8 Big Processor Vulnerabilities in 2018
What We Talk About When We Talk About Risk
7 Ways to Keep DNS Safe
6 M&A Security Tips
Name That Toon: Mobile Threat
News & Commentary
Russian National Vulnerability Database Operation Raises Suspicions
Jai Vijayan, Freelance writerNews
Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.
By Jai Vijayan Freelance writer, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Less Than Half of Cyberattacks Detected via Antivirus: SANS
Kelly Sheridan, Staff Editor, Dark ReadingNews
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Trump Dismisses Russian Interference Indictments in Presser with Putin
Dark Reading Staff, Quick Hits
Russian President Vladamir Putin 'just said it's not Russia,' US President Trump said.
By Dark Reading Staff , 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
India Telecom Regulator: Users Have Primary Data Rights
Dark Reading Staff, Quick Hits
Organizations 'should be restrained from using metadata to identify individual users,' says the Telecom Regulatory Authority of India.
By Dark Reading Staff , 7/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Time to Yank Cybercrime into the Light
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Too many organizations are still operating blindfolded, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
GRU hackers used bitcoin to fund US computer network infrastructure supporting and hiding the operation.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/13/2018
Comment1 Comment  |  Read  |  Post a Comment
GandCrab Ransomware Continues to Evolve But Can't Spread Via SMB Shares Yet
Jai Vijayan, Freelance writerNews
Recent fears that this year's most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.
By Jai Vijayan Freelance writer, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
8 Big Processor Vulnerabilities in 2018
Ericka Chickowski, Contributing Writer, Dark Reading
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
Congressional Report Cites States Most Vulnerable to Election Hacking
Dark Reading Staff, Quick Hits
A new report details issues with 18 states along with suggestions on what can be done.
By Dark Reading Staff , 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
FBI: Email Account Compromise Losses Reach $12B
Dark Reading Staff, Quick Hits
There were more than 78K business email account (BEC) and email account compromise (EAC) scam incidents worldwide between October 2013 and May 2018.
By Dark Reading Staff , 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Tom Badders, Senior Product Manager, Secure Mobility, at Telos CorporationCommentary
To keep an organization safe, you must think about the entire IT ecosystem.
By Tom Badders Senior Product Manager, Secure Mobility, at Telos Corporation, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
SOCs Use Automation to Compensate for Training, Technology Issues
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
WordPress Sites Targeted in World Cup-Themed Spam Scam
Jai Vijayan, Freelance writerNews
Spammers using a 'spray & pray' approach to post comments on WordPress powered blogs, forums, says Imperva.
By Jai Vijayan Freelance writer, 7/12/2018
Comment1 Comment  |  Read  |  Post a Comment
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Web app security pioneer dishes on his teenage security career, his love of electric scooters, Ace Ventura and a new baby food business venture with his wife and famed chef, Kathy Fang.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/12/2018
Comment2 comments  |  Read  |  Post a Comment
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESETCommentary
Establishing an entre into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.
By Lysa Myers Security Researcher, ESET, 7/12/2018
Comment2 comments  |  Read  |  Post a Comment
ICS Security: 'The Enemy Is in the Wire'
Wayne Lloyd, Federal CTO at RedSealCommentary
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
By Wayne Lloyd Federal CTO at RedSeal, 7/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Timehop Releases New Details About July 4 Breach
Dark Reading Staff, Quick Hits
Additional information includes PII affected and the authentication issue that led to the breach.
By Dark Reading Staff , 7/12/2018
Comment0 comments  |  Read  |  Post a Comment
Ukraine Security Service Stops VPNFilter Attack at Chlorine Station
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The facility's process control system and emergency-detection system were infected, Interfax Ukraine reports.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/12/2018
Comment0 comments  |  Read  |  Post a Comment
Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data
Jai Vijayan, Freelance writerNews
A moderately skilled hacker managed to steal export-restricted data pertaining to the Reaper drone and Abrams tank from computers belonging to two US Army officials.
By Jai Vijayan Freelance writer, 7/11/2018
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by pokerdominoqq
Current Conversations very nice
In reply to: pokerdominoqq
Post Your Own Reply
More Conversations
PR Newswire
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
7 Ways to Keep DNS Safe
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise securitythe IT team members tasked with protecting critical data from cyber threatsand will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14337
PUBLISHED: 2018-07-17
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
CVE-2018-14329
PUBLISHED: 2018-07-17
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.
CVE-2018-14331
PUBLISHED: 2018-07-17
An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.
CVE-2018-14333
PUBLISHED: 2018-07-17
TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has ...
CVE-2018-14334
PUBLISHED: 2018-07-17
manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766.
Flash Poll
Video
Slideshows
Twitter Feed