6 CISO Resolutions for 2019
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Name That Toon: I Spy
6 Ways to Strengthen Your GDPR Compliance Efforts
7 Common Breach Disclosure Mistakes
News & Commentary
Education Gets an 'F' for Cybersecurity
Dark Reading Staff, Quick Hits
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
By Dark Reading Staff , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Economics Fueling IoT (In)security
Ariel Kriger, VP Business Development at VDOOCommentary
Attackers understand the profits that lie in the current lack of security. That must change.
By Ariel Kriger VP Business Development at VDOO, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Bug Hunting Paves Path to Infosec Careers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
Jai Vijayan, Freelance writerNews
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
By Jai Vijayan Freelance writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Deception: Honey vs. Real Environments
Dr. Salvatore Stolfo, Fouder & CTO, Allure SecurityCommentary
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Mac Malware Cracks WatchGuards Top 10 List
Steve Zurier, Freelance WriterNews
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
By Steve Zurier Freelance Writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Arctic Wolf Buys RootSecure
Dark Reading Staff, Quick Hits
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.
By Dark Reading Staff , 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Dark Reading Staff, Quick Hits
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
By Dark Reading Staff , 12/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Forget Shifting Security Left; It's Time to Race Left
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment5 comments  |  Read  |  Post a Comment
Battling Bots Brings Big-Budget Blow to Businesses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Equifax Breach Underscores Need for Accountability, Simpler Architectures
Robert Lemos, Technology Journalist/Data ResearcherNews
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
By Robert Lemos Technology Journalist/Data Researcher, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Attackers Using New Exploit Kit to Hijack Home & Small Office Routers
Jai Vijayan, Freelance writerNews
Goal is to steal banking credentials by redirecting users to phishing sites.
By Jai Vijayan Freelance writer, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
49% of Cloud Databases Left Unencrypted
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
The Grinch Bot Before Christmas: A Security Story for the Holidays
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
NetSecOPEN Names Founding Members, Board of Directors
Dark Reading Staff, Quick Hits
The organization is charged with building open, transparent testing protocols for network security.
By Dark Reading Staff , 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Grammarly Takes Bug Bounty Program Public
Dark Reading Staff, Quick Hits
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
By Dark Reading Staff , 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Jack Jones, Chairman, FAIR InstituteCommentary
The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.
By Jack Jones Chairman, FAIR Institute, 12/11/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Jack Jones, Chairman, FAIR Institute,  12/11/2018
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1817
PUBLISHED: 2018-12-13
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021.
CVE-2018-1818
PUBLISHED: 2018-12-13
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022.
CVE-2018-1821
PUBLISHED: 2018-12-13
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170.
CVE-2018-1886
PUBLISHED: 2018-12-13
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.
CVE-2018-1887
PUBLISHED: 2018-12-13
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force...
Flash Poll
Video
Slideshows
Twitter Feed