Network Computing Dark Reading

Advertise

Risk

News & Commentary

DHS Task Force Moves Forward on Playbooks for Supply Chain Security

Curtis Franklin Jr., Senior Editor at Dark Reading

News

The public/private task force takes early steps toward securing the end-to-end supply chain.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/16/2018

0 comments | Read | Post a Comment

BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance

Kelly Sheridan, Staff Editor, Dark Reading

News

BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.

By Kelly Sheridan Staff Editor, Dark Reading, 11/16/2018

0 comments | Read | Post a Comment

Congress Passes Bill to Create New Federal Cybersecurity Agency

News

Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.

By Jai Vijayan Freelance writer, 11/15/2018

0 comments | Read | Post a Comment

Cyber Crooks Diversify Business with Multi-Intent Malware

Commentary

The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.

By Avi Chesla CEO and Founder, empow, 11/15/2018

1 Comment | Read | Post a Comment

Cloud, China, Generic Malware Top Security Concerns for 2019

News

FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.

By Kelly Sheridan Staff Editor, Dark Reading, 11/15/2018

0 comments | Read | Post a Comment

Japan Cyber Minister Says He Has Never Used a Computer

Quick Hits

Yoshitaka Sakurada, who recently took on the role after a cabinet shuffling, says it's up to the government to deal with it.

By Dark Reading Staff , 11/15/2018

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Cannot be personally blamed for an infection save the common cold. LOL. ...

More Than 50% of Free Mobile VPN Apps Have Chinese Ties

Quick Hits

In addition, most have "unacceptable" privacy policies and "non-existent user support."

By Dark Reading Staff , 11/15/2018

0 comments | Read | Post a Comment

From Reactive to Proactive: Security as the Bedrock of the SDLC

Brian Rutledge, Principal Security Manager at Spanning

Commentary

Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.

By Brian Rutledge Principal Security Manager at Spanning, 11/15/2018

0 comments | Read | Post a Comment

Cryptojacking, Mobile Malware Growing Threats to the Enterprise

News

At the same time, criminal organizations continue to look for new ways to attack their victims.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/14/2018

0 comments | Read | Post a Comment

Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues

Tim Wilson, Editor in Chief, Dark Reading,

News

Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data – and are fearful of a near-term breach of critical infrastructure.

By Tim Wilson, Editor in Chief, Dark Reading , 11/14/2018

0 comments | Read | Post a Comment

Airlines Have a Big Problem with Bad Bots

News

Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.

By Kelly Sheridan Staff Editor, Dark Reading, 11/14/2018

0 comments | Read | Post a Comment

Can Businesses Stand Up to Cybercrime? Only 61% Say Yes

Quick Hits

While 96% of US organizations say business resilience should be core to company strategy, only 61% say it actually is.

By Dark Reading Staff , 11/14/2018

0 comments | Read | Post a Comment

Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed

Quick Hits

Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.

By Dark Reading Staff , 11/13/2018

0 comments | Read | Post a Comment

Getting to Know Magecart: An Inside Look at 7 Groups

News

A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims.

By Kelly Sheridan Staff Editor, Dark Reading, 11/13/2018

0 comments | Read | Post a Comment

Empathy: The Next Killer App for Cybersecurity?

Shay Colson, CISSP, Senior Manager, CyberClarity360

Commentary

The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.

By Shay Colson CISSP, Senior Manager, CyberClarity360, 11/13/2018

2 comments | Read | Post a Comment

Latest Comment: tdsan, → it is the human element that creates effective penetration testing...

Google Traffic Temporarily Rerouted via Russia, China

News

The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.

By Kelly Sheridan Staff Editor, Dark Reading, 11/13/2018

0 comments | Read | Post a Comment

2018 on Track to Be One of the Worst Ever for Data Breaches

News

A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone.

By Jai Vijayan Freelance writer, 11/12/2018

1 Comment | Read | Post a Comment

Latest Comment: tdsan, Interesting article, what I am curious about is where are the payouts from...

Veterans Find New Roles in Enterprise Cybersecurity

News

Facebook and Synack create programs to educate vets and grow employment opportunities while shrinking the cybersecurity talent gap.

By Kelly Sheridan Staff Editor, Dark Reading, 11/12/2018

3 comments | Read | Post a Comment

Latest Comment: jabeatty, This should do the trick: https://www.synack.com/veterans/

7 Cool New Security Tools to be Revealed at Black Hat Europe

Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.

