Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

Name That Toon: The Advanced Persistent Threat

Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage

6 Questions to Ask While Buying a Connected Car

Embracing DevSecOps: 5 Processes to Improve DevOps Security

Top Stories

7 Low-Cost Security Tools

Name That Toon: The Advanced Persistent ...

Trust, or Lack of It, Is a Key Theme on ...

6 Questions to Ask While Buying a ...

Embracing DevSecOps: 5 Processes to ...

News & Commentary

FIN7 Cybercrime Gang Rises Again

Robert Lemos, Technology Journalist/Data Researcher

News

The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.

By Robert Lemos Technology Journalist/Data Researcher, 3/21/2019

0 comments | Read | Post a Comment

Businesses Manage 9.7PB of Data but Struggle to Protect It

Kelly Sheridan, Staff Editor, Dark Reading

News

What's more, their attempts to secure it may be putting information at risk, a new report finds.

By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Facebook Employees for Years Could See Millions of User Passwords in Plain Text

Quick Hits

2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.

By Dark Reading Staff , 3/21/2019

0 comments | Read | Post a Comment

Hacker AI vs. Enterprise AI: A New Threat

Satish Abburi, Founder of Elysium Analytics

Commentary

Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.

By Satish Abburi Founder of Elysium Analytics, 3/21/2019

0 comments | Read | Post a Comment

SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats

Ericka Chickowski, Contributing Writer, Dark Reading

News

Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Microsoft Brings Defender Security Tools to Mac

News

Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.

By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Police Federation of England and Wales Suffers Apparent Ransomware Attack

Quick Hits

National Cyber Security Centre and National Crime Agency investigate random attack that locked down the association's data and deleted backups.

By Dark Reading Staff , 3/21/2019

0 comments | Read | Post a Comment

What the Transition to Smart Cards Can Teach the US Healthcare Industry

Joram Borenstein & Rebecca Weintraub, General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School

Commentary

Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.

By Joram Borenstein & Rebecca Weintraub General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School, 3/21/2019

0 comments | Read | Post a Comment

Researchers Seek Out Ways to Search IPv6 Space

News

Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day?

By Robert Lemos Technology Journalist/Data Researcher, 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: tom.kuznicki, This reminds me of a presentation I've seen about using patterns in IPv6 addressing...

BEC Scammer Pleads Guilty

Quick Hits

Business email compromise (BEC) operation resulted in $100 million in losses to a multinational technology company and a social media firm, according to the US Attorney's Office.

By Dark Reading Staff , 3/20/2019

2 comments | Read | Post a Comment

Latest Comment: REISEN1955, If you don't need it, don't read it, delete it.

Google Photos Bug Let Criminals Query Friends, Location

News

The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.

By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2019

0 comments | Read | Post a Comment

The Insider Threat: It's More Common Than You Think

Raj Ananthanpillai, Chairman & CEO, Endera

Commentary

A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.

By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Hey - your job can be outrsourced in a moment after you train your replacement...

Less Than 3% of Recycled Computing Devices Properly Wiped

News

Researchers find that companies that refurbish or accept old equipment as donations don't necessarily clean them of data as promised.

By Steve Zurier Freelance Writer, 3/20/2019

0 comments | Read | Post a Comment

'Critical' Denial-of-Service Bug Patched in Facebook Fizz

Quick Hits

Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.

By Dark Reading Staff , 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, It's good to see bug bounty programs gaining traction. It is truly an advocation...

TLS 1.3: A Good News/Bad News Scenario

Paula Musich, Research Director, Enterprise Management Associates

Commentary

Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.

By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019

0 comments | Read | Post a Comment

Microsoft Office Dominates Most Exploited List

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/19/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Office given huge user and install base would have to be the most exploited...

DDoS Attack Size Drops 85% in Q4 2018

News

The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.

By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019

0 comments | Read | Post a Comment

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019

0 comments | Read | Post a Comment

The Case of the Missing Data

Commentary

The latest twist in the Equifax breach has serious implications for organizations.

By Mike McKee CEO of ObserveIT, 3/19/2019

0 comments | Read | Post a Comment

Norsk Hydro Shuts Plants Amid Ransomware Attack

Quick Hits

The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.

