Network Computing Dark Reading

Advertise

Risk

News & Commentary

Mac Malware Cracks WatchGuard’s Top 10 List

News

Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.

By Steve Zurier Freelance Writer, 12/12/2018

0 comments | Read | Post a Comment

Battling Bots Brings Big-Budget Blow to Businesses

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/11/2018

0 comments | Read | Post a Comment

Equifax Breach Underscores Need for Accountability, Simpler Architectures

Robert Lemos, Technology Journalist/Data Researcher

News

A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'

By Robert Lemos Technology Journalist/Data Researcher, 12/11/2018

0 comments | Read | Post a Comment

Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack

Kelly Sheridan, Staff Editor, Dark Reading

News

Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.

By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018

0 comments | Read | Post a Comment

49% of Cloud Databases Left Unencrypted

News

Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.

By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018

0 comments | Read | Post a Comment

Grammarly Takes Bug Bounty Program Public

Quick Hits

The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.

By Dark Reading Staff , 12/11/2018

0 comments | Read | Post a Comment

How Well Is Your Organization Investing Its Cybersecurity Dollars?

Commentary

The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.

By Jack Jones Chairman, FAIR Institute, 12/11/2018

1 Comment | Read | Post a Comment

Latest Comment: tcorbeill, Security Instrumentation provides empirical evidence regarding security...

DanaBot Malware Adds Spam to its Menu

News

A new generation of modular malware increases its value to criminals.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/10/2018

0 comments | Read | Post a Comment

'Highly Active' Seedworm Group Hits IT Services, Governments

News

Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.

By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2018

0 comments | Read | Post a Comment

'Simplify Everything': Google Talks Container Security in 2019

News

Google Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.

By Kelly Sheridan Staff Editor, Dark Reading, 12/7/2018

0 comments | Read | Post a Comment

Bringing Compliance into the SecDevOps Process

Joe Ward, Senior Security Analyst, Bishop Fox

Commentary

Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.

By Joe Ward Senior Security Analyst, Bishop Fox, 12/6/2018

0 comments | Read | Post a Comment

Apple Issues Security Fixes Across Mac, iOS

Quick Hits

Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.

By Dark Reading Staff , 12/6/2018

0 comments | Read | Post a Comment

55% of Companies Don't Offer Mandatory Security Awareness Training

Quick Hits

Even those that provide employee training do so sparingly, a new study finds.

By Dark Reading Staff , 12/6/2018

0 comments | Read | Post a Comment

Google Cloud Security Command Center Now in Beta

News

The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.

By Kelly Sheridan Staff Editor, Dark Reading, 12/5/2018

0 comments | Read | Post a Comment

6 Ways to Strengthen Your GDPR Compliance Efforts

Companies have some mistaken notions about how to comply with the new data protection and privacy regulation – and that could cost them.

By Steve Zurier Freelance Writer, 12/5/2018

0 comments | Read | Post a Comment

Backdoors Up 44%, Ransomware Up 43% from 2017

News

Nearly one in three computers was hit with a malware attack this year, and ransomware and backdoors continue to pose a risk.

By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2018

0 comments | Read | Post a Comment

Jared, Kay Jewelers Web Vuln Exposes Shoppers' Data

Quick Hits

A Jared customer found he could access other orders by changing a link in his confirmation email.

By Dark Reading Staff , 12/4/2018

0 comments | Read | Post a Comment

Microsoft, Mastercard Aim to Change Identity Management

News

A new partnership wants to improve how people use and manage the virtual identities that govern their lives online.

By Kelly Sheridan Staff Editor, Dark Reading, 12/3/2018

8 comments | Read | Post a Comment

Latest Comment: tDi443, https://www.ccn.com/mastercard-applies-for-new-patent-for-anonymous-blockch...

Filling the Cybersecurity Jobs Gap – Now and in the Future

John DeSimone & Russ Schrader, VP, Cybersecurity & Special Missions, Raytheon; Executive Director, National Cyber Security Alliance

Commentary

Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.

By John DeSimone & Russ Schrader VP, Cybersecurity & Special Missions, Raytheon; Executive Director, National Cyber Security Alliance, 12/3/2018

0 comments | Read | Post a Comment

Holiday Hacks: 6 Cyberthreats to Watch Right Now

'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.

By Kelly Sheridan Staff Editor, Dark Reading, 11/30/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by HPERPER

Since we installed the new security system we have not lost a single security camera.

