Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
6 Small-Business Password Managers
10 Tips for Building Compliance by Design into Cloud Architecture
8 Holiday Security Tips for Retailers
4 Ways to Soothe a Stressed-Out Incident Response Team
8 Tips for More Secure Mobile Computing
News & Commentary
Leaks of NSA, CIA Tools Have Leveled Nation-State Cybercriminal Capabilities
Jai Vijayan, Contributing WriterNews
The wide availability of tools leaked by the Shadow Brokers and WikiLeaks in 2016 and 2017 have given emerging cyber powers a way to catch up, DarkOwl says.
By Jai Vijayan Contributing Writer, 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
Government Agency Partners on New Tool for Election Security
Dark Reading Staff, Quick Hits
The Cybersecurity and Infrastructure Security Agency has partnered with VotingWorks on an open source tool to aid election result audits.
By Dark Reading Staff , 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
In the Market for a MSSP? Ask These Questions First
Joan Goodchild, Contributing Writer
Not all managed security service providers are created equal. These questions can reveal whether you are hiring the right people to help secure your business.
By Joan Goodchild Contributing Writer, 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
3 Fundamentals for Better Security and IT Management
Chris Hallenbeck, CISO for the Americas at TaniumCommentary
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
By Chris Hallenbeck CISO for the Americas at Tanium, 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
Google Increases Top Android Hacking Prize to $1M
Dark Reading Staff, Quick Hits
Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.
By Dark Reading Staff , 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading
A computer science degree isn't the only path into a cybersecurity career.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
The 'Department of No': Why CISOs Need to Cultivate a Middle Way
Malcolm Harkins, Chief Security & Trust OfficerCommentary
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
By Malcolm Harkins Chief Security & Trust Officer, 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A look at the characteristics of real-world business email compromise attacks — and what makes them tick.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
As Retailers Prepare for the Holiday Season, So Do Cybercriminals
Jai Vijayan, Contributing WriterNews
Online shoppers need to be wary about domain spoofing, fraudulent giveaways, and other scams, ZeroFOX study shows.
By Jai Vijayan Contributing Writer, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
What's in a WAF?
Sara Peters, Senior Editor at Dark Reading
Need a 101 lesson on Web application firewalls? Here's your crib sheet on what a WAF is, how it works, and what to look for when you're in the market for a new solution.
By Sara Peters Senior Editor at Dark Reading, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Patch 'Easily Exploitable' Oracle EBS Flaws ASAP: Onapsis
Robert Lemos, Contributing WriterNews
Organizations that have not yet applied a pair of months-old critical patches from Oracle for E-Business Suite are at risk of attacks on their financial systems, the application security firm says.
By Robert Lemos Contributing Writer, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Update Gives Users Greater Data Control
Dark Reading Staff, Quick Hits
External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.
By Dark Reading Staff , 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Employee Privacy in a Mobile Workplace
Michael J. Covington, Vice President of Product Strategy at WanderaCommentary
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.
By Michael J. Covington Vice President of Product Strategy at Wandera, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Former White House CIO Shares Enduring Security Strategies
Kelly Sheridan, Staff Editor, Dark ReadingNews
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
By Kelly Sheridan Staff Editor, Dark Reading, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments
Black Hat Staff, News
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visa’s contactless payments security system vulnerabilities.
By Alex Wawro, Special to Dark Reading , 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Why Multifactor Authentication Is Now a Hacker Target
Tanner Johnson, Senior Analyst, Connectivity & IoT, IHS MarkitCommentary
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
By Tanner Johnson Senior Analyst, Connectivity & IoT, IHS Markit, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones
Dark Reading Staff, Quick Hits
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.
By Dark Reading Staff , 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats
Jai Vijayan, Contributing WriterNews
Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways.
By Jai Vijayan Contributing Writer, 11/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Attacker Mistake Botches Cyborg Ransomware Campaign
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
By Kelly Sheridan Staff Editor, Dark Reading, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Up Sharply in Third Quarter of 2019
Dark Reading Staff, Quick Hits
DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly.
By Dark Reading Staff , 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Trend Micro Debuts Security Services Platform for Organizations Building Apps in the Cloud
IBM Launches Open Technology to Speed Response to Cyber Threats Across Clouds
Egnyte Announces New Layer In Its Industry-Leading Content Intelligence Engine
Google Collaborates with Fortanix to Deliver External Key Management System for Public Cloud
Respond Software Launches First Responder Service to Automate Speed, Accuracy of MDR at Fraction of Cost
Research: A third of the world's largest enterprises use inadequate data sanitization to prevent data breaches at end-of-life
NINJIO Introduces Security Awareness Training for SMBS
Kaspersky: More Senior Execs Making Cyber Decisions
More Products & Releases
PR Newswire
edge
edge
In the Market for a MSSP? Ask These Questions First
Not all managed security service providers are created equal. These questions can reveal whether you are hiring the right people to help secure your business.
What's in a WAF?
Need a 101 lesson on Web application firewalls? Here's your crib sheet on what a WAF is, how it works, and what to look for when you're in the market for a new solution.
New: Everything You Always Wanted to Know About Security at the Edge But Were Afraid to Ask
The secure perimeter as we know it is dissolving. So how do you protect your crown jewels when the castle has no walls?
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...
CVE-2019-18889
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Flash Poll
Video
Slideshows
Twitter Feed