Risk

News & Commentary
Cisco Issues 31 Mid-April Security Alerts
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Among them, two are critical and six are of high importance.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Spend Set to Reach $12.6B by 2023
Kelly Sheridan, Staff Editor, Dark ReadingNews
Growth corresponds with a greater reliance on public cloud services.
By Kelly Sheridan Staff Editor, Dark Reading, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Automation Paradox
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent
Dark Reading Staff, Quick Hits
The social media giant says it did not access the imported data and is notifying affected users.
By Dark Reading Staff , 4/18/2019
Comment1 Comment  |  Read  |  Post a Comment
VPN Vulnerabilities Point Out Need for Comprehensive Remote Security
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Incident response demands technical expertise, but you can't fully recover without non-IT experts.
By Kelly Sheridan Staff Editor, Dark Reading, 4/17/2019
Comment2 comments  |  Read  |  Post a Comment
New Malware Campaign Targets Financials, Retailers
Dark Reading Staff, Quick Hits
The attack uses a legitimate remote access system as well as several families of malware.
By Dark Reading Staff , 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
Legacy Apps: The Security Risk Lurking in Dusty Corners
Tim Buntel, VP, Application Security Products, Threat StackCommentary
Four best practices to keep old code from compromising your enterprise environment.
By Tim Buntel VP, Application Security Products, Threat Stack, 4/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Inside the Dark Web's How-To Guides for Teaching Fraud
Dark Reading Staff, Quick Hits
A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.
By Dark Reading Staff , 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
Selecting the Right Strategy to Reduce Vulnerability Risk
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
7 Tips for an Effective Employee Security Awareness Program
Jai Vijayan, Freelance writer
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
By Jai Vijayan Freelance writer, 4/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Audit Shows Gains, Though Privacy Lags
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The 2018 Online Trust Audit shows that "encryption everywhere" is improving security, while fuzzy language is slowing privacy gains.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/16/2019
Comment0 comments  |  Read  |  Post a Comment
Meet Scranos: New Rootkit-Based Malware Gains Confidence
Kelly Sheridan, Staff Editor, Dark ReadingNews
The cross-platform operation, first tested on victims in China, has begun to spread around the world.
By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Benefiting from Data Privacy Investments
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/16/2019
Comment0 comments  |  Read  |  Post a Comment
IT Outsourcing Firm Wipro Investigates Data Breach
Dark Reading Staff, Quick Hits
Employee accounts may have been compromised in a sophisticated phishing campaign.
By Dark Reading Staff , 4/16/2019
Comment1 Comment  |  Read  |  Post a Comment
New Details Emerge on Windows Zero Day
Kelly Sheridan, Staff Editor, Dark ReadingNews
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
By Kelly Sheridan Staff Editor, Dark Reading, 4/15/2019
Comment0 comments  |  Read  |  Post a Comment
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Dark Reading Staff, Quick Hits
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
By Dark Reading Staff , 4/12/2019
Comment1 Comment  |  Read  |  Post a Comment
This Week in Security Funding: Where the Money Went
Kelly Sheridan, Staff Editor, Dark ReadingNews
Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.
By Kelly Sheridan Staff Editor, Dark Reading, 4/12/2019
Comment0 comments  |  Read  |  Post a Comment
Home Office Apologizes for EU Citizen Data Exposure
Dark Reading Staff, Quick Hits
The Home Office has admitted to compromising private email addresses belonging to EU citizens hoping to settle in the UK.
By Dark Reading Staff , 4/12/2019
Comment1 Comment  |  Read  |  Post a Comment
'Dragonblood' Vulnerabilities Seep Into WPA3 Secure Wifi Handshake
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new set of vulnerabilities may put some early adopters of strong Wifi security at greater security risk.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/11/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Former Student Admits to USB Killer Attack
Dark Reading Staff 4/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11332
PUBLISHED: 2019-04-18
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.
CVE-2019-9161
PUBLISHED: 2019-04-18
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.x...
CVE-2019-11015
PUBLISHED: 2019-04-18
A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access...
CVE-2019-11331
PUBLISHED: 2019-04-18
Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
CVE-2019-9160
PUBLISHED: 2019-04-18
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).