Network Computing Dark Reading

Advertise

Risk

News & Commentary

Cisco Issues 31 Mid-April Security Alerts

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Among them, two are critical and six are of high importance.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/18/2019

0 comments | Read | Post a Comment

Cloud Security Spend Set to Reach $12.6B by 2023

Kelly Sheridan, Staff Editor, Dark Reading

News

Growth corresponds with a greater reliance on public cloud services.

By Kelly Sheridan Staff Editor, Dark Reading, 4/18/2019

0 comments | Read | Post a Comment

The Cybersecurity Automation Paradox

Ericka Chickowski, Contributing Writer, Dark Reading

News

Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.

By Ericka Chickowski Contributing Writer, Dark Reading, 4/18/2019

0 comments | Read | Post a Comment

Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent

Quick Hits

The social media giant says it did not access the imported data and is notifying affected users.

By Dark Reading Staff , 4/18/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, How is Facebook still around? They consistently make these privacy blunders....

VPN Vulnerabilities Point Out Need for Comprehensive Remote Security

News

VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2019

0 comments | Read | Post a Comment

Tips for the Aftermath of a Cyberattack

News

Incident response demands technical expertise, but you can't fully recover without non-IT experts.

By Kelly Sheridan Staff Editor, Dark Reading, 4/17/2019

2 comments | Read | Post a Comment

Latest Comment: REISEN1955, I wrote this for humor but one helluva lot of it comes out of Experian and...

New Malware Campaign Targets Financials, Retailers

Quick Hits

The attack uses a legitimate remote access system as well as several families of malware.

By Dark Reading Staff , 4/17/2019

0 comments | Read | Post a Comment

Legacy Apps: The Security Risk Lurking in Dusty Corners

Tim Buntel, VP, Application Security Products, Threat Stack

Commentary

Four best practices to keep old code from compromising your enterprise environment.

By Tim Buntel VP, Application Security Products, Threat Stack, 4/17/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Every firm has a legacy system, one old Compaq Prolinea that has weird or ancient...

Inside the Dark Web's How-To Guides for Teaching Fraud

Quick Hits

A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.

By Dark Reading Staff , 4/17/2019

0 comments | Read | Post a Comment

Selecting the Right Strategy to Reduce Vulnerability Risk

Tim Erlin, VP of Product Management & Strategy at Tripwire

Commentary

There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.

By Tim Erlin VP of Product Management & Strategy at Tripwire, 4/17/2019

0 comments | Read | Post a Comment

7 Tips for an Effective Employee Security Awareness Program

Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.

By Jai Vijayan Freelance writer, 4/17/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, It is amazing how many security breach issues are directly related to phishing. ...

Security Audit Shows Gains, Though Privacy Lags

News

The 2018 Online Trust Audit shows that "encryption everywhere" is improving security, while fuzzy language is slowing privacy gains.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/16/2019

0 comments | Read | Post a Comment

Meet Scranos: New Rootkit-Based Malware Gains Confidence

News

The cross-platform operation, first tested on victims in China, has begun to spread around the world.

By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, This has to be sister of Thanos in the next Avenger's movie for 2025 releas...

Benefiting from Data Privacy Investments

Marc Wilczek, Digital Strategist & CIO Advisor

Commentary

GDPR-ready companies experience lower overall costs associated with data breaches, research finds.

By Marc Wilczek Digital Strategist & CIO Advisor, 4/16/2019

0 comments | Read | Post a Comment

IT Outsourcing Firm Wipro Investigates Data Breach

Quick Hits

Employee accounts may have been compromised in a sophisticated phishing campaign.

By Dark Reading Staff , 4/16/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, I spent 8 months before the mast with a Wipro-IBM client in 2016 to 2017 before...

New Details Emerge on Windows Zero Day

News

The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.

By Kelly Sheridan Staff Editor, Dark Reading, 4/15/2019

0 comments | Read | Post a Comment

CERT, CISA Warn of Vuln in at Least 4 Major VPNs

Quick Hits

VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.

By Dark Reading Staff , 4/12/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, "exfiltrates the cookie using other methods" I would deem the most probable....

This Week in Security Funding: Where the Money Went

News

Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.

By Kelly Sheridan Staff Editor, Dark Reading, 4/12/2019

0 comments | Read | Post a Comment

Home Office Apologizes for EU Citizen Data Exposure

Quick Hits

The Home Office has admitted to compromising private email addresses belonging to EU citizens hoping to settle in the UK.

By Dark Reading Staff , 4/12/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, Facepalm. If the individuals on that list want to salvage their personal emails...

