Risk

News & Commentary
Battling Bots Brings Big-Budget Blow to Businesses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Equifax Breach Underscores Need for Accountability, Simpler Architectures
Robert Lemos, Technology Journalist/Data ResearcherNews
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
By Robert Lemos Technology Journalist/Data Researcher, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
49% of Cloud Databases Left Unencrypted
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Grammarly Takes Bug Bounty Program Public
Dark Reading Staff, Quick Hits
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
By Dark Reading Staff , 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Jack Jones, Chairman, FAIR InstituteCommentary
The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.
By Jack Jones Chairman, FAIR Institute, 12/11/2018
Comment1 Comment  |  Read  |  Post a Comment
DanaBot Malware Adds Spam to its Menu
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new generation of modular malware increases its value to criminals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'Highly Active' Seedworm Group Hits IT Services, Governments
Kelly Sheridan, Staff Editor, Dark ReadingNews
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'Simplify Everything': Google Talks Container Security in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.
By Kelly Sheridan Staff Editor, Dark Reading, 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
Bringing Compliance into the SecDevOps Process
Joe Ward, Senior Security Analyst, Bishop FoxCommentary
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
By Joe Ward Senior Security Analyst, Bishop Fox, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Apple Issues Security Fixes Across Mac, iOS
Dark Reading Staff, Quick Hits
Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
55% of Companies Don't Offer Mandatory Security Awareness Training
Dark Reading Staff, Quick Hits
Even those that provide employee training do so sparingly, a new study finds.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Security Command Center Now in Beta
Kelly Sheridan, Staff Editor, Dark ReadingNews
The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.
By Kelly Sheridan Staff Editor, Dark Reading, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways to Strengthen Your GDPR Compliance Efforts
Steve Zurier, Freelance Writer
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
By Steve Zurier Freelance Writer, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
Backdoors Up 44%, Ransomware Up 43% from 2017
Kelly Sheridan, Staff Editor, Dark ReadingNews
Nearly one in three computers was hit with a malware attack this year, and ransomware and backdoors continue to pose a risk.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2018
Comment0 comments  |  Read  |  Post a Comment
Jared, Kay Jewelers Web Vuln Exposes Shoppers' Data
Dark Reading Staff, Quick Hits
A Jared customer found he could access other orders by changing a link in his confirmation email.
By Dark Reading Staff , 12/4/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new partnership wants to improve how people use and manage the virtual identities that govern their lives online.
By Kelly Sheridan Staff Editor, Dark Reading, 12/3/2018
Comment8 comments  |  Read  |  Post a Comment
Filling the Cybersecurity Jobs Gap Now and in the Future
John DeSimone & Russ Schrader, VP, Cybersecurity & Special Missions, Raytheon; Executive Director, National Cyber Security AllianceCommentary
Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.
By John DeSimone & Russ Schrader VP, Cybersecurity & Special Missions, Raytheon; Executive Director, National Cyber Security Alliance, 12/3/2018
Comment0 comments  |  Read  |  Post a Comment
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Kelly Sheridan, Staff Editor, Dark Reading
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 11/30/2018
Comment0 comments  |  Read  |  Post a Comment
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
Elad Menahem, Head of Security Research, Cato NetworksCommentary
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
By Elad Menahem Head of Security Research, Cato Networks, 11/30/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Agent Aix les Bains
Current Conversations What do you mean ?
In reply to: Re: BLOCKCHAIN
Post Your Own Reply
More Conversations
PR Newswire
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Jack Jones, Chairman, FAIR Institute,  12/11/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15328
PUBLISHED: 2018-12-12
On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear ...
CVE-2018-17949
PUBLISHED: 2018-12-12
Cross site scripting vulnerability in iManager prior to 3.1 SP2.
CVE-2018-17950
PUBLISHED: 2018-12-12
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
CVE-2018-17952
PUBLISHED: 2018-12-12
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
CVE-2018-16867
PUBLISHED: 2018-12-12
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may l...