Network Computing Dark Reading

Advertise

Risk

News & Commentary

Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent

Quick Hits

The social media giant says it did not access the imported data and is notifying affected users.

By Dark Reading Staff , 4/18/2019

0 comments | Read | Post a Comment

VPN Vulnerabilities Point Out Need for Comprehensive Remote Security

Curtis Franklin Jr., Senior Editor at Dark Reading

News

VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2019

0 comments | Read | Post a Comment

Tips for the Aftermath of a Cyberattack

Kelly Sheridan, Staff Editor, Dark Reading

News

Incident response demands technical expertise, but you can't fully recover without non-IT experts.

By Kelly Sheridan Staff Editor, Dark Reading, 4/17/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, First week - we suffered a minor breach and we are investigating. Second week...

New Malware Campaign Targets Financials, Retailers

Quick Hits

The attack uses a legitimate remote access system as well as several families of malware.

By Dark Reading Staff , 4/17/2019

0 comments | Read | Post a Comment

Legacy Apps: The Security Risk Lurking in Dusty Corners

Tim Buntel, VP, Application Security Products, Threat Stack

Commentary

Four best practices to keep old code from compromising your enterprise environment.

By Tim Buntel VP, Application Security Products, Threat Stack, 4/17/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Every firm has a legacy system, one old Compaq Prolinea that has weird or ancient...

Inside the Dark Web's How-To Guides for Teaching Fraud

Quick Hits

A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.

By Dark Reading Staff , 4/17/2019

0 comments | Read | Post a Comment

Selecting the Right Strategy to Reduce Vulnerability Risk

Tim Erlin, VP of Product Management & Strategy at Tripwire

Commentary

There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.

By Tim Erlin VP of Product Management & Strategy at Tripwire, 4/17/2019

0 comments | Read | Post a Comment

7 Tips for an Effective Employee Security Awareness Program

Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.

By Jai Vijayan Freelance writer, 4/17/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, It is amazing how many security breach issues are directly related to phishing. ...

Security Audit Shows Gains, Though Privacy Lags

News

The 2018 Online Trust Audit shows that "encryption everywhere" is improving security, while fuzzy language is slowing privacy gains.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/16/2019

0 comments | Read | Post a Comment

Meet Scranos: New Rootkit-Based Malware Gains Confidence

News

The cross-platform operation, first tested on victims in China, has begun to spread around the world.

By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, This has to be sister of Thanos in the next Avenger's movie for 2025 releas...

Benefiting from Data Privacy Investments

Marc Wilczek, Digital Strategist & CIO Advisor

Commentary

GDPR-ready companies experience lower overall costs associated with data breaches, research finds.

By Marc Wilczek Digital Strategist & CIO Advisor, 4/16/2019

0 comments | Read | Post a Comment

IT Outsourcing Firm Wipro Investigates Data Breach

Quick Hits

Employee accounts may have been compromised in a sophisticated phishing campaign.

By Dark Reading Staff , 4/16/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, I spent 8 months before the mast with a Wipro-IBM client in 2016 to 2017 before...

New Details Emerge on Windows Zero Day

News

The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.

By Kelly Sheridan Staff Editor, Dark Reading, 4/15/2019

0 comments | Read | Post a Comment

CERT, CISA Warn of Vuln in at Least 4 Major VPNs

Quick Hits

VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.

By Dark Reading Staff , 4/12/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, "exfiltrates the cookie using other methods" I would deem the most probable....

This Week in Security Funding: Where the Money Went

News

Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.

By Kelly Sheridan Staff Editor, Dark Reading, 4/12/2019

0 comments | Read | Post a Comment

Home Office Apologizes for EU Citizen Data Exposure

Quick Hits

The Home Office has admitted to compromising private email addresses belonging to EU citizens hoping to settle in the UK.

By Dark Reading Staff , 4/12/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, Facepalm. If the individuals on that list want to salvage their personal emails...

'Dragonblood' Vulnerabilities Seep Into WPA3 Secure Wifi Handshake

News

A new set of vulnerabilities may put some early adopters of strong Wifi security at greater security risk.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/11/2019

0 comments | Read | Post a Comment

Senate Report on Equifax Raises Questions Ahead of FICO Product Announcement

News

Equifax is slammed in a Senate subcommittee report ahead of the announcement of a joint service with FICO.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/11/2019

0 comments | Read | Post a Comment

Tax Hacks: How Seasonal Scams Cause Yearlong Problems

News

Tax season is marked with malware campaigns, tax fraud, and identity theft, with money and data flowing through an underground economy.

By Kelly Sheridan Staff Editor, Dark Reading, 4/11/2019

0 comments | Read | Post a Comment

Julian Assange Arrested in London

Quick Hits

The WikiLeaks founder, who was taken from the Ecuadorian Embassy by British police, has been convicted of skipping bail in 2012.

