Advertise

Risk

News & Commentary

Intel Reveals New Spectre-Like Vulnerability

Curtis Franklin Jr., Senior Editor at Dark Reading

News

A new side-channel speculative execution vulnerability takes aim at a different part of the CPU architecture than similar vulnerabilities that came before it.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/15/2018

0 comments | Read | Post a Comment

2018 Pwnie Awards: Who Pwned, Who Got Pwned

A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.

By Kelly Sheridan Staff Editor, Dark Reading, 8/15/2018

0 comments | Read | Post a Comment

Instagram Hack: Hundreds Affected, Russia Suspected

Quick Hits

Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.

By Dark Reading Staff , 8/15/2018

0 comments | Read | Post a Comment

Flaws in Mobile Point of Sale Readers Displayed at Black Hat

News

While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/14/2018

0 comments | Read | Post a Comment

Microsoft ADFS Vulnerability Lets Attackers Bypass MFA

News

The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.

By Kelly Sheridan Staff Editor, Dark Reading, 8/14/2018

0 comments | Read | Post a Comment

'Election Protection' Aims to Secure Candidates Running for Office

Quick Hits

The kit is designed to prevent credential theft targeting people running for federal, state, and local elected offices.

By Dark Reading Staff , 8/14/2018

0 comments | Read | Post a Comment

Hacker Unlocks 'God Mode' and Shares the 'Key'

News

At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2018

0 comments | Read | Post a Comment

Social Engineers Show Off Their Tricks

News

Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.

By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2018

0 comments | Read | Post a Comment

NSA Brings Nation-State Details to DEF CON

News

Hackers were eager to hear the latest from the world of nation-state cybersecurity.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/10/2018

0 comments | Read | Post a Comment

Oh, No, Not Another Security Product

Paul Stokes, Founder & CEO of Prevalent AI

Commentary

Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.

By Paul Stokes Founder & CEO of Prevalent AI, 8/9/2018

1 Comment | Read | Post a Comment

Latest Comment: njtrout, Couldn't agree more, However, 30+ years of product development in the security...

Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push

News

Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.

By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018

6 comments | Read | Post a Comment

Latest Comment: BrianN060, You both make some valid points; but I think the choice of vendors is less...

Manufacturing Industry Experiencing Higher Incidence of Cyberattacks

Ericka Chickowski, Contributing Writer, Dark Reading

News

New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.

By Ericka Chickowski Contributing Writer, Dark Reading, 8/8/2018

0 comments | Read | Post a Comment

Expect API Breaches to Accelerate

News

APIs provide the digital glue that binds apps, cloud resources, app services and data all together — and they're increasingly an appsec security threat.

By Ericka Chickowski Contributing Writer, Dark Reading, 8/7/2018

0 comments | Read | Post a Comment

Shadow IT: Every Company's 3 Hidden Security Risks

Adam Marre, Information Security Operations Leader, Qualtrics

Commentary

Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.

By Adam Marre Information Security Operations Leader, Qualtrics, 8/7/2018

1 Comment | Read | Post a Comment

Latest Comment: BrianN060, Fine article from a veteran cybersecurity professional about an aspect that...

Google Details Tech Built into Shielded VMs

News

Specialized virtual machines, recently released in beta mode, ensure cloud workloads haven't been compromised.

By Kelly Sheridan Staff Editor, Dark Reading, 8/6/2018

0 comments | Read | Post a Comment

Mastering MITRE's ATT&CK Matrix

This breakdown of Mitre's model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/6/2018

3 comments | Read | Post a Comment

Latest Comment: Kunchen, This is indeed a very good post. I enjoyed reading and I see a sequel...

FBI Offers New IoT Security Tips

Quick Hits

A new article from the FBI offers insight into IoT risks and ways to reduce them.

By Dark Reading Staff , 8/3/2018

0 comments | Read | Post a Comment

Multifactor Acquisition: Cisco Plans to Buy Duo for $2.35B

News

Cisco intends to use Duo's authentication technology to ramp up security across hybrid and multicloud environments.

By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2018

0 comments | Read | Post a Comment

6 Ways DevOps Can Supercharge Security

Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.

By Ericka Chickowski Contributing Writer, Dark Reading, 8/2/2018

0 comments | Read | Post a Comment

How GDPR Could Turn Privileged Insiders into Bribery Targets

Commentary

Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.

By Mark Coates VP, EMEA, Dtex Systems, 8/2/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by cbear42

My concern is that there seems to be a "throw their hands in the air" approach from most development teams and in the industry when it comes to trying to ensure that employees don't make a bad security choice. They have...

In reply to: Complete Agreement on this one. . .
Post Your Own Reply

Posted by BanduraCSO

This article hits on a number of important points. Part of this is basic cyber hygiene practices and it's not clear to me why the election networks themselves should be connected to the public Internet. Threat...

