Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

Risk

News & Commentary
Enterprise Malware Detections Up 79% as Attackers Refocus
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report on the state of malware shows a spike in B2B malware, with former banking Trojans Emotet and TrickBot topping the list.
By Kelly Sheridan Staff Editor, Dark Reading, 1/23/2019
Comment0 comments  |  Read  |  Post a Comment
Real-World Threats That Trump Spectre & Meltdown
Curtis Franklin Jr., Senior Editor at Dark Reading
New side-channel attacks are getting lots of attention, but other more serious threats should top your list of threats.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/22/2019
Comment0 comments  |  Read  |  Post a Comment
2018's Most Common Vulnerabilities Include Issues New and Old
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/18/2019
Comment0 comments  |  Read  |  Post a Comment
PCI Council Releases New Software Framework for DevOps Era
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/18/2019
Comment0 comments  |  Read  |  Post a Comment
The Rx for HIPAA Compliance in the Cloud
Jason Polancich, CEO, MusubuCommentary
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
By Jason Polancich CEO, Musubu, 1/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.
By Sara Peters Senior Editor at Dark Reading, 1/17/2019
Comment3 comments  |  Read  |  Post a Comment
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard TechnologiesCommentary
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
By Ricardo Arroyo Senior Technical Product Manager, Watchguard Technologies, 1/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Report: Bots Add Volume to Account Takeover Attacks
Dark Reading Staff, Quick Hits
Bots that can launch hundreds of attacks per second are making account takeover fraud more difficult to defend against.
By Dark Reading Staff , 1/15/2019
Comment1 Comment  |  Read  |  Post a Comment
Online Fraud: Now a Major Application Layer Security Problem
Ting-Fang Yen, Research Scientist, DataVisor, Inc.Commentary
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
By Ting-Fang Yen Research Scientist, DataVisor, Inc., 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
Why Cyberattacks Are the No. 1 Risk
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The paradigm shift toward always-on IT requires business leaders to rethink their defense strategy.
By Marc Wilczek Digital Strategist & CIO Advisor, 1/15/2019
Comment2 comments  |  Read  |  Post a Comment
Radiflow: New Approach for Classifying OT Attack Flaws
Dark Reading Staff, Quick Hits
The firm says risk assessment should begin with understanding attacker taxonomy and continue with vulnerability analysis.
By Dark Reading Staff , 1/14/2019
Comment0 comments  |  Read  |  Post a Comment
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
By Eyal Benishti CEO & Founder of IRONSCALES, 1/14/2019
Comment1 Comment  |  Read  |  Post a Comment
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
Among the problems: TLS certificates are expiring and websites are becoming inaccessible.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/11/2019
Comment2 comments  |  Read  |  Post a Comment
Who Takes Responsibility for Cyberattacks in the Cloud?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new CSA report addresses the issue of breach responsibility as more organizations move ERP application data the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 1/11/2019
Comment2 comments  |  Read  |  Post a Comment
New Software Side-Channel Attack Raises Risk for Captured Crypto
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The new attack hits operating systems, not chips, and may give criminals the keys to a company's cryptography.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Ryuk Ransomware Attribution May Be Premature
Kelly Sheridan, Staff Editor, Dark ReadingNews
The eagerness to tie recent Ryuk ransomware attacks to a specific group could be rushed, researchers say.
By Kelly Sheridan Staff Editor, Dark Reading, 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Election Security Isn't as Bad as People Think
Suzanne Spaulding, Former DHS Under Secretary and Nozomi Networks AdviserCommentary
Make no mistake, however: We'll always have to be on guard. And we can take some lessons from the world of industrial cybersecurity.
By Suzanne Spaulding Former DHS Under Secretary and Nozomi Networks Adviser, 1/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Google: G Suite Now Alerts Admins to Data Exfiltration
Dark Reading Staff, Quick Hits
New additions to the G Suite alert center are intended to notify admins of phishing and data exports.
By Dark Reading Staff , 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
6 Best Practices for Managing an Online Educational Infrastructure
Jamie Smith & Larry Schwarberg, Chief Information Officer; Chief Information Security Officer for University of PhoenixCommentary
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.
By Jamie Smith & Larry Schwarberg Chief Information Officer; Chief Information Security Officer for University of Phoenix, 1/10/2019
Comment2 comments  |  Read  |  Post a Comment
Security Concerns Limit Remote Work Opportunities
Dark Reading Staff, Quick Hits
When companies limit the remote work options that they know will benefit the organization, security concerns are often to blame.
By Dark Reading Staff , 1/9/2019
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by sharmapriya
Current Conversations I really like your work...
In reply to: Very Nice
Post Your Own Reply
More Conversations
Products & Releases
More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report
Global Cooperation And Regulation Key In Addressing Multilayered Threats Posed By New Technology
Eurofins Digital Testing Launches Cyber Security Division
New Research from eSentire Finds Only 30 Percent of Firms are Confident They Can Avoid a Major Security Event in the Next Two Years
CMMI Institute Updates Cybermaturity Platform with Practices to Build Cybersecurity Resilience
Smarsh Survey Reveals Financial Firms Looking for Communications Risks in the Wrong Places
Carbonite Introduces Comprehensive Data Protection for Virtual and Physical Servers
60% of IT Security Professionals Looking to Leave Current Job: Mondo
More Products & Releases
PR Newswire
How Cybercriminals Clean Their Dirty Money
Alexon Bell, Global Head of AML & Compliance, Quantexa,  1/22/2019
Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation
Sara Peters, Senior Editor at Dark Reading,  1/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6707
PUBLISHED: 2019-01-23
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.
CVE-2019-6708
PUBLISHED: 2019-01-23
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.
CVE-2019-6706
PUBLISHED: 2019-01-23
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
CVE-2017-15720
PUBLISHED: 2019-01-23
In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.
CVE-2017-17835
PUBLISHED: 2019-01-23
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.