'Dragonblood' Vulnerabilities Seep Into WPA3 Secure Wifi Handshake

News

A new set of vulnerabilities may put some early adopters of strong Wifi security at greater security risk.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/11/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by RyanSepe

How is Facebook still around? They consistently make these privacy blunders. I posit that they will not be around, at least in this form in the next two decades, at least not in the form they currently hold. Most Gen Y...

In reply to: Facebook
Post Your Own Reply

Posted by REISEN1955

I wrote this for humor but one helluva lot of it comes out of Experian and consulting such as City of Atlanta last year and general knowledge of IBM and Wipro. Parts of this little diatribe are very very true. ...

In reply to: Re: Public relations scenario
Post Your Own Reply

Posted by REISEN1955

First week - we suffered a minor breach and we are investigating. Second week - we have experts and contracted consultants investigating at minimal cost. Third week - we have fired the consultants due to cost and have...

In reply to: Public relations scenario
Post Your Own Reply

Posted by markgrogan

Social media has always been giving people the wrong impression of so many different things on the face of this earth. Thus, I have chosen not to fully believe what is being portrayed out there in the digital realm. Read...

In reply to: Pinch of salt
Post Your Own Reply

Posted by MelBrandle

It took so many years for the company to finally nail the attackers down. It goes without saying that it is not an easy feat to know where the main target of attacks is coming from as attackers are stealth in their techniques....

In reply to: Undetected for long
Post Your Own Reply

Posted by REISEN1955

Every firm has a legacy system, one old Compaq Prolinea that has weird or ancient software installed on it 20 years ago that is used every 30 days to run a reel-to-reel data tape. (Aon had one of those). And...

In reply to: And machines too
Post Your Own Reply

Posted by REISEN1955

It is amazing how many security breach issues are directly related to phishing. Employees should know better by now but they still click on that invoice for something they never bought or an email from the chairman...

In reply to: On training
Post Your Own Reply

Posted by REISEN1955

This has to be sister of Thanos in the next Avenger's movie for 2025 release.

In reply to: For a smile
Post Your Own Reply

Posted by REISEN1955

I spent 8 months before the mast with a Wipro-IBM client in 2016 to 2017 before joining my current job and it was a nightmare. The GSD - General Service Desk (help desk) would take 9 days !!! to route a ticket...

In reply to: From experience .....
Post Your Own Reply

Posted by DavidHamilton

It is always a chain reaction when you engage a third party to do the job for you. End users only see you at the front so the blame will be pushed to you even if you weren't the one handling the security component at the...

In reply to: Clear your name
Post Your Own Reply

Posted by RyanSepe

Very true, it will be interesting to see how this develops. I think justice will be served but there may be a lot of colateral damage in the process.

In reply to: Re: This will be interesting
Post Your Own Reply

Posted by RyanSepe

Facepalm. If the individuals on that list want to salvage their personal emails they should use whitelisting. Otherwise they may be better off creating a new one before getting spammed to death.

In reply to: BCC Blunder
Post Your Own Reply

More Conversations

Products & Releases

Cybercriminals Using Popular TV Shows to Spread Malware

OPAQ Awarded Patent for Cyber Risk Assessment Technology

TrueVault Launches TrueVault Atlas To Automate Aspects of GDPR Compliance

Industrial Internet Consortium Announces Practitioner's Guide for Assessing Maturity of IoT System Security

Prevalent Announces New CEO, Expands Leadership Team with 3 New C-Suite Positions

Tripwire IP360 Now Discovers More Than 200,000 Conditions

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

Global Cooperation And Regulation Key In Addressing Multilayered Threats Posed By New Technology

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Tips for the Aftermath of a Cyberattack

Kelly Sheridan, Staff Editor, Dark Reading, 4/17/2019

Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent

Dark Reading Staff 4/18/2019

Former Student Admits to USB Killer Attack

Dark Reading Staff 4/18/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

White Papers

Security in the New World of Containers & Serverless

6 Keys to Faster Phishing Mitigation

Brochure: FraudProtect

Securing Real-Time Communications

2019 Cyber Security Report

More White Papers

Video

All Risk Videos

Cartoon

Latest Comment: Bill just doesn't realize it's more than a 2 dimensional world.

Cartoon Archive

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing Secure Applications

IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.

Download Now!

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-11332
PUBLISHED: 2019-04-18

MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.

CVE-2019-9161
PUBLISHED: 2019-04-18

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.x...

CVE-2019-11015
PUBLISHED: 2019-04-18

A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access...

CVE-2019-11331
PUBLISHED: 2019-04-18

Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.

CVE-2019-9160
PUBLISHED: 2019-04-18

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).

Terms of Service
Privacy Statement
Legal Entities