Network Computing Dark Reading

Advertise

Risk

News & Commentary

Security Lessons from My Game Closet

Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA

Commentary

In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.

By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 3/22/2019

0 comments | Read | Post a Comment

Businesses Manage 9.7PB of Data but Struggle to Protect It

Kelly Sheridan, Staff Editor, Dark Reading

News

What's more, their attempts to secure it may be putting information at risk, a new report finds.

By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Facebook Employees for Years Could See Millions of User Passwords in Plain Text

Quick Hits

2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.

By Dark Reading Staff , 3/21/2019

3 comments | Read | Post a Comment

Latest Comment: REISEN1955, One of my managers once thought of a unique password, particularly if someone...

Microsoft Brings Defender Security Tools to Mac

News

Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.

By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019

0 comments | Read | Post a Comment

Google Photos Bug Let Criminals Query Friends, Location

News

The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.

By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2019

0 comments | Read | Post a Comment

The Insider Threat: It's More Common Than You Think

Raj Ananthanpillai, Chairman & CEO, Endera

Commentary

A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.

By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Hey - your job can be outrsourced in a moment after you train your replacement...

'Critical' Denial-of-Service Bug Patched in Facebook Fizz

Quick Hits

Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.

By Dark Reading Staff , 3/20/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, It's good to see bug bounty programs gaining traction. It is truly an advocation...

TLS 1.3: A Good News/Bad News Scenario

Paula Musich, Research Director, Enterprise Management Associates

Commentary

Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.

By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019

1 Comment | Read | Post a Comment

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019

0 comments | Read | Post a Comment

Stealing Corporate Funds Still Top Goal of Messaging Attacks

Robert Lemos, Technology Journalist/Data Researcher

News

Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.

By Robert Lemos , 3/19/2019

0 comments | Read | Post a Comment

New Europol Protocol Addresses Cross-Border Cyberattacks

Quick Hits

The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.

By Dark Reading Staff , 3/18/2019

0 comments | Read | Post a Comment

4 Reasons to Take an 'Inside Out' View of Security

Earl D. Matthews, Senior Vice President and Chief Strategy Officer at Verodin

Commentary

When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.

By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019

0 comments | Read | Post a Comment

The Case for Transparency in End-User License Agreements

Commentary

Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.

By Lysa Myers Security Researcher, ESET, 3/13/2019

0 comments | Read | Post a Comment

There May Be a Ceiling on Vulnerability Remediation

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/12/2019

0 comments | Read | Post a Comment

How the Best DevSecOps Teams Make Risk Visible to Developers

News

DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/12/2019

1 Comment | Read | Post a Comment

Latest Comment: The Governance Guru, This post couldnt have said it better to demonstrate the different things that...

Box Mistakes Leave Enterprise Data Exposed

Quick Hits

User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.

By Dark Reading Staff , 3/12/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, Amazon still makes this mistake with their S3 buckets. If a user is allowed...

Cybercriminals Think Small to Earn Big

Quick Hits

As the number of breaches increased 424% in 2018, the average breach size shrunk 4.7 times as attackers aimed for smaller, more vulnerable targets.

By Dark Reading Staff , 3/12/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, This line summarizes why perfectly: "Small and midsize businesses can't afford...

The 12 Worst Serverless Security Risks

Commentary

A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts.

By Ory Segal CTO, PureSec, 3/12/2019

0 comments | Read | Post a Comment

763M Email Addresses Exposed in Latest Database Misconfiguration Episode

News

MongoDB once again used by database admin who opens unencrypted database to the whole world.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/11/2019

1 Comment | Read | Post a Comment

Latest Comment: Cypher1, Unless you have been living under a rock for the last decade, it should come...

NSA, DHS Call for Info Sharing Across Public and Private Sectors

News

Industry leaders debate how government and businesses can work together on key cybersecurity issues.

By Kelly Sheridan Staff Editor, Dark Reading, 3/11/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by mohitb_120

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by REISEN1955

One of my managers once thought of a unique password, particularly if someone may be shoulder watching your screen: ******** True. Another user had just "guess: as a password and that drove me crazy fo...

