Advertise

Risk

News & Commentary

Four New Vulnerabilities in Phoenix Contact Industrial Switches

Curtis Franklin Jr., Senior Editor at Dark Reading

Quick Hits

A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/21/2018

0 comments | Read | Post a Comment

AppSec in the World of 'Serverless'

Boris Chen, Co-founder and VP Engineering, tCell, Inc.

Commentary

The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.

By Boris Chen Co-founder and VP Engineering, tCell, Inc., 6/21/2018

0 comments | Read | Post a Comment

Cisco CPO: Privacy Is Not About Secrecy or Compliance

News

Michelle Dennedy sat down with Dark Reading at the recent Cisco Live event to set the record straight about privacy, regulation, encryption, and more.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/19/2018

0 comments | Read | Post a Comment

'Wallchart' Phishing Campaign Exploits World Cup Watchers

Kelly Sheridan, Staff Editor, Dark Reading

News

The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.

By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2018

0 comments | Read | Post a Comment

3 Tips for Driving User Buy-in to Security Policies

Marc Laliberte, Information Security Threat Analyst, WatchGuard Technologies

Commentary

Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.

By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/18/2018

0 comments | Read | Post a Comment

Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks

News

Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/13/2018

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, I am honored to be working with a talented group of warfare professoinals at...

Security Ratings Answer Big Questions in Cyber Insurance

News

More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.

By Kelly Sheridan Staff Editor, Dark Reading, 6/11/2018

0 comments | Read | Post a Comment

6 Ways Greed Has a Negative Effect on Cybersecurity

Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA

Commentary

How the security industry can both make money and stay true to its core values, and why that matters.

By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 6/11/2018

3 comments | Read | Post a Comment

Latest Comment: Ronn91, Great Information sharing .. I am very happy to read this article .. thanks...

Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd

News

Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.

By Kelly Sheridan Staff Editor, Dark Reading, 6/7/2018

0 comments | Read | Post a Comment

DevSecOps Gains Enterprise Traction

News

Enterprise adoption of DevSecOps has surged in the past year, according to a study conducted at this year's RSA Conference.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/7/2018

0 comments | Read | Post a Comment

In Pursuit of Cryptography's Holy Grail

Ellison Anne Williams, Founder and CEO of Enveil

Commentary

Homomorphic encryption eliminates the need for data exposure at any point — something that certainly would be welcome these days.

By Ellison Anne Williams Founder and CEO of Enveil, 6/7/2018

0 comments | Read | Post a Comment

Survey Shows Florida at the Bottom for Consumer Cybersecurity

News

A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/6/2018

0 comments | Read | Post a Comment

Tax-Season Malware Campaign Delivers Trojan Via Email

Quick Hits

A new example of a long-term phenomenon delivers a banking trojan via a downloader activated by a URL in a phishing email.

By Dark Reading Staff , 6/6/2018

0 comments | Read | Post a Comment

Panorays Debuts With $5 Million Investment

Quick Hits

Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.

By Dark Reading Staff , 6/5/2018

0 comments | Read | Post a Comment

The Breach Disclosure Double Standard

Ericka Chickowski, Contributing Writer, Dark Reading

News

Cybersecurity pros expect to be notified immediately when they're breached, but most don't do the same – and some even cover up breaches.

By Ericka Chickowski Contributing Writer, Dark Reading, 6/5/2018

0 comments | Read | Post a Comment

Dark Reading Launches Second INsecurity Conference

Tim Wilson, Editor in Chief, Dark Reading,

News

To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions

By Tim Wilson, Editor in Chief, Dark Reading , 6/5/2018

0 comments | Read | Post a Comment

Building a Safe, Efficient, Cost-Effective Security Infrastructure

Ken Mills, General Manager of IoT, Surveillance and Security, Dell EMC

Commentary

The Industrial Internet of Things allows organizations to address both physical and digital security concerns.

By Ken Mills General Manager of IoT, Surveillance and Security, Dell EMC, 6/4/2018

0 comments | Read | Post a Comment

Google Groups Misconfiguration Exposes Corporate Data

News

Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.

By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2018

0 comments | Read | Post a Comment

Telegram: Apple Has Blocked Updates since April

Quick Hits

Telegram founder and chief executive Pavel Durov claims the messaging service has not been able to make technical updates anywhere in the world.

By Dark Reading Staff , 6/1/2018

0 comments | Read | Post a Comment

New Federal Report Gives Guidance on Beating Botnets

News

A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/31/2018

1 Comment | Read | Post a Comment

Latest Comment: BrianN060, While the report and the executive order are meaningful, a number of the points...

