Risk

News & Commentary
GovPayNow Leak of 14M+ Records Dates Back to 2012
Dark Reading Staff, Quick Hits
Thousands of US state and local governments use the service to process online payments for everything from traffic tickets to court fines.
By Dark Reading Staff , 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark ReadingNews
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2018
Comment1 Comment  |  Read  |  Post a Comment
The 7 Habits of Highly Effective Security Teams
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 9/17/2018
Comment0 comments  |  Read  |  Post a Comment
How Secure are our Voting Systems for November 2018?
Dark Reading Staff, CommentaryVideo
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.
By Dark Reading Staff , 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
Military, Government Users Just as Bad About Password Hygiene as Civilians
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/14/2018
Comment1 Comment  |  Read  |  Post a Comment
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers bypass a Trusted Computing Group security measure to manipulate the firmware and steal data in memory.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2018
Comment2 comments  |  Read  |  Post a Comment
Enterprise Security Needs an Open Data Solution
Carey Nachenberg, Chief Scientist at ChronicleCommentary
What would it look like if more than a tiny fraction of enterprises had access to all the signals hidden in their big data today?
By Carey Nachenberg Chief Scientist at Chronicle, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Increasingly Vulnerable Software Supply Chain
Thomas Etheridge, Vice President of Services, CrowdStrikeCommentary
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
By Thomas Etheridge Vice President of Services, CrowdStrike, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
Modular Malware Brings Stealthy Attacks to Former Soviet States
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new malware technique is making phishing attacks harder to spot when they succeed.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Malware Campaign Targeting Jaxx Wallet Holders Shut Down
Kelly Sheridan, Staff Editor, Dark ReadingNews
A site spoofing the official Jaxx website was discovered packing several infections for Windows and Mac machines, and has been shut down.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
4 Trends Giving CISOs Sleepless Nights
Mike Convertino, CISO & VP, Information Security, F5 NetworksCommentary
IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
By Mike Convertino CISO & VP, Information Security, F5 Networks, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Mirai, Gafgyt Botnets Resurface with New Tricks
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new version of Mirai exploits the Apache Struts flaw linked to the Equifax breach, while Gafgyt targets an old flaw in SonicWall.
By Kelly Sheridan Staff Editor, Dark Reading, 9/11/2018
Comment0 comments  |  Read  |  Post a Comment
The Key to Stealing a Tesla Model S
Dark Reading Staff, Quick Hits
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.
By Dark Reading Staff , 9/11/2018
Comment0 comments  |  Read  |  Post a Comment
4 Practical Measures to Improve Election Security Now
Chris Wysopal,  Chief Technology Officer, CA Veracode Commentary
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
By Chris Wysopal Chief Technology Officer, CA Veracode , 9/11/2018
Comment1 Comment  |  Read  |  Post a Comment
New 'Fallout' EK Brings Return of Old Ransomware
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/10/2018
Comment0 comments  |  Read  |  Post a Comment
Three Trend Micro Apps Caught Collecting MacOS User Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.
By Kelly Sheridan Staff Editor, Dark Reading, 9/10/2018
Comment0 comments  |  Read  |  Post a Comment
DevOps Demystified: A Primer for Security Practitioners
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Key starting points for those still struggling to understand the concept.
By John B. Dickson CISSP, Principal, Denim Group, 9/10/2018
Comment0 comments  |  Read  |  Post a Comment
8 Attack Vectors Puncturing Cloud Environments
Kelly Sheridan, Staff Editor, Dark Reading
These methods may not yet be on your security team's radar, but given their impact, they should be.
By Kelly Sheridan Staff Editor, Dark Reading, 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
Palestinian, Middle East Targets Hit with New Surveillance Attacks
Dark Reading Staff, Quick Hits
'Big Bang' group returns with new campaign after last year's RAT attacks.
By Dark Reading Staff , 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
British Airways Issues Apology for Severe Data Breach
Dark Reading Staff, Quick Hits
The airline "is deeply sorry" for its worst-ever cyberattack, which has affected 380,000 customers.
By Dark Reading Staff , 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7929
PUBLISHED: 2018-09-18
Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations.
CVE-2018-7991
PUBLISHED: 2018-09-18
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific o...
CVE-2018-14641
PUBLISHED: 2018-09-18
A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this ...
CVE-2018-14642
PUBLISHED: 2018-09-18
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
CVE-2018-16958
PUBLISHED: 2018-09-18
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...