White House Cybersecurity Strategy at a Crossroads
10 Ways to Protect Protocols That Aren't DNS
8 Big Processor Vulnerabilities in 2018
What We Talk About When We Talk About Risk
6 M&A Security Tips
News & Commentary
Beyond Passwords: Why Your Company Should Rethink Authentication
Rajiv Dholakia, VP Products, Nok Nok LabsCommentary
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
By Rajiv Dholakia VP Products, Nok Nok Labs, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Number of Retailers Impacted by Breaches Doubles
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The retail race for digital transformation is being run without the safety of security measures.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.
By Kelly Sheridan Staff Editor, Dark Reading, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
Messenger Apps Top Risk Hit Parade
Dark Reading Staff, Quick Hits
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
By Dark Reading Staff , 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
Make Security Boring Again
Joel Fulton, Chief Information Security Officer for SplunkCommentary
In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.
By Joel Fulton Chief Information Security Officer for Splunk, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
New Subscription Service Takes on Ransomware Protection
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Moves Up As Phishers' Favorite Target for Brand Spoofing
Dark Reading Staff, Quick Hits
Researchers compiled a list of the most common brands to impersonate by detecting and analyzing new phishing URLs.
By Dark Reading Staff , 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
From Bullets to Clicks: The Evolution of the Cyber Arms Race
Nir Gaist, CTO and Founder of NyotronCommentary
Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.
By Nir Gaist CTO and Founder of Nyotron, 7/18/2018
Comment2 comments  |  Read  |  Post a Comment
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Trump administration's initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/17/2018
Comment6 comments  |  Read  |  Post a Comment
One-Third of Businesses Lack a Cybersecurity Expert
Kelly Sheridan, Staff Editor, Dark ReadingNews
Alarming, yes, but it's actually an improvement over past years, a new Gartner survey of more than 3,000 CIOs reveals.
By Kelly Sheridan Staff Editor, Dark Reading, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Gunter Ollmann, CTO, Security, Microsoft Cloud and AI Division   Commentary
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
By Gunter Ollmann CTO, Security, Microsoft Cloud and AI Division , 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Nearly Half of Security Pros Reuse Passwords
Dark Reading Staff, Quick Hits
Survey exposes poor security practices by the people who should know better.
By Dark Reading Staff , 7/17/2018
Comment1 Comment  |  Read  |  Post a Comment
SCADA/ICS Dangers & Cybersecurity Strategies
Peter Newton, Senior Director of Product Marketing at FortinetCommentary
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
By Peter Newton Senior Director of Product Marketing at Fortinet, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
7 Nigerians Indicted for Fraud Operation on Dating Sites
Dark Reading Staff, Quick Hits
Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.
By Dark Reading Staff , 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Russian National Vulnerability Database Operation Raises Suspicions
Jai Vijayan, Freelance writerNews
Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.
By Jai Vijayan Freelance writer, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Less Than Half of Cyberattacks Detected via Antivirus: SANS
Kelly Sheridan, Staff Editor, Dark ReadingNews
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Trump Dismisses Russian Interference Indictments in Presser with Putin
Dark Reading Staff, Quick Hits
Russian President Vladamir Putin 'just said it's not Russia,' US President Trump said.
By Dark Reading Staff , 7/16/2018
Comment1 Comment  |  Read  |  Post a Comment
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
India Telecom Regulator: Users Have Primary Data Rights
Dark Reading Staff, Quick Hits
Organizations 'should be restrained from using metadata to identify individual users,' says the Telecom Regulatory Authority of India.
By Dark Reading Staff , 7/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Time to Yank Cybercrime into the Light
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Too many organizations are still operating blindfolded, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESET,  7/12/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise securitythe IT team members tasked with protecting critical data from cyber threatsand will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-9574
PUBLISHED: 2018-07-19
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
CVE-2017-2673
PUBLISHED: 2018-07-19
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
CVE-2017-7481
PUBLISHED: 2018-07-19
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templati...
CVE-2018-12911
PUBLISHED: 2018-07-19
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
CVE-2018-14404
PUBLISHED: 2018-07-19
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulne...
Flash Poll
Video
Slideshows
Twitter Feed