By Dark Reading Staff , 4/11/2019

2 comments | Read | Post a Comment

Latest Comment: RyanSepe, Very true, it will be interesting to see how this develops. I think justice...

More Stories

Current Conversations

Posted by REISEN1955

First week - we suffered a minor breach and we are investigating. Second week - we have experts and contracted consultants investigating at minimal cost. Third week - we have fired the consultants due to cost and have...

In reply to: Public relations scenario
Post Your Own Reply

Posted by markgrogan

Social media has always been giving people the wrong impression of so many different things on the face of this earth. Thus, I have chosen not to fully believe what is being portrayed out there in the digital realm. Read...

In reply to: Pinch of salt
Post Your Own Reply

Posted by MelBrandle

It took so many years for the company to finally nail the attackers down. It goes without saying that it is not an easy feat to know where the main target of attacks is coming from as attackers are stealth in their techniques....

In reply to: Undetected for long
Post Your Own Reply

Posted by REISEN1955

Every firm has a legacy system, one old Compaq Prolinea that has weird or ancient software installed on it 20 years ago that is used every 30 days to run a reel-to-reel data tape. (Aon had one of those). And...

In reply to: And machines too
Post Your Own Reply

Posted by REISEN1955

It is amazing how many security breach issues are directly related to phishing. Employees should know better by now but they still click on that invoice for something they never bought or an email from the chairman...

In reply to: On training
Post Your Own Reply

Posted by REISEN1955

This has to be sister of Thanos in the next Avenger's movie for 2025 release.

In reply to: For a smile
Post Your Own Reply

Posted by REISEN1955

I spent 8 months before the mast with a Wipro-IBM client in 2016 to 2017 before joining my current job and it was a nightmare. The GSD - General Service Desk (help desk) would take 9 days !!! to route a ticket...

In reply to: From experience .....
Post Your Own Reply

Posted by DavidHamilton

It is always a chain reaction when you engage a third party to do the job for you. End users only see you at the front so the blame will be pushed to you even if you weren't the one handling the security component at the...

In reply to: Clear your name
Post Your Own Reply

Posted by RyanSepe

Very true, it will be interesting to see how this develops. I think justice will be served but there may be a lot of colateral damage in the process.

In reply to: Re: This will be interesting
Post Your Own Reply

Posted by RyanSepe

Facepalm. If the individuals on that list want to salvage their personal emails they should use whitelisting. Otherwise they may be better off creating a new one before getting spammed to death.

In reply to: BCC Blunder
Post Your Own Reply

Posted by RyanSepe

"exfiltrates the cookie using other methods" I would deem the most probable. In my eyes if I know where the cookie is stored just using a dropper to send the cookie home would give enough time for the replay. Especially...

In reply to: exfiltrates the cookie using other methods
Post Your Own Reply

Posted by StephenGiderson

The reason why they shared their manifesto is to regain back the trust of their users which has sadly been lost. Major data breaches have occurred after so many years of becoming their loyal member. Thus, the only way is...

In reply to: Regain trust
Post Your Own Reply

More Conversations

Products & Releases

Cybercriminals Using Popular TV Shows to Spread Malware

OPAQ Awarded Patent for Cyber Risk Assessment Technology

TrueVault Launches TrueVault Atlas To Automate Aspects of GDPR Compliance

Industrial Internet Consortium Announces Practitioner's Guide for Assessing Maturity of IoT System Security

Prevalent Announces New CEO, Expands Leadership Team with 3 New C-Suite Positions

Tripwire IP360 Now Discovers More Than 200,000 Conditions

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

Global Cooperation And Regulation Key In Addressing Multilayered Threats Posed By New Technology

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Julian Assange Arrested in London

Dark Reading Staff 4/11/2019

8 'SOC-as-a-Service' Offerings

Steve Zurier, Freelance Writer, 4/12/2019

Home Office Apologizes for EU Citizen Data Exposure

Dark Reading Staff 4/12/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

White Papers

Security in the New World of Containers & Serverless

6 Keys to Faster Phishing Mitigation

2019 Cyberthreat Defense Report

Beginner's Guide - Open Source Incident Response Tools & Resources

7 SIEM Trends to Watch in 2019

More White Papers

Video

All Risk Videos

Cartoon

Latest Comment: Bill just doesn't realize it's more than a 2 dimensional world.

Cartoon Archive

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing Secure Applications

IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.

Download Now!

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-1840
PUBLISHED: 2019-04-18

A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when...

CVE-2019-1841
PUBLISHED: 2019-04-18

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vuln...

CVE-2019-1826
PUBLISHED: 2019-04-18

A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi fra...

CVE-2019-1829
PUBLISHED: 2019-04-18

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due...

CVE-2019-1830
PUBLISHED: 2019-04-18

A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administr...

Terms of Service
Privacy Statement
Legal Entities