Risk

News & Commentary
New Malware Campaign Targets Job Seekers
Dark Reading Staff, Quick Hits
LinkedIn profiles provide a persistent, patient threat actor with the information required to craft spear-phishing messages.
By Dark Reading Staff , 2/22/2019
Comment0 comments  |  Read  |  Post a Comment
New Legislation Builds on California Data Breach Law
Dark Reading Staff, Quick Hits
This bill requires businesses to notify consumers of compromised passport numbers and biometric data.
By Dark Reading Staff , 2/22/2019
Comment3 comments  |  Read  |  Post a Comment
Cyber Extortionists Can Earn $360,000 a Year
Kelly Sheridan, Staff Editor, Dark ReadingNews
Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.
By Kelly Sheridan Staff Editor, Dark Reading, 2/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Insurer Offers GDPR-Specific Coverage for SMBs
Jai Vijayan, Freelance writerNews
Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.
By Jai Vijayan Freelance writer, 2/20/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks
Dark Reading Staff, Quick Hits
A recent wave of cybercrime has targeted organizations with employees in Belgium, France, Germany, Poland, Romania, and Serbia.
By Dark Reading Staff , 2/20/2019
Comment0 comments  |  Read  |  Post a Comment
The Anatomy of a Lazy Phish
Jordan Shakhsheer, Information Security Engineer, Bluestone AnalyticsCommentary
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
By Jordan Shakhsheer Information Security Engineer, Bluestone Analytics, 2/20/2019
Comment0 comments  |  Read  |  Post a Comment
'Formjacking' Compromises 4,800 Sites Per Month. Could Yours Be One?
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals see formjacking as a simple opportunity to take advantage of online retailers and all they need is a small piece of JavaScript.
By Kelly Sheridan Staff Editor, Dark Reading, 2/20/2019
Comment0 comments  |  Read  |  Post a Comment
6 Tax Season Tips for Security Pros
Steve Zurier, Freelance Writer
Here are some practical ways to keep your company safe as Uncle Sam comes calling.
By Steve Zurier Freelance Writer, 2/19/2019
Comment0 comments  |  Read  |  Post a Comment
Privacy Ops: The New Nexus for CISOs & DPOs
Amit Ashbel, Security Evangelist, CognigoCommentary
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
By Amit Ashbel Security Evangelist, Cognigo, 2/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Staffing Shortage Makes Vulnerabilities Worse
Dark Reading Staff, Quick Hits
Businesses don't have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute.
By Dark Reading Staff , 2/15/2019
Comment1 Comment  |  Read  |  Post a Comment
Post-Quantum Crypto Standards Arent All About the Math
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/15/2019
Comment0 comments  |  Read  |  Post a Comment
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark ReadingNews
In the weeks leading up to Valentine's Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails.
By Kelly Sheridan Staff Editor, Dark Reading, 2/14/2019
Comment2 comments  |  Read  |  Post a Comment
How to Create a Dream Team for the New Age of Cybersecurity
Gaurav Banga, Founder and CEO, BalbixCommentary
When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.
By Gaurav Banga Founder and CEO, Balbix, 2/14/2019
Comment0 comments  |  Read  |  Post a Comment
Security Spills: 9 Problems Causing the Most Stress
Kelly Sheridan, Staff Editor, Dark Reading
Security practitioners reveal what's causing them the most frustration in their roles.
By Kelly Sheridan Staff Editor, Dark Reading, 2/14/2019
Comment0 comments  |  Read  |  Post a Comment
Scammers Fall in Love with Valentine's Day
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Lessons Learned from a Hard-Hitting Security Review
Jaspreet Singh, founder and CEO of DruvaCommentary
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
By Jaspreet Singh founder and CEO of Druva, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark ReadingNews
Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.
By Kelly Sheridan Staff Editor, Dark Reading, 2/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Identifying, Understanding & Combating Insider Threats
Ilan Paretsky, Chief Marketing Officer of EricomCommentary
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
By Ilan Paretsky Chief Marketing Officer of Ericom, 2/12/2019
Comment0 comments  |  Read  |  Post a Comment
Malware Campaign Hides Ransomware in Super Mario Wrapper
Dark Reading Staff, Quick Hits
A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.
By Dark Reading Staff , 2/8/2019
Comment5 comments  |  Read  |  Post a Comment
4 Payment Security Trends for 2019
Ellen Richey, Vice Chairman and Chief Risk Officer, VisaCommentary
Visa's chief risk officer anticipates some positive changes ahead.
By Ellen Richey Vice Chairman and Chief Risk Officer, Visa, 2/7/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6485
PUBLISHED: 2019-02-22
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5...
CVE-2019-9020
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc...
CVE-2019-9021
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file...
CVE-2019-9022
PUBLISHED: 2019-02-22
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parser...
CVE-2019-9023
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcom...