Advertise

Risk

News & Commentary

Active Third-Party Content the Bane of Web Security

Ericka Chickowski, Contributing Writer, Dark Reading

News

New reports shows many of the world's most popular sites serve up active content from risky sources.

By Ericka Chickowski Contributing Writer, Dark Reading, 8/16/2018

0 comments | Read | Post a Comment

Overcoming 'Security as a Silo' with Orchestration and Automation

Commentary

When teams work in silos, the result is friction and miscommunication. Automation changes that.

By Jen Andre Senior Director at Rapid7, 8/16/2018

0 comments | Read | Post a Comment

Intel Reveals New Spectre-Like Vulnerability

Curtis Franklin Jr., Senior Editor at Dark Reading

News

A new side-channel speculative execution vulnerability takes aim at a different part of the CPU architecture than similar vulnerabilities that came before it.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/15/2018

2 comments | Read | Post a Comment

Latest Comment: tdsan, It is interesting how companys try to save face when someone from the outside...

2018 Pwnie Awards: Who Pwned, Who Got Pwned

A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.

By Kelly Sheridan Staff Editor, Dark Reading, 8/15/2018

0 comments | Read | Post a Comment

Instagram Hack: Hundreds Affected, Russia Suspected

Quick Hits

Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.

By Dark Reading Staff , 8/15/2018

1 Comment | Read | Post a Comment

Latest Comment: AdelaidaP, It is always Russia for the last decade... This is geting suspicious.

Flaws in Mobile Point of Sale Readers Displayed at Black Hat

News

While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/14/2018

0 comments | Read | Post a Comment

Microsoft ADFS Vulnerability Lets Attackers Bypass MFA

News

The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.

By Kelly Sheridan Staff Editor, Dark Reading, 8/14/2018

1 Comment | Read | Post a Comment

Latest Comment: tdsan, I enjoyed reading the post, it seems that ADFS has some issues but it if someone...

'Election Protection' Aims to Secure Candidates Running for Office

Quick Hits

The kit is designed to prevent credential theft targeting people running for federal, state, and local elected offices.

By Dark Reading Staff , 8/14/2018

0 comments | Read | Post a Comment

Hacker Unlocks 'God Mode' and Shares the 'Key'

News

At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2018

0 comments | Read | Post a Comment

Social Engineers Show Off Their Tricks

News

Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.

By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2018

0 comments | Read | Post a Comment

NSA Brings Nation-State Details to DEF CON

News

Hackers were eager to hear the latest from the world of nation-state cybersecurity.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/10/2018

0 comments | Read | Post a Comment

Oh, No, Not Another Security Product

Paul Stokes, Founder & CEO of Prevalent AI

Commentary

Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.

By Paul Stokes Founder & CEO of Prevalent AI, 8/9/2018

1 Comment | Read | Post a Comment

Latest Comment: njtrout, Couldn't agree more, However, 30+ years of product development in the security...

Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push

News

Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.

By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018

6 comments | Read | Post a Comment

Latest Comment: BrianN060, You both make some valid points; but I think the choice of vendors is less...

Manufacturing Industry Experiencing Higher Incidence of Cyberattacks

News

New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.

By Ericka Chickowski Contributing Writer, Dark Reading, 8/8/2018

0 comments | Read | Post a Comment

Expect API Breaches to Accelerate

News

APIs provide the digital glue that binds apps, cloud resources, app services and data all together — and they're increasingly an appsec security threat.

By Ericka Chickowski Contributing Writer, Dark Reading, 8/7/2018

0 comments | Read | Post a Comment

Shadow IT: Every Company's 3 Hidden Security Risks

Adam Marre, Information Security Operations Leader, Qualtrics

Commentary

Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.

By Adam Marre Information Security Operations Leader, Qualtrics, 8/7/2018

1 Comment | Read | Post a Comment

Latest Comment: BrianN060, Fine article from a veteran cybersecurity professional about an aspect that...

Google Details Tech Built into Shielded VMs

News

Specialized virtual machines, recently released in beta mode, ensure cloud workloads haven't been compromised.

By Kelly Sheridan Staff Editor, Dark Reading, 8/6/2018

0 comments | Read | Post a Comment

Mastering MITRE's ATT&CK Matrix

This breakdown of Mitre's model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/6/2018

3 comments | Read | Post a Comment

Latest Comment: Kunchen, This is indeed a very good post. I enjoyed reading and I see a sequel...

FBI Offers New IoT Security Tips

Quick Hits

A new article from the FBI offers insight into IoT risks and ways to reduce them.

By Dark Reading Staff , 8/3/2018

0 comments | Read | Post a Comment

Multifactor Acquisition: Cisco Plans to Buy Duo for $2.35B

News

Cisco intends to use Duo's authentication technology to ramp up security across hybrid and multicloud environments.