In reply to: Name That Toon: I Spy
Post Your Own Reply

Posted by Blaze007

"Rumor has it that if you try to review the security film, you'll get trapped in a honeypot!"

In reply to: Re: It's 'toon time again at Dark Reading!
Post Your Own Reply

Posted by tcorbeill

Security Instrumentation provides empirical evidence regarding security investments that enables executives to define metrics to capture the ROI of their security investments with quantifiable, evidence-based data.

In reply to: Security Instrumentation
Post Your Own Reply

Posted by ThomasMaloney

We have to be aware that every single process that we undertake comes with its own risks. This simply means that we cannot put a guarantee that what we are handling right now is 100% safe. We can be made aware by the many...

In reply to: Risks to take
Post Your Own Reply

Posted by ThomasMaloney

Honestly, I'm really not surprised at how many of these scam centres are popping up. It seems like every other day I'm getting a new type of phishing email or some other long lost aunt who wants to bequeath to me a few million...

In reply to: Recognization is key!
Post Your Own Reply

Posted by aarrowood

Huh, looks like someone took my "but who's going to watch the watchers?!?" comment too far...

In reply to: caption
Post Your Own Reply

Posted by BigDrD

New camera 2FA closed loop!

In reply to: New camera 2FA closed loop!
Post Your Own Reply

Posted by drypaint

CAM07: "CAM09, do you ever feel paranoid? Like someone is watching everything you do?" CAM09: "Sometimes CAM07, but then I remind myself that I really don't do anything worth watching."

In reply to: Cam07
Post Your Own Reply

Posted by tDi443

https://www.ccn.com/mastercard-applies-for-new-patent-for-anonymous-blockchain-transactions-a-regulated-bitcoin-tumbler/

In reply to: Re: BLOCKCHAIN
Post Your Own Reply

Posted by CameronRobertson

This piece of new research info serves as a platform for organizations to fully utilize what is being served to them to better their processes. They cannot wait out any longer if they do not wish for security implications...

In reply to: It is time to change
Post Your Own Reply

Posted by hungthaixa

I like this article. Thanks to that I understand a lot

In reply to: Good article
Post Your Own Reply

Posted by tDi443

It looks like they are going with AI based sevices for this program. I would be extremely leary of the possiblity for massive privacy abuses by these stakeholders. That's even if they can manage to keep it secure from the...

In reply to: Re: BLOCKCHAIN
Post Your Own Reply

More Conversations

Products & Releases

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

Global Cooperation And Regulation Key In Addressing Multilayered Threats Posed By New Technology

Eurofins Digital Testing Launches Cyber Security Division

New Research from eSentire Finds Only 30 Percent of Firms are Confident They Can Avoid a Major Security Event in the Next Two Years

CMMI Institute Updates Cybermaturity Platform with Practices to Build Cybersecurity Resilience

Smarsh Survey Reveals Financial Firms Looking for Communications Risks in the Wrong Places

Carbonite Introduces Comprehensive Data Protection for Virtual and Physical Servers

60% of IT Security Professionals Looking to Leave Current Job: Mondo

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

'PowerSnitch' Hacks Androids via Power Banks

Kelly Jackson Higgins, Executive Editor at Dark Reading, 12/8/2018

Higher Education: 15 Books to Help Cybersecurity Pros Be Better

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3

Dark Reading Staff 12/12/2018

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

White Papers

Fact vs. Fiction: Mobile Support

Know Your Unknowns With a Master IP Address List Audit

Discovering Your Total Cloud Footprint

Investigating Malware Threats Within your Network

Malware Review Q2-Q3 2018

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Since we installed the new security system we have not lost a single security camera.

Cartoon Archive

Current Issue

10 Best Practices That Could Reshape Your IT Security Department

This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Using IT Threat Intelligence

Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.

Download Now!

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-6706
PUBLISHED: 2018-12-12

Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.

CVE-2018-6705
PUBLISHED: 2018-12-12

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

CVE-2018-15717
PUBLISHED: 2018-12-12

Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.

CVE-2018-15718
PUBLISHED: 2018-12-12

Open Dental before version 18.4 transmits the entire user database over the network when a remote unathenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.

CVE-2018-15719
PUBLISHED: 2018-12-12

Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.

Terms of Service
Privacy Statement
Legal Entities