Network Computing Dark Reading

Advertise

Risk

News & Commentary

New Malware Campaign Targets Job Seekers

Quick Hits

LinkedIn profiles provide a persistent, patient threat actor with the information required to craft spear-phishing messages.

By Dark Reading Staff , 2/22/2019

0 comments | Read | Post a Comment

New Legislation Builds on California Data Breach Law

Quick Hits

This bill requires businesses to notify consumers of compromised passport numbers and biometric data.

By Dark Reading Staff , 2/22/2019

3 comments | Read | Post a Comment

Latest Comment: RyanSepe, Instead of new legislation around loss of data, I think it would be more beneficial...

Cyber Extortionists Can Earn $360,000 a Year

Kelly Sheridan, Staff Editor, Dark Reading

News

Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.

By Kelly Sheridan Staff Editor, Dark Reading, 2/21/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Have to smile here. I am in a forensics unit for Malware at a major firm...

Insurer Offers GDPR-Specific Coverage for SMBs

News

Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.

By Jai Vijayan Freelance writer, 2/20/2019

0 comments | Read | Post a Comment

Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks

Quick Hits

A recent wave of cybercrime has targeted organizations with employees in Belgium, France, Germany, Poland, Romania, and Serbia.

By Dark Reading Staff , 2/20/2019

0 comments | Read | Post a Comment

The Anatomy of a Lazy Phish

Jordan Shakhsheer, Information Security Engineer, Bluestone Analytics

Commentary

A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.

By Jordan Shakhsheer Information Security Engineer, Bluestone Analytics, 2/20/2019

0 comments | Read | Post a Comment

'Formjacking' Compromises 4,800 Sites Per Month. Could Yours Be One?

News

Cybercriminals see formjacking as a simple opportunity to take advantage of online retailers – and all they need is a small piece of JavaScript.

By Kelly Sheridan Staff Editor, Dark Reading, 2/20/2019

0 comments | Read | Post a Comment

6 Tax Season Tips for Security Pros

Here are some practical ways to keep your company safe as Uncle Sam comes calling.

By Steve Zurier Freelance Writer, 2/19/2019

0 comments | Read | Post a Comment

Privacy Ops: The New Nexus for CISOs & DPOs

Amit Ashbel, Security Evangelist, Cognigo

Commentary

No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.

By Amit Ashbel Security Evangelist, Cognigo, 2/18/2019

1 Comment | Read | Post a Comment

Latest Comment: Vincent Bureau, Good understanding of the culture and privacy operations. Agree with the Privacy...

Staffing Shortage Makes Vulnerabilities Worse

Quick Hits

Businesses don't have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute.

By Dark Reading Staff , 2/15/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Again, why would anyone go INTO IT as a career choice to start with when you...

Post-Quantum Crypto Standards Aren’t All About the Math

Ericka Chickowski, Contributing Writer, Dark Reading

News

The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.

By Ericka Chickowski Contributing Writer, Dark Reading, 2/15/2019

0 comments | Read | Post a Comment

Valentine's Emails Laced with Gandcrab Ransomware

News

In the weeks leading up to Valentine's Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails.

By Kelly Sheridan Staff Editor, Dark Reading, 2/14/2019

2 comments | Read | Post a Comment

Latest Comment: BogdanSTORM, I had an encounter this week with Grandcrab 5.1 and unfortunately not even...

How to Create a Dream Team for the New Age of Cybersecurity

Commentary

When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.

By Gaurav Banga Founder and CEO, Balbix, 2/14/2019

0 comments | Read | Post a Comment

Security Spills: 9 Problems Causing the Most Stress

Security practitioners reveal what's causing them the most frustration in their roles.

By Kelly Sheridan Staff Editor, Dark Reading, 2/14/2019

0 comments | Read | Post a Comment

Scammers Fall in Love with Valentine's Day

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/13/2019

0 comments | Read | Post a Comment

Lessons Learned from a Hard-Hitting Security Review

Jaspreet Singh, founder and CEO of Druva

Commentary

Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.

By Jaspreet Singh founder and CEO of Druva, 2/13/2019

0 comments | Read | Post a Comment

Up to 100,000 Reported Affected in Landmark White Data Breach

News

Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.

By Kelly Sheridan Staff Editor, Dark Reading, 2/12/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Now whoever came up with this brilliant logic should be fired on the spot. ...

Identifying, Understanding & Combating Insider Threats

Ilan Paretsky, Chief Marketing Officer of Ericom

Commentary

Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?

By Ilan Paretsky Chief Marketing Officer of Ericom, 2/12/2019

0 comments | Read | Post a Comment

Malware Campaign Hides Ransomware in Super Mario Wrapper

Quick Hits

A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.