By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by tdsan

I enjoyed reading the post, it seems that ADFS has some issues but it if someone with the right influence, money, and power wanted to make a go at getting a person's credentials, they could. So this goes beyond the ADFS...

In reply to: Very good article
Post Your Own Reply

Posted by tdsan

It is interesting how companys try to save face when someone from the outside identified this vulnerability or the Spectre vulnerability. It seems that my trust in Intel has diminished. I will provide examples: 1. This...

In reply to: Really, was it already there and we just did not know about it
Post Your Own Reply

Posted by REISEN1955

Much of the architecture of contemporary systems still hold their lines back to the original IBM-AT 286 processor and config. It was such a solid standard that everything today is still flagged back to it and the original...

In reply to: Interesting note for history
Post Your Own Reply

Posted by AdelaidaP

It is always Russia for the last decade... This is geting suspicious.

In reply to: suspicious
Post Your Own Reply

Posted by cbear42

My concern is that there seems to be a "throw their hands in the air" approach from most development teams and in the industry when it comes to trying to ensure that employees don't make a bad security choice. They have...

In reply to: Complete Agreement on this one. . .
Post Your Own Reply

Posted by BanduraCSO

This article hits on a number of important points. Part of this is basic cyber hygiene practices and it's not clear to me why the election networks themselves should be connected to the public Internet. Threat...

In reply to: Threat Intelligence
Post Your Own Reply

Posted by BrianN060

You both make some valid points; but I think the choice of vendors is less free than assumed. There are certainly restrictions in the corporate and academic environments (some choices are not allowed, others forced...

In reply to: Re: Internet bullying.
Post Your Own Reply

Posted by BrianN060

There are just too many self-serving motivations for any individuals or corporate, political or activist entities, to be trusted with being the guardians of the cyber-universe, to dictate what is or isn't moral, ethical...

In reply to: Re: Who decides?
Post Your Own Reply

Posted by dmatos123

I guess we'll agree to disagree on this. My thoughts on a browser update regarding a security alert doesn't amount to bullying. Users are free to download and use any other browser besides chrome. If, on...

In reply to: Re: Internet bullying.
Post Your Own Reply

Posted by benmajece

This article will be useful to read for students! I've learned a lot of new info about securiy here

In reply to: My opinion
Post Your Own Reply

Posted by BPID

It is not the site which is insecure, but the communucations: from your browser to that site which, by the way Google is monitoring and deciding good/bad. Reality is the internet is not secure. We see daily sites and large...

In reply to: Re: Internet bullying.
Post Your Own Reply

Posted by Kunchen

This is indeed a very good post. I enjoyed reading and I see a sequel in the future? "What happens after C&C?" At least from a an IR, CIRT, or from a security team's perspective. Lessons learned? Controls review?...

In reply to: Good post
Post Your Own Reply

More Conversations

Products & Releases

Exabeam Raises $50 Million in Series D, Targets SIEM Market

Imperva Completes the Acquisition of Prevoty

Venafi Study: 93% of Security Professionals Say Election Infrastructure Is at Risk

Retail Cyber Intelligence Sharing Center (R-CISC) Forms Advisory Council

Research Reveals Major Insider Threat Disconnect in the Workplace: ObserveIT

Jumio’s Netverify® Solutions Win Gold and Bronze in Security Software

ISACA and SecurityScorecard Define Questions to Implement Continuous Assurance for Data

BitSight Raises $60 Million in Series D Funding Led by Warburg Pincus

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms

Kelly Jackson Higgins, Executive Editor at Dark Reading, 8/14/2018

Intel Reveals New Spectre-Like Vulnerability

Curtis Franklin Jr., Senior Editor at Dark Reading, 8/15/2018

Instagram Hack: Hundreds Affected, Russia Suspected

Dark Reading Staff 8/15/2018

Live Events

Webinars

More UBM Tech
Live Events

INsecurity Conference - An Event Like No Other

Black Hat Trainings - October 22 & 23

Are You Looking to Learn About New Cybersecurity Threats & Challenges? Then INsecurity Is For You!

White Papers

Cybersecurity Challenges for State and Local Governments

Gamer Theory of Threat Hunting

ESG Report: Endpoint Security Must Include Rapid Query and Remediation Capabilities

Protecting Against the Top 5 Attack Vectors

App Security: Getting the Board Onboard

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: I'll need you to first enable Android's option to install programs from unknown sources.

Cartoon Archive

Current Issue

The Biggest Cybersecurity Breaches of 2018 (So Far)

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of IT and Cybersecurity

IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!

Download Now!

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-13435
PUBLISHED: 2018-08-16

** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...

CVE-2018-13446
PUBLISHED: 2018-08-16

** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...

CVE-2018-14567
PUBLISHED: 2018-08-16

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

CVE-2018-15122
PUBLISHED: 2018-08-16

An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.

CVE-2018-11509
PUBLISHED: 2018-08-16

ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.

Terms of Service
Privacy Statement
Legal Entities