Risk

News & Commentary
Four New Vulnerabilities in Phoenix Contact Industrial Switches
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
AppSec in the World of 'Serverless'
Boris Chen, Co-founder and VP Engineering, tCell, Inc.Commentary
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
By Boris Chen Co-founder and VP Engineering, tCell, Inc., 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Cisco CPO: Privacy Is Not About Secrecy or Compliance
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Michelle Dennedy sat down with Dark Reading at the recent Cisco Live event to set the record straight about privacy, regulation, encryption, and more.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
'Wallchart' Phishing Campaign Exploits World Cup Watchers
Kelly Sheridan, Staff Editor, Dark ReadingNews
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
3 Tips for Driving User Buy-in to Security Policies
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Security Ratings Answer Big Questions in Cyber Insurance
Kelly Sheridan, Staff Editor, Dark ReadingNews
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
By Kelly Sheridan Staff Editor, Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
How the security industry can both make money and stay true to its core values, and why that matters.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 6/11/2018
Comment3 comments  |  Read  |  Post a Comment
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
Kelly Sheridan, Staff Editor, Dark ReadingNews
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
DevSecOps Gains Enterprise Traction
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Enterprise adoption of DevSecOps has surged in the past year, according to a study conducted at this year's RSA Conference.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
In Pursuit of Cryptography's Holy Grail
Ellison Anne Williams, Founder and CEO of EnveilCommentary
Homomorphic encryption eliminates the need for data exposure at any point something that certainly would be welcome these days.
By Ellison Anne Williams Founder and CEO of Enveil, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
Survey Shows Florida at the Bottom for Consumer Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/6/2018
Comment0 comments  |  Read  |  Post a Comment
Tax-Season Malware Campaign Delivers Trojan Via Email
Dark Reading Staff, Quick Hits
A new example of a long-term phenomenon delivers a banking trojan via a downloader activated by a URL in a phishing email.
By Dark Reading Staff , 6/6/2018
Comment0 comments  |  Read  |  Post a Comment
Panorays Debuts With $5 Million Investment
Dark Reading Staff, Quick Hits
Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.
By Dark Reading Staff , 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
The Breach Disclosure Double Standard
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Cybersecurity pros expect to be notified immediately when they're breached, but most don't do the same and some even cover up breaches.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Launches Second INsecurity Conference
Tim Wilson, Editor in Chief, Dark Reading, News
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
By Tim Wilson, Editor in Chief, Dark Reading , 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Ken Mills, General Manager of IoT, Surveillance and Security, Dell EMCCommentary
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
By Ken Mills General Manager of IoT, Surveillance and Security, Dell EMC, 6/4/2018
Comment0 comments  |  Read  |  Post a Comment
Google Groups Misconfiguration Exposes Corporate Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.
By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
Telegram: Apple Has Blocked Updates since April
Dark Reading Staff, Quick Hits
Telegram founder and chief executive Pavel Durov claims the messaging service has not been able to make technical updates anywhere in the world.
By Dark Reading Staff , 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
New Federal Report Gives Guidance on Beating Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/31/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12633
PUBLISHED: 2018-06-22
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (...
CVE-2018-12634
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
CVE-2018-12635
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.
CVE-2018-12630
PUBLISHED: 2018-06-21
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
CVE-2018-12631
PUBLISHED: 2018-06-21
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.