Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
The Edge Cartoon Contest: You Better Watch Out ...
6 Top Nontechnical Degrees for Cybersecurity
A Cause You Care About Needs Your Cybersecurity Help
Rethinking Enterprise Data Defense
News & Commentary
10 Notable Cybersecurity Acquisitions of 2019, Part 2
Kelly Sheridan, Staff Editor, Dark Reading
As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
By Kelly Sheridan Staff Editor, Dark Reading, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
Nation-State Attackers May Have Co-opted Vega Ransomware
Robert Lemos, Contributing WriterNews
The tactics used by the latest version of the Vega cryptolocker program indicates the code may have been stolen from its authors and is now being used for destructive attacks, a new report suggests.
By Robert Lemos Contributing Writer, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
Criminals Hide Fraud Behind the Green Lock Icon
Curtis Franklin Jr., Senior Editor at Dark Reading
Criminals are using free certificate services to apply real security certs to fraudulent sites — and to take advantage of victims looking for surfing safety.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.
By Shane Buckley President & Chief Operating Officer, Gigamon, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
New: From the Core to the Edge: 7 Reasons You Need Security at the Edge
Akamai Staff,
No longer can you secure the perimeter and trust that nothing will get in or out.
By Akamai Staff , 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC
Jai Vijayan, Contributing WriterNews
Money meant to fund an Israeli startup wound up directly deposited to the scammers.
By Jai Vijayan Contributing Writer, 12/6/2019
Comment1 Comment  |  Read  |  Post a Comment
Data Center Provider CyrusOne Confirms Ransomware Attack
Dark Reading Staff, Quick Hits
The attack struck CyrusOne's managed services division and compromised six customers primarily serviced by a New York data center.
By Dark Reading Staff , 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
Senators Call for End to Controversial NSA Program
Dark Reading Staff, Quick Hits
The program for collecting telephone call metadata has faced increased scrutiny and restrictions since Edward Snowden revealed its existence in 2013.
By Dark Reading Staff , 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?
Steve Zurier, Contributing Writer
Passwordless authentication advocates see 2020 as a potential turning point year for the technology. But can the industry get off the dime?
By Steve Zurier Contributing Writer, 12/6/2019
Comment1 Comment  |  Read  |  Post a Comment
Success Enablers or Silent Killers?
Douglas Ferguson, Founder & CTO, Pharos SecurityCommentary
These five success enablers will help CISOs report, measure, and demonstrate ROI to the C-suite.
By Douglas Ferguson Founder & CTO, Pharos Security, 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Dark Reading Staff, Quick Hits
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing WriterNews
Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.
By Jai Vijayan Contributing Writer, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
With Aporeto, Palo Alto Looks Away from the Firewall and Toward the Future
Dark Reading Staff, News
Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.
By Special to Dark Reading: Maria Korolov, Data Center Knowledge , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
10 Security 'Chestnuts' We Should Roast Over the Open Fire
Joan Goodchild, Contributing Writer
These outdated security rules we all know (and maybe live by) no longer apply.
By Joan Goodchild Contributing Writer, 12/5/2019
Comment1 Comment  |  Read  |  Post a Comment
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Assessments can be used against your company in court proceedings. Here's how to mitigate this potential risk.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Defender ATP Brings EDR Capabilities to macOS
Dark Reading Staff, Quick Hits
Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
The Human Factor: 5 Reasons Why Cybersecurity Is a People Problem
Lysa Myers, Security Researcher, ESETCommentary
The industry can only go so far in treating security as a challenge that can be resolved only by engineering.
By Lysa Myers Security Researcher, ESET, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
Password-Cracking Teams Up in CrackQ Release
Robert Lemos, Contributing WriterNews
The open source platform aims to make password-cracking more manageable and efficient for red teams.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
What's in a Botnet? Researchers Spy on Geost Operators
Kelly Sheridan, Staff Editor, Dark ReadingNews
The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism
Black Hat Staff, News
Investigative journalist Geoff White chats about why now is the right time for his Black Hat Europe Briefing on hackers, journalists, and the ethical ramifications of cybersecurity journalism.
By Alex Wawro, Special to Dark Reading , 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by lisanicholas25
Current Conversations nice
In reply to: Re: very nice
Post Your Own Reply
Posted by attrapereves
Current Conversations Great post, good job!
In reply to: Re: Pending Review
Post Your Own Reply
More Conversations
Products & Releases
Tenable Acquires Indegy
Nuspire Hires Lewie Dunsworth As New CEO
70 Top Hackers from Around the World Gathered in Finland for the 5G Cybersecurity Hackathon
Kaspersky finds ransomware now targeting back-up data
New Genetec Research Shows Almost 4 in 10 Security Cameras Can Be at Risk of Cyberattack Due to Outdated Firmware
LastPass Goes Passwordless
TrueFort Bolsters Management Team with 3 'Company Builder' Female Executives
TrueFort Unveils Application Detection and Response Platform to Secure Applications & Cloud Workloads
More Products & Releases
PR Newswire
edge
edge
Criminals Hide Fraud Behind the Green Lock Icon
Criminals are using free certificate services to apply real security certs to fraudulent sites -- and to take advantage of victims looking for surfing safety.
New: From the Core to the Edge: 7 Reasons You Need Security at the Edge
No longer can you secure the perimeter and trust that nothing will get in or out.
Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?
Passwordless authentication advocates see 2020 as a potential turning point year for the technology. But can the industry get off the dime?
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19647
PUBLISHED: 2019-12-09
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2019-19648
PUBLISHED: 2019-12-09
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Flash Poll
Video
Slideshows
Twitter Feed