In reply to: Re: This is the cloud - on secure passwords
Post Your Own Reply

Posted by RyanSepe

Very much agree with your parable. There is no reason the fact of FB having private data should be a surprise to anyone. "Secure Password" also feels like an oxymoron simply put, passwords are the least secure means of authenticating....

In reply to: Re: This is the cloud
Post Your Own Reply

Posted by REISEN1955

FB as discussed is a perfect illustration of the danger of cloud apps. I have long felt that the simple view of this platform is as a enormously huge long RJ-45 cable from your system-network over the internet to another...

In reply to: This is the cloud
Post Your Own Reply

Posted by Kamlesh-Singh-Bisht

Thanks for sharing this incredible article. It really helps Microsoft users regard their usage and benefits.

In reply to: Outlook Office for Mac is an revolution.
Post Your Own Reply

Posted by RyanSepe

It's good to see bug bounty programs gaining traction. It is truly an advocation towards good will. It incentivises the discovery of issues and advocates that they be fixed instead of trying to use that information for nefarious...

In reply to: Bug Bounty
Post Your Own Reply

Posted by REISEN1955

Hey - your job can be outrsourced in a moment after you train your replacement from India. BTW he is less expensive than you are. Hey, we would like 2 weeks notice if you decided to leave us but we can terminate...

In reply to: Let the employer value the employee
Post Your Own Reply

Posted by [email protected]

Can I simply just say what a comfort to find somebody that really knows what they're discussing on the internet. You definitely understand how to bring an issue to light and make it important. More and more people really...

In reply to: Nice and informative post
Post Your Own Reply

Posted by Mcmoore08

Interesting read and spot on with hackers posing as "tech support ' thanks! Michelle

In reply to: good article
Post Your Own Reply

Posted by RyanSepe

Amazon still makes this mistake with their S3 buckets. If a user is allowed to make a configuration that will raise their functionality at the expense of their security posture they will almost always do that. Even if they...

In reply to: Don't allow misconfiguration
Post Your Own Reply

Posted by RyanSepe

This line summarizes why perfectly: "Small and midsize businesses can't afford to take the same measures, as they have little to no security budgets and lack skills they need to defend against cybercrime" Security being...

In reply to: Low Spend-Hit the Nail on the Head
Post Your Own Reply

Posted by The Governance Guru

This post couldnt have said it better to demonstrate the different things that every DevSecOps practitioner should try to incorporate into their program. I think this will help further the "Security as Code" culture that...

In reply to: Comprehensive action items for DevSecOps practitioners
Post Your Own Reply

More Conversations

Products & Releases

OPAQ Awarded Patent for Cyber Risk Assessment Technology

TrueVault Launches TrueVault Atlas To Automate Aspects of GDPR Compliance

Industrial Internet Consortium Announces Practitioner's Guide for Assessing Maturity of IoT System Security

Prevalent Announces New CEO, Expands Leadership Team with 3 New C-Suite Positions

Tripwire IP360 Now Discovers More Than 200,000 Conditions

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

Global Cooperation And Regulation Key In Addressing Multilayered Threats Posed By New Technology

Eurofins Digital Testing Launches Cyber Security Division

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Crowdsourced vs. Traditional Pen Testing

Alex Haynes, Chief Information Security Officer, CDL, 3/19/2019

Facebook Employees for Years Could See Millions of User Passwords in Plain Text

Dark Reading Staff 3/21/2019

BEC Scammer Pleads Guilty

Dark Reading Staff 3/20/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

White Papers

Dark Reading Report Roundup

Organizing the Hunt for Cyber Threats with MITRE ATT&CK

[CISO Primer] How to Prioritize Cybersecurity Risks

The Advent of Advanced Network Traffic Analysis & Why it Matters

Cybersecurity for Digital Twins

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of Cyber Security Incident Response

Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-10016
PUBLISHED: 2019-03-25

GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.

CVE-2019-10018
PUBLISHED: 2019-03-25

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

CVE-2019-10019
PUBLISHED: 2019-03-25

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.

CVE-2019-10020
PUBLISHED: 2019-03-25

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.

CVE-2019-10021
PUBLISHED: 2019-03-25

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.

Terms of Service
Privacy Statement
Legal Entities