More Stories

Current Conversations

Posted by peterjames1

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by alise1208

When I was looking for any information about GDPR compliance, I came across many articles where companies described their experience in solving this issue. Here is one great post on Redwerk's blog https://redwerk.com/blog/turning-gdpr-compliance-redwerks-experience...

In reply to: GSPR experience
Post Your Own Reply

Posted by jabeatty

Spamming is generally much more effective when you post to a topic that's a little more current.

In reply to: Re: Brother Printer Support
Post Your Own Reply

Posted by Ronn91

Great Information sharing .. I am very happy to read this article .. thanks for giving us go through info Fantastic nice.

In reply to: Re: cool
Post Your Own Reply

Posted by Brother Printer Support

I thought I should try to call that number, Trust me the Brother Printer Repair Services its cool and very much helpful, their advisors having too much depth on the subject, they know how to treat a customer for his/her...

In reply to: Re: Brother Printer Support
Post Your Own Reply

Posted by Brother Printer Support

In reply to: Re: Brother Printer Support
Post Your Own Reply

Posted by ShimonO600

I can think of more, in any case, interesting read.

In reply to: Only 6?
Post Your Own Reply

Posted by REISEN1955

I am honored to be working with a talented group of warfare professoinals at Fiserv - where we have a dedicated malware forensics and threat hunting group for the entire firm. We are ACTIVE in finding incoming threats...

In reply to: Working in a real shop
Post Your Own Reply

Posted by williamlucas

Thanks for sharing an informative post and detailed explanation for the same.

In reply to: re: Hacking Higher Education
Post Your Own Reply

Posted by baranteo

Cybersecurity is a problem of last 5-8 years. I'm sure it's a global issue because society afraid that their lives are in danger. We must monitor websites to protect ourselves as consumers

In reply to: cool
Post Your Own Reply

Posted by printer1

Actually, on my side, it was very great full for us that we all have the reporter and then you also depended on the report. For that, if you interested in that for them I suggest a site. From the site, you will know...

In reply to: Reporter
Post Your Own Reply

Posted by BrianN060

While the report and the executive order are meaningful, a number of the points mentioned in the article are questionable, if not downright head-scratching. Those referenced in the article summary are perplexing -...

In reply to: Guidance on Beating Botnets - report
Post Your Own Reply

More Conversations

Products & Releases

Trillium Opens Michigan Cybersecurity Operations and R&D Center

68% of EU, US Crypto Exchanges and Wallets Fail on Proper Customer Identity Checks

Cybersecurity, IT Governance, Emerging Tech Shaping 2018 IT Audit Plans: Protiviti, ISACA

ISACA Unveils GDPR Assessment for Enterprises to Gauge Regulation Readiness and Compliance Path

Tax Software Providers Not Protecting Emails from Phishing and Spoofing

Kaspersky Lab finds Prilex POS malware evolving to target chip and PIN-protected cards

PCI SSC Announces Changes to Qualified Integrators and Resellers Program

TechDemocracy’s Cyber Risk Governance Portfolio Meets Highest Quality and Information Security Standards with New ISO Certifications

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

'Hidden Tunnels' Help Hackers Launch Financial Services Attacks

Kelly Sheridan, Staff Editor, Dark Reading, 6/20/2018

Tesla Employee Steals, Sabotages Company Data

Jai Vijayan, Freelance writer, 6/19/2018

Inside a SamSam Ransomware Attack

Ajit Sancheti, CEO and Co-Founder, Preempt, 6/20/2018

Live Events

Webinars

More UBM Tech
Live Events

INsecurity Conference - An Event Like No Other

Black Hat Trainings - October 22 & 23

Are You Looking to Learn About New Cybersecurity Threats & Challenges? Then INsecurity Is For You!

White Papers

Essential Guide - Blocking Malware Without a SOC

The Fileless Attack Checklist

Ironclad APIs: An Approach for App Security Testing

CIAM vs. IAM

Protecting Against Tainted Data in Embedded Apps with Static Analysis

More White Papers

Video

All Risk Videos

Cartoon

Latest Comment: They told me I was one brick short of a load so now I have plenty of bricks!

Cartoon Archive

Current Issue

The Changing Role of the CISO

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of IT and Cybersecurity

IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!

Download Now!

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-12633
PUBLISHED: 2018-06-22

An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (...

CVE-2018-12634
PUBLISHED: 2018-06-22

CirCarLife Scada v4.2.4 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.

CVE-2018-12635
PUBLISHED: 2018-06-22

CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.

CVE-2018-12630
PUBLISHED: 2018-06-21

NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.

CVE-2018-12631
PUBLISHED: 2018-06-21

Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.

Terms of Service
Privacy Statement
Legal Entities