Risk

News & Commentary
Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed
Dark Reading Staff, Quick Hits
Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.
By Dark Reading Staff , 11/13/2018
Comment0 comments  |  Read  |  Post a Comment
Getting to Know Magecart: An Inside Look at 7 Groups
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims.
By Kelly Sheridan Staff Editor, Dark Reading, 11/13/2018
Comment0 comments  |  Read  |  Post a Comment
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360Commentary
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
By Shay Colson CISSP, Senior Manager, CyberClarity360, 11/13/2018
Comment0 comments  |  Read  |  Post a Comment
Google Traffic Temporarily Rerouted via Russia, China
Kelly Sheridan, Staff Editor, Dark ReadingNews
The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.
By Kelly Sheridan Staff Editor, Dark Reading, 11/13/2018
Comment0 comments  |  Read  |  Post a Comment
2018 on Track to Be One of the Worst Ever for Data Breaches
Jai Vijayan, Freelance writerNews
A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone.
By Jai Vijayan Freelance writer, 11/12/2018
Comment0 comments  |  Read  |  Post a Comment
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark ReadingNews
Facebook and Synack create programs to educate vets and grow employment opportunities while shrinking the cybersecurity talent gap.
By Kelly Sheridan Staff Editor, Dark Reading, 11/12/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Cool New Security Tools to be Revealed at Black Hat Europe
Ericka Chickowski, Contributing Writer, Dark Reading
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/12/2018
Comment0 comments  |  Read  |  Post a Comment
Cyberattacks Top Business Risks in North America, Europe, EAP
Dark Reading Staff, Quick Hits
The World Economic Forum reports cyberattacks are a top enterprise concern following WannaCry and the rise of e-commerce.
By Dark Reading Staff , 11/12/2018
Comment0 comments  |  Read  |  Post a Comment
'CARTA': A New Tool in the Breach Prevention Toolbox
Christopher Acton, VP, Security Services and Customer Success, RiskSenseCommentary
Gartner's continuous adaptive risk and trust assessment for averting a data breach addresses the shortcomings of static security programs.
By Christopher Acton VP, Security Services and Customer Success, RiskSense, 11/12/2018
Comment0 comments  |  Read  |  Post a Comment
Inside CSAW, a Massive Student-Led Cybersecurity Competition
Kelly Sheridan, Staff Editor, Dark ReadingNews
Nearly 400 high school, undergraduate, and graduate students advance to the final round of New York University's CSAW games.
By Kelly Sheridan Staff Editor, Dark Reading, 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
Dropbox Teams with Israeli Security Firm Coronet
Dark Reading Staff, Quick Hits
The partnership is expected to improve threat detection for Dropbox while growing Coronet's user base.
By Dark Reading Staff , 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
What You Should Know About Grayware (and What to Do About It)
Curtis Franklin Jr., Senior Editor at Dark Reading
Grayware is a tricky security problem, but there are steps you can take to defend your organization when you recognize the risk.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
Michael Fabian, Principal Security Consultant, SynopsysCommentary
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.
By Michael Fabian Principal Security Consultant, Synopsys, 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft's Brad Smith calls on nations and businesses to work toward "digital peace" and acknowledge the effects of cybercrime.
By Kelly Sheridan Staff Editor, Dark Reading, 11/8/2018
Comment3 comments  |  Read  |  Post a Comment
Banking Malware Takes Aim at Brazilians
Dark Reading Staff, Quick Hits
Two malware distribution campaigns are sending banking Trojans to customers of financial institutions in Brazil.
By Dark Reading Staff , 11/8/2018
Comment0 comments  |  Read  |  Post a Comment
Finding Gold in the Threat Intelligence Rush
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers sift through millions of threat intel observations to determine where to best find valuable threat data.
By Kelly Sheridan Staff Editor, Dark Reading, 11/7/2018
Comment0 comments  |  Read  |  Post a Comment
'PortSmash' Brings New Side-Channel Attack to Intel Processors
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
New vulnerability exposes encryption keys in the first proof-of-concept code.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/6/2018
Comment1 Comment  |  Read  |  Post a Comment
Most Businesses to Add More Cloud Security Tools
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cloud adoption drives organizations to spend in 2019 as they learn traditional security practices can't keep up.
By Kelly Sheridan Staff Editor, Dark Reading, 11/6/2018
Comment0 comments  |  Read  |  Post a Comment
Thoma Bravo Buys Veracode
Kelly Sheridan, Staff Editor, Dark ReadingNews
Broadcom will sell Veracode, acquired last year by CA, for $950M to Thoma Bravo as it broadens its security portfolio.
By Kelly Sheridan Staff Editor, Dark Reading, 11/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Worst Malware and Threat Actors of 2018
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Two reports call out the most serious malware attacks and attackers of the year (so far).
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/2/2018
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by janjikiu
Current Conversations very nice
In reply to: very nice
Post Your Own Reply
More Conversations
PR Newswire
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16470
PUBLISHED: 2018-11-13
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
CVE-2018-16471
PUBLISHED: 2018-11-13
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to a...
CVE-2018-6980
PUBLISHED: 2018-11-13
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they...
CVE-2018-17614
PUBLISHED: 2018-11-13
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from th...
CVE-2018-8009
PUBLISHED: 2018-11-13
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.