By Dark Reading Staff , 2/8/2019

5 comments | Read | Post a Comment

Latest Comment: t_madison, This is an interesting point of view.

4 Payment Security Trends for 2019

Ellen Richey, Vice Chairman and Chief Risk Officer, Visa

Commentary

Visa's chief risk officer anticipates some positive changes ahead.

By Ellen Richey Vice Chairman and Chief Risk Officer, Visa, 2/7/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by karrel

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by karrel

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by RyanSepe

Instead of new legislation around loss of data, I think it would be more beneficial to impose more stringent requirements to perform business with sensitive data. Mandatory: Segment your data, encrypt your data, rotate your...

In reply to: Systemic Change
Post Your Own Reply

Posted by RyanSepe

I would have to agree. Unfortunately legislation is not a hard fix. More of bureaucratic red tape really. Not really all that effective to invoking beneficial change.

In reply to: Re: RIGHT - Pass a law, that will fix it
Post Your Own Reply

Posted by REISEN1955

Always a law, that does the trick - right? No, would wager that data breech situations will be managed by corporate stupid protocol - deny, deny and open up only a bit, deny more and stall until somebody gets hammered...

In reply to: RIGHT - Pass a law, that will fix it
Post Your Own Reply

Posted by REISEN1955

There was a time when I had no FB account at all. Nothing. No one came into my office to put a gun against my head and ordered me to open one up. I did it on my own and generally visit family, friends and...

In reply to: Re: Who is to be blamed?
Post Your Own Reply

Posted by CameronRobertson

Facebook has a lot to answer to in all of its recent security and privacy breaches. To think that all of that hoo-ha has been going on for so long before they actually confessed that they were aware of what was going on?...

In reply to: All that espionage
Post Your Own Reply

Posted by REISEN1955

Have to smile here. I am in a forensics unit for Malware at a major firm and my salary is well below the norm quoted herein. WTF? I am in the wrong job field - LOL Of course JAIL is also a condition...

In reply to: Wrong profession
Post Your Own Reply

Posted by MarcM

We won't cut you loose as long as you don't slow us down!

In reply to: Business drag
Post Your Own Reply

Posted by michaelmaloney

Sometimes consumers are just too complacent about the ready benefits that are being laid out in front of them. Every individual surely knows how to take advantage of each and every single one of them without considering...

In reply to: Too complacent too dangerous
Post Your Own Reply

Posted by acampbell448

Security? Our motto is Move Fast and Break things.

In reply to: Move Fast
Post Your Own Reply

Posted by MeeraSK

Please check on iiot-world website about the definition of IoT and IIoT. Couldn't share a link because of the current restriction.

In reply to: Do connected home appliances really fall under IoTs ?
Post Your Own Reply

More Conversations

Products & Releases

Prevalent Announces New CEO, Expands Leadership Team with 3 New C-Suite Positions

Tripwire IP360 Now Discovers More Than 200,000 Conditions

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

Global Cooperation And Regulation Key In Addressing Multilayered Threats Posed By New Technology

Eurofins Digital Testing Launches Cyber Security Division

New Research from eSentire Finds Only 30 Percent of Firms are Confident They Can Avoid a Major Security Event in the Next Two Years

CMMI Institute Updates Cybermaturity Platform with Practices to Build Cybersecurity Resilience

Smarsh Survey Reveals Financial Firms Looking for Communications Risks in the Wrong Places

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

New Legislation Builds on California Data Breach Law

Dark Reading Staff 2/22/2019

New Free Tool Scans for Chrome Extension Safety

Dark Reading Staff 2/21/2019

Making the Case for a Cybersecurity Moon Shot

Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer, 2/19/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

White Papers

[SANS] The Need for Speed: Integrated Threat Response

2018 Cyberthreat Defense Report

[Report] The Evolution of the Secure Software Lifecycle

[ESG Report] Endpoint Security Must Include Rapid Query & Remediation Capabilities

Want to Stay In Front of Breaches? Train Like The Marines.

More White Papers

Video

All Risk Videos

Cartoon

Latest Comment: We won't cut you loose as long as you don't slow us down!

Cartoon Archive

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Attacking the Cybersecurity Problem

Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.

Download Now!

How Enterprises Are Using IT Threat Intelligence

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-9040
PUBLISHED: 2019-02-23

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.

CVE-2019-9041
PUBLISHED: 2019-02-23

An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.

CVE-2019-9042
PUBLISHED: 2019-02-23

An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php.

CVE-2014-10078
PUBLISHED: 2019-02-23

Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.

CVE-2014-10079
PUBLISHED: 2019-02-23

In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.

Terms of Service
Privacy Statement
Legal Entities