In reply to: Threat Intelligence
Post Your Own Reply

Posted by BrianN060

You both make some valid points; but I think the choice of vendors is less free than assumed. There are certainly restrictions in the corporate and academic environments (some choices are not allowed, others forced...

In reply to: Re: Internet bullying.
Post Your Own Reply

Posted by BrianN060

There are just too many self-serving motivations for any individuals or corporate, political or activist entities, to be trusted with being the guardians of the cyber-universe, to dictate what is or isn't moral, ethical...

In reply to: Re: Who decides?
Post Your Own Reply

Posted by dmatos123

I guess we'll agree to disagree on this. My thoughts on a browser update regarding a security alert doesn't amount to bullying. Users are free to download and use any other browser besides chrome. If, on...

In reply to: Re: Internet bullying.
Post Your Own Reply

Posted by benmajece

This article will be useful to read for students! I've learned a lot of new info about securiy here

In reply to: My opinion
Post Your Own Reply

Posted by BPID

It is not the site which is insecure, but the communucations: from your browser to that site which, by the way Google is monitoring and deciding good/bad. Reality is the internet is not secure. We see daily sites and large...

In reply to: Re: Internet bullying.
Post Your Own Reply

Posted by Kunchen

This is indeed a very good post. I enjoyed reading and I see a sequel in the future? "What happens after C&C?" At least from a an IR, CIRT, or from a security team's perspective. Lessons learned? Controls review?...

In reply to: Good post
Post Your Own Reply

Posted by dmatos123

I disagree. The reality is that "normal" users have little insight into what HTTPS means vs HTTP and how the transmissions differ regarding their personal and identifying information when using the web. An extra...

In reply to: Re: Internet bullying.
Post Your Own Reply

Posted by BPID

There is no doubt that securing data in transmission is a good thing. However. Google's dominant position does not give them the right to block or interrupt a user from reaching any site. Though you may give your browser...

In reply to: Internet bullying.
Post Your Own Reply

Posted by njtrout

Couldn't agree more, However, 30+ years of product development in the security industry has led to this problem. How do you undo 30+ years of proprietary code. For instance, anti-virus vendors have never agreed...

In reply to: Couldn't agree more
Post Your Own Reply

Posted by Sbdr204

Great article! We've integrated the MITRE framework in our red team engagements to drive more value to our customers. Traditional red team penetration testing is dead, or it should be. Just going after privileged access...

In reply to: Red Team Integration
Post Your Own Reply

More Conversations

Products & Releases

Exabeam Raises $50 Million in Series D, Targets SIEM Market

Imperva Completes the Acquisition of Prevoty

Venafi Study: 93% of Security Professionals Say Election Infrastructure Is at Risk

Retail Cyber Intelligence Sharing Center (R-CISC) Forms Advisory Council

Research Reveals Major Insider Threat Disconnect in the Workplace: ObserveIT

Jumio’s Netverify® Solutions Win Gold and Bronze in Security Software

ISACA and SecurityScorecard Define Questions to Implement Continuous Assurance for Data

BitSight Raises $60 Million in Series D Funding Led by Warburg Pincus

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms

Kelly Jackson Higgins, Executive Editor at Dark Reading, 8/14/2018

Gartner Says IT Security Spending to Hit $124B in 2019

Dark Reading Staff 8/15/2018

Oh, No, Not Another Security Product

Paul Stokes, Founder & CEO of Prevalent AI, 8/9/2018

Live Events

Webinars

More UBM Tech
Live Events

INsecurity Conference - An Event Like No Other

Black Hat Trainings - October 22 & 23

Are You Looking to Learn About New Cybersecurity Threats & Challenges? Then INsecurity Is For You!

White Papers

Distributed Defense: How Government Agencies Deploy Hacker-Powered Security

Vulnerability Disclosure Policy (VDP) Basics

Cyber Threat Landscape: The Healthcare Industry

Essential Guide - Blocking Malware Without a SOC

The Fileless Attack Checklist

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: I'll need you to first enable Android's option to install programs from unknown sources.

Cartoon Archive

Current Issue

The Biggest Cybersecurity Breaches of 2018 (So Far)

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of IT and Cybersecurity

IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!

Download Now!

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2017-13106
PUBLISHED: 2018-08-15

Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

CVE-2017-13107
PUBLISHED: 2018-08-15

Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

CVE-2017-13108
PUBLISHED: 2018-08-15

DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

CVE-2017-13100
PUBLISHED: 2018-08-15

DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

CVE-2017-13101
PUBLISHED: 2018-08-15

Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.

Terms of Service
Privacy Statement
Legal Entities