Risk

News & Commentary
Flaws in Mobile Point of Sale Readers Displayed at Black Hat
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
Kelly Sheridan, Staff Editor, Dark ReadingNews
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
By Kelly Sheridan Staff Editor, Dark Reading, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
'Election Protection' Aims to Secure Candidates Running for Office
Dark Reading Staff, Quick Hits
The kit is designed to prevent credential theft targeting people running for federal, state, and local elected offices.
By Dark Reading Staff , 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Hacker Unlocks 'God Mode' and Shares the 'Key'
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Social Engineers Show Off Their Tricks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
NSA Brings Nation-State Details to DEF CON
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
Oh, No, Not Another Security Product
Paul Stokes, Founder & CEO of Prevalent AICommentary
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
By Paul Stokes Founder & CEO of Prevalent AI, 8/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018
Comment6 comments  |  Read  |  Post a Comment
Manufacturing Industry Experiencing Higher Incidence of Cyberattacks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
Expect API Breaches to Accelerate
Ericka Chickowski, Contributing Writer, Dark ReadingNews
APIs provide the digital glue that binds apps, cloud resources, app services and data all together and they're increasingly an appsec security threat.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/7/2018
Comment0 comments  |  Read  |  Post a Comment
Shadow IT: Every Company's 3 Hidden Security Risks
Adam Marre,  Information Security Operations Leader, QualtricsCommentary
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
By Adam Marre Information Security Operations Leader, Qualtrics, 8/7/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Details Tech Built into Shielded VMs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Specialized virtual machines, recently released in beta mode, ensure cloud workloads haven't been compromised.
By Kelly Sheridan Staff Editor, Dark Reading, 8/6/2018
Comment0 comments  |  Read  |  Post a Comment
Mastering MITRE's ATT&CK Matrix
Curtis Franklin Jr., Senior Editor at Dark Reading
This breakdown of Mitre's model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/6/2018
Comment3 comments  |  Read  |  Post a Comment
FBI Offers New IoT Security Tips
Dark Reading Staff, Quick Hits
A new article from the FBI offers insight into IoT risks and ways to reduce them.
By Dark Reading Staff , 8/3/2018
Comment0 comments  |  Read  |  Post a Comment
Multifactor Acquisition: Cisco Plans to Buy Duo for $2.35B
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cisco intends to use Duo's authentication technology to ramp up security across hybrid and multicloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways DevOps Can Supercharge Security
Ericka Chickowski, Contributing Writer, Dark Reading
Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
How GDPR Could Turn Privileged Insiders into Bribery Targets
Mark Coates, VP, EMEA, Dtex SystemsCommentary
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
By Mark Coates VP, EMEA, Dtex Systems, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
New Chrome Extension Alerts Users to Hacked Sites
Kelly Sheridan, Staff Editor, Dark ReadingNews
HackNotice leverages a database of 20,000 hacks to alert users when a site they visit has been compromised.
By Kelly Sheridan Staff Editor, Dark Reading, 8/1/2018
Comment1 Comment  |  Read  |  Post a Comment
48% of Customers Avoid Services Post-Data Breach
Dark Reading Staff, Quick Hits
Nearly all organizations hit with a security incident report a long-term negative impact on both revenue and consumer trust.
By Dark Reading Staff , 8/1/2018
Comment0 comments  |  Read  |  Post a Comment
Accidental Cryptojackers: A Tale of Two Sites
Patrick Ciavolella, Digital Security & Operations Director, The Media TrustCommentary
Why website operators need to know with whom they are doing business and how to close the loop on third-party vulnerabilities.
By Patrick Ciavolella Digital Security & Operations Director, The Media Trust, 7/31/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3937
PUBLISHED: 2018-08-14
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2018-3938
PUBLISHED: 2018-08-14
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST r...
CVE-2018-12537
PUBLISHED: 2018-08-14
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
CVE-2018-12539
PUBLISHED: 2018-08-14
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows,...
CVE-2018-3615
PUBLISHED: 2018-08-14
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.