By Ericka Chickowski Contributing Writer, Dark Reading, 11/12/2018

0 comments | Read | Post a Comment

Cyberattacks Top Business Risks in North America, Europe, EAP

Quick Hits

The World Economic Forum reports cyberattacks are a top enterprise concern following WannaCry and the rise of e-commerce.

By Dark Reading Staff , 11/12/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by [email protected]

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by shaycolson

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by jabeatty

This should do the trick: https://www.synack.com/veterans/

In reply to: Re: Link
Post Your Own Reply

Posted by arogyalokeshv

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by REISEN1955

Cannot be personally blamed for an infection save the common cold. LOL. Incredible dumb or brilliant.

In reply to: Probable safest user EVER
Post Your Own Reply

Posted by tdsan

Interesting article, what I am curious about is where are the payouts from the GDPR discussions and the vulerabilities found at these various institutions (please advise)? T

In reply to: Repercussion of Data Breaches
Post Your Own Reply

Posted by tdsan

→ it is the human element that creates effective penetration testing practices at scale. I am just curious, how do you go about improving the human element when employees don't really seem to get or understand...

In reply to: Interesting article on Emphathy
Post Your Own Reply

Posted by jrpolan

With the dearth of cybersecurity professionals out there and technology frontiers growing daily, former military personnel are a great source of new weapons. As a vet myself, I can say they are highly-trainable, responsible,...

In reply to: Great topic
Post Your Own Reply

Posted by aricamartin

The secure operating system is the Linux operating system which is used in the IT organizations mostly. I am getting the windows error code 0x80004005 for the help purpose but did not get any response.

In reply to: OS Error
Post Your Own Reply

Posted by hucklesinthedark

Good points, but of course I'm saying that since I'm an auditor myself. I can vouch for internal audit's potential to help other departments stay on track and make the most of their own processes. I find that internal audit...

In reply to: Defining the Process
Post Your Own Reply

Posted by Ratteau

Do you have a link to the Synack course for more information? Cant find it at their corporate site.

In reply to: Link
Post Your Own Reply

Posted by jessicaglover012

Solving coding assignments can be really difficult at times because this subject covers many complex areas including MATLAB, visual basic, coldfusion, oracle, MYSQL, prolog, etc. We have seen that the number of students...

In reply to: Coding Assignment
Post Your Own Reply

More Conversations

Products & Releases

Global Cooperation And Regulation Key In Addressing Multilayered Threats Posed By New Technology

Eurofins Digital Testing Launches Cyber Security Division

New Research from eSentire Finds Only 30 Percent of Firms are Confident They Can Avoid a Major Security Event in the Next Two Years

CMMI Institute Updates Cybermaturity Platform with Practices to Build Cybersecurity Resilience

Smarsh Survey Reveals Financial Firms Looking for Communications Risks in the Wrong Places

Carbonite Introduces Comprehensive Data Protection for Virtual and Physical Servers

60% of IT Security Professionals Looking to Leave Current Job: Mondo

The Chertoff Group Announces Rebrand

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Veterans Find New Roles in Enterprise Cybersecurity

Kelly Sheridan, Staff Editor, Dark Reading, 11/12/2018

Understanding Evil Twin AP Attacks and How to Prevent Them

Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies, 11/14/2018

7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge

Curtis Franklin Jr., Senior Editor at Dark Reading, 11/15/2018

Live Events

Webinars

More UBM Tech
Live Events

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

Communications & Collaboration 2022 at EC19 Orlando March 18-21

White Papers

4 Support Teams That Embraced Mobile

Mitigating False-Positives to Improve Software Publishing

The IT Pro's Guide to DIY Antivirus Testing

Taking Control of Vendor Risk: A 6-Step Approach

Picture This: Cyber Crime for Sale

More White Papers

Video

All Risk Videos

Cartoon

Latest Comment: You know, at first glance, I liked the idea of wearable tech.. Never through it would be a security risk.

Cartoon Archive

Current Issue

10 Emerging Threats Every Enterprise Should Know About

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Online Malware and Threats: A Profile of Today's Security Posture

This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!

Download Now!

The Risk Management Struggle

0 comments

How Data Breaches Affect the Enterprise

0 comments

The State of IT and Cybersecurity

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-19349
PUBLISHED: 2018-11-17

In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.

CVE-2018-19350
PUBLISHED: 2018-11-17

In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.

CVE-2018-19341
PUBLISHED: 2018-11-17

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...

CVE-2018-19342
PUBLISHED: 2018-11-17

CVE-2018-19343
PUBLISHED: 2018-11-17

The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...

Terms of Service
Privacy Statement
Legal Entities