Risk

News & Commentary
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Security Ratings Answer Big Questions in Cyber Insurance
Kelly Sheridan, Staff Editor, Dark ReadingNews
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
By Kelly Sheridan Staff Editor, Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
How the security industry can both make money and stay true to its core values, and why that matters.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 6/11/2018
Comment2 comments  |  Read  |  Post a Comment
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
Kelly Sheridan, Staff Editor, Dark ReadingNews
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
DevSecOps Gains Enterprise Traction
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Enterprise adoption of DevSecOps has surged in the past year, according to a study conducted at this year's RSA Conference.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
In Pursuit of Cryptography's Holy Grail
Ellison Anne Williams, Founder and CEO of EnveilCommentary
Homomorphic encryption eliminates the need for data exposure at any point something that certainly would be welcome these days.
By Ellison Anne Williams Founder and CEO of Enveil, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
Survey Shows Florida at the Bottom for Consumer Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/6/2018
Comment0 comments  |  Read  |  Post a Comment
Tax-Season Malware Campaign Delivers Trojan Via Email
Dark Reading Staff, Quick Hits
A new example of a long-term phenomenon delivers a banking trojan via a downloader activated by a URL in a phishing email.
By Dark Reading Staff , 6/6/2018
Comment0 comments  |  Read  |  Post a Comment
Panorays Debuts With $5 Million Investment
Dark Reading Staff, Quick Hits
Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.
By Dark Reading Staff , 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
The Breach Disclosure Double Standard
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Cybersecurity pros expect to be notified immediately when they're breached, but most don't do the same and some even cover up breaches.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Launches Second INsecurity Conference
Tim Wilson, Editor in Chief, Dark Reading, News
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
By Tim Wilson, Editor in Chief, Dark Reading , 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Ken Mills, General Manager of IoT, Surveillance and Security, Dell EMCCommentary
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
By Ken Mills General Manager of IoT, Surveillance and Security, Dell EMC, 6/4/2018
Comment0 comments  |  Read  |  Post a Comment
Google Groups Misconfiguration Exposes Corporate Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.
By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
Telegram: Apple Has Blocked Updates since April
Dark Reading Staff, Quick Hits
Telegram founder and chief executive Pavel Durov claims the messaging service has not been able to make technical updates anywhere in the world.
By Dark Reading Staff , 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
New Federal Report Gives Guidance on Beating Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/31/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Security Investments You May Be Wasting
Kelly Sheridan, Staff Editor, Dark Reading
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
By Kelly Sheridan Staff Editor, Dark Reading, 5/31/2018
Comment0 comments  |  Read  |  Post a Comment
Hacker Sentenced to 5 Years in Yahoo Credential Theft Case
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Karim Baratov given prison time and seven-figure fine after guilty plea in the massive Yahoo data breach
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/30/2018
Comment2 comments  |  Read  |  Post a Comment
FireEye Offers Free Tool to Detect Malicious Remote Logins
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Open source GeoLogonalyzer helps to weed out hackers exploiting stolen credentials to log into their targets.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/30/2018
Comment0 comments  |  Read  |  Post a Comment
Getting Revolutionary (Not Evolutionary) about Cybersecurity
Matthew Doan, Principal, Commercial Solutions, Booz Allen HamiltonCommentary
Being a security revolutionary isn't purely about new, ground-breaking ideas. It's about anticipating, outpacing, and influencing your world, both internally and externally. Here are five keys to success.
By Matthew Doan Principal, Commercial Solutions, Booz Allen Hamilton, 5/30/2018
Comment0 comments  |  Read  |  Post a Comment
How to Empower Today's 'cISOs'
Rick Holland, Chief Information Security Officer and Vice President of  Strategy at Digital ShadowsCommentary
Although many security leaders have a C in their title, not all are true capital-C "Chiefs." Here are three ways to live up to the job description.
By Rick Holland Chief Information Security Officer and Vice President of Strategy at Digital Shadows, 5/29/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  6/11/2018
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12026
PUBLISHED: 2018-06-17
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in tur...
CVE-2018-12027
PUBLISHED: 2018-06-17
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said ...
CVE-2018-12028
PUBLISHED: 2018-06-17
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an e...
CVE-2018-12029
PUBLISHED: 2018-06-17
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12071
PUBLISHED: 2018-06-17
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.