018-11503
PUBLISHED: 2018-05-26
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
CVE-2018-11504
PUBLISHED: 2018-05-26
The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
CVE-2018-11494
PUBLISHED: 2018-05-26
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containi...
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Flash Poll
Video
Slideshows
Twitter Feed