Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Real-Life Dangers That Threaten Cybersecurity
2018 Hacker Kids Gift Guide
7 Holiday Security Tips for Retailers
Cloud, China, Generic Malware Top Security Concerns for 2019
Understanding Evil Twin AP Attacks and How to Prevent Them
News & Commentary
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher demonstrates how attackers could steal data from smartphones while they're charging.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/8/2018
Comment0 comments  |  Read  |  Post a Comment
Criminals Use Locally Connected Devices to Attack, Loot Banks
Jai Vijayan, Freelance writerNews
Tens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.
By Jai Vijayan Freelance writer, 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
'Simplify Everything': Google Talks Container Security in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.
By Kelly Sheridan Staff Editor, Dark Reading, 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
Iranian Nationals Charged for Atlanta Ransomware Attack
Dark Reading Staff, Quick Hits
The March attack used SamSam ransomware to infect 3,789 computers.
By Dark Reading Staff , 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
Kubernetes Deployments Around the World Show Vulnerabilities
Dark Reading Staff, Quick Hits
Kubernetes owners who expose APIs to the Internet are leaving their systems open to hackers.
By Dark Reading Staff , 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
Insider Threats & Insider Objections
Richard Ford, Chief Scientist, ForcepointCommentary
The ‘tyranny of the urgent’ and three other reasons why it’s hard for CISOs to establish a robust insider threat prevention program.
By Richard Ford Chief Scientist, Forcepoint, 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
Kubernetes Vulnerability Hits Top of Severity Scale
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Adobe Flash Zero-Day Spreads via Office Docs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Adobe has patched a zero-day in its Flash player after attackers leveraged the exploit in an active campaign.
By Kelly Sheridan Staff Editor, Dark Reading, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Bringing Compliance into the SecDevOps Process
Joe Ward, Senior Security Analyst, Bishop FoxCommentary
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
By Joe Ward Senior Security Analyst, Bishop Fox, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
4 Lessons Die Hard Teaches About Combating Cyber Villains
Keith Graham, Chief Technology Officer, SecureAuthCommentary
With proper planning, modern approaches, and tools, we can all be heroes in the epic battle against the cyber threat.
By Keith Graham Chief Technology Officer, SecureAuth, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Apple Issues Security Fixes Across Mac, iOS
Dark Reading Staff, Quick Hits
Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
55% of Companies Don't Offer Mandatory Security Awareness Training
Dark Reading Staff, Quick Hits
Even those that provide employee training do so sparingly, a new study finds.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
7 Common Breach Disclosure Mistakes
Jai Vijayan, Freelance writer
How you report a data breach can have a big impact on its fallout.
By Jai Vijayan Freelance writer, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Evidence in Starwood/Marriott Breach May Point to China
Dark Reading Staff, Quick Hits
Attackers used methods, tools previously used by known Chinese hackers.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Boosting SOC IQ Levels with Knowledge Transfer
Mike Fowler, Vice President of Professional Services at DFLabsCommentary
Despite shortages of skills and staff, these six best practices can improve analysts' performance in a security operations center.
By Mike Fowler Vice President of Professional Services at DFLabs, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Symantec Intros USB Scanning Tool for ICS Operators
Jai Vijayan, Freelance writerNews
ICSP Neural is designed to address USB-borne malware threats.
By Jai Vijayan Freelance writer, 12/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Toyota Builds Open-Source Car-Hacking Tool
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
‘PASTA’ testing platform specs will be shared via open-source.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
A Shift from Cybersecurity to Cyber Resilience: 6 Steps
Gus Hunt, Managing Director and Cyber Strategy Lead for Accenture Federal ServicesCommentary
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
By Gus Hunt Managing Director and Cyber Strategy Lead for Accenture Federal Services, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Cloud Security Command Center Now in Beta
Kelly Sheridan, Staff Editor, Dark ReadingNews
The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.
By Kelly Sheridan Staff Editor, Dark Reading, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Agent Aix les Bains
Current Conversations What do you mean ?
In reply to: Re: BLOCKCHAIN
Post Your Own Reply
More Conversations
Products & Releases
Trend Micro Research Uncovers Major Flaws in Leading IoT Protocols 12/4/18 7:00 am CST
Application Security for AWS Lambda Customers
Venafi Secures $100M Financing Round Led by TCV
Steve Lipner Appointed Chair of NIST Information Security and Privacy Advisory Board
More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report
King & Union and Farsight Security Announce Strategic Partnership
BSIA to create ‘UK marketplace’ for all IFSEC Global Shows
Dragos Announces $37M in Series B Funding for Industrial Control Systems (ICS) Cybersecurity Threat Detection and Response
More Products & Releases
PR Newswire
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark Reading,  12/3/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
White Papers
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20000
PUBLISHED: 2018-12-10
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.
CVE-2018-20001
PUBLISHED: 2018-12-10
In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input.
CVE-2018-20002
PUBLISHED: 2018-12-10
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
CVE-2018-19991
PUBLISHED: 2018-12-10
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.
CVE-2018-19653
PUBLISHED: 2018-12-09
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
Flash Poll
Video
Slideshows
Twitter Feed