By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, How many readers relate this location to the German attempt to build an Atomic...

More Stories

Current Conversations

Posted by cdunn355

Oh, password cracker! I thought you said you needed a password kraken!

In reply to: Password what?
Post Your Own Reply

Posted by jpappe

Nancy's got to stop using the WiFi at Kyosho. Seems she's brought that new IKA worm back in her bento.

In reply to: Bento No-No
Post Your Own Reply

Posted by TheVampireO

WoW! When the CFO siad we were underwater, I had no idea it was this bad...

In reply to: Underwater
Post Your Own Reply

Posted by bearwilson

Insider Threat Prevention activated!

In reply to: Name that Toom
Post Your Own Reply

Posted by RyanSepe

It's good to see bug bounty programs gaining traction. It is truly an advocation towards good will. It incentivises the discovery of issues and advocates that they be fixed instead of trying to use that information for nefarious...

In reply to: Bug Bounty
Post Your Own Reply

Posted by beckyrX19

"I told you to stay off the Dark Web..."

In reply to: Name That Toon: The Advanced Persistent Threat
Post Your Own Reply

Posted by REISEN1955

If you don't need it, don't read it, delete it.

In reply to: The golden rule
Post Your Own Reply

Posted by RyanSepe

Phishing will continue to be the most effective way to cause harm to an organization. No matter if you implement SPAM filtering, User Awareness testing and the like there are too many exposure points. Only thing we can do...

In reply to: Phishing
Post Your Own Reply

Posted by tom.kuznicki

This reminds me of a presentation I've seen about using patterns in IPv6 addressing to make the search space smaller: https://www.ipv6.org.uk/wp-content/uploads/2018/10/fgont-uk2017-ipv6-security-tools.pdf

In reply to: IPv6 address patterns
Post Your Own Reply

Posted by FKREITZBERG980

Looks like Jayne is having sushi for lunch again.

In reply to: squid
Post Your Own Reply

Posted by REISEN1955

Hey - your job can be outrsourced in a moment after you train your replacement from India. BTW he is less expensive than you are. Hey, we would like 2 weeks notice if you decided to leave us but we can terminate...

In reply to: Let the employer value the employee
Post Your Own Reply

Posted by TravisB454

Looks like someone made an undocumented change again.

In reply to: Cartoon Caption
Post Your Own Reply

More Conversations

Products & Releases

Checkmarx to Secure Software Development at DOE National Laboratory

Flashpoint Introduces Innovative Approach for Use Case-Driven Intelligence

Array Networks Launches Monitoring and Reporting System for Transforming Application Data into Actionable Intelligence

Nozomi Networks Expands ICS Cyber Security Research with Labs Launch

NETSCOUT Releases Annual Worldwide Infrastructure Security Report

Venafi Survey: 87 Percent of Security Professionals Say World is at Cyberwar

Onapsis and Exabeam Partner to Bring ERP to the Security Operations Center

Mocana Adds New Funding

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Crowdsourced vs. Traditional Pen Testing

Alex Haynes, Chief Information Security Officer, CDL, 3/19/2019

BEC Scammer Pleads Guilty

Dark Reading Staff 3/20/2019

Could Beto O'Rourke Become the First Hacker President?

Dark Reading Staff 3/15/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

White Papers

Dark Reading Report Roundup

[Hadoop] 3 Trends That Affect Business

2019 Ponemon Report: The Value of Threat Intelligence

Case Studies: Real World Incidents Detected & Stopped by Awake

EMA Radar Summary for Network-Based Security Analytics Q3 2018

More White Papers

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-18913
PUBLISHED: 2019-03-21

Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location with...

CVE-2018-20031
PUBLISHED: 2019-03-21

A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...

CVE-2018-20032
PUBLISHED: 2019-03-21

A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon t...

CVE-2018-20034
PUBLISHED: 2019-03-21

A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...

CVE-2019-3855
PUBLISHED: 2019-03-21

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Reports

The State of Cyber Security Incident Response

Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

More Reports

Flash Poll

All Polls

Video