Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
6 Security Team Goals for DevSecOps in 2020
Assessing Cybersecurity Risk in Today's Enterprise
Car Hacking Hits the Streets
How AI and Cybersecurity Will Intersect in 2020
The Edge Cartoon Caption Contest: Latest Winners, New Toon 'Like a Boss'
News & Commentary
7 Ways to Get the Most Out of a Penetration Test
Steve Zurier, Contributing Writer
You'll get the best results when you’re clear on what you want to accomplish from a pen test.
By Steve Zurier Contributing Writer, 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
ADP Users Hit with Phishing Scam Ahead of Tax Season
Dark Reading Staff, Quick Hits
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
By Dark Reading Staff , 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
With International Tensions Flaring, Cyber-Risk Is Heating Up for All Businesses
Curtis Franklin Jr., Senior Editor at Dark Reading
Risks of nation-state attacks go beyond Iran, and the need for awareness and security don't stop at any national border.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/16/2020
Comment0 comments  |  Read  |  Post a Comment
New Attack Campaigns Suggest Emotet Threat Is Far From Over
Jai Vijayan, Contributing WriterNews
Malware described by the DHS as among the worst ever continues to evolve and grow, researchers from Cisco Talos, Cofense, and Check Point Software say.
By Jai Vijayan Contributing Writer, 1/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Ian Cruxton, CSO, CallsignCommentary
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
By Ian Cruxton CSO, Callsign, 1/16/2020
Comment0 comments  |  Read  |  Post a Comment
CISO Resigns From Pete Buttigieg Presidential Campaign
Dark Reading Staff, Quick Hits
The only Democratic campaign known to have a CISO loses Mick Baccio due to a "fundamental philosophical difference with campaign management."
By Dark Reading Staff , 1/16/2020
Comment0 comments  |  Read  |  Post a Comment
NY Fed Reveals Implications of Cyberattack on US Financial System
Dark Reading Staff, Quick Hits
A "pre-mortem analysis" sheds light on the potential destruction of a cyberattack against major US banks.
By Dark Reading Staff , 1/16/2020
Comment0 comments  |  Read  |  Post a Comment
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 1/16/2020
Comment1 Comment  |  Read  |  Post a Comment
2017 Data Breach Will Cost Equifax at Least $1.38 Billion
Jai Vijayan, Contributing WriterNews
Company agrees to set aside a minimum of $380.5 million as breach compensation and spend another $1 billion on transforming its information security over the next five years. The 147 million US consumers affected by the breach have one week from today to file a claim.
By Jai Vijayan Contributing Writer, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment1 Comment  |  Read  |  Post a Comment
Why Firewalls Aren't Going Anywhere
Ruvi Kitov, Chairman, CEO and Co-Founder, TufinCommentary
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
By Ruvi Kitov Chairman, CEO and Co-Founder, Tufin, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
New Report Spotlights Changes in Phishing Techniques
Kelly Sheridan, Staff Editor, Dark ReadingNews
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
How to Comprehend the Buzz About Honeypots
Curtis Franklin Jr., Senior Editor at Dark Reading
Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
ISACs Join Forces to Secure the Travel Industry
Dark Reading Staff, Quick Hits
Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.
By Dark Reading Staff , 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
How SD-WAN Helps Achieve Data Security and Threat Protection
Charuhas Ghatge, Senior Product and Solutions Marketing Manager at Nokia's Nuage NetworksCommentary
Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
By Charuhas Ghatge Senior Product and Solutions Marketing Manager at Nokia's Nuage Networks, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Windows Vuln Discovered by the NSA
Kelly Sheridan, Staff Editor, Dark ReadingNews
The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
By Kelly Sheridan Staff Editor, Dark Reading, 1/14/2020
Comment1 Comment  |  Read  |  Post a Comment
Cloud Adoption & Technology Change Create Gaps in Enterprise Security
Jai Vijayan, Contributing WriterNews
Many companies are struggling to get a handle on risk exposure because of visibility issues, Radware survey shows.
By Jai Vijayan Contributing Writer, 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
'Fancy Bear' Targets Ukrainian Oil Firm Burisma in Phishing Attack
Dark Reading Staff, Quick Hits
The oil & gas company is at the heart of the ongoing US presidential impeachment case.
By Dark Reading Staff , 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
Google: Chrome Will Remove Third-Party Cookies and Tracking
Dark Reading Staff, Quick Hits
It's "not about blocking" but removing them altogether, the company said.
By Dark Reading Staff , 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Increasingly Focus on Business Disruption
Robert Lemos, Contributing WriterNews
Network intruders are staying undetected for an average of 95 days, enabling them to target critical systems and more completely disrupt business.
By Robert Lemos Contributing Writer, 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Tripwire Expands Industrial Security Capabilities, Launches Industrial Appliance Line, Joins ISA Global Security Alliance
California Fraudster Sentenced In Maryland To Four Years In Federal Prison For A Credit Card Fraud Scheme With Losses Of More Than $1.365 Million
Florida Man Sentenced in ATM 'Cash-out' Scheme
Kaspersky Researchers Find Lazarus Enhances Capabilities in AppleJeus Cryptocurrency Attack
MITRE Releases Framework for Cyberattacks on Industrial Control Systems
Risk & Assurance Group Joins i3forum to Tackle Voice Fraud in International Telecommunications
Auctus Advises 5nine in Acronis Buyout
Imperva Names Pam Murphy as CEO
More Products & Releases
PR Newswire
edge
With International Tensions Flaring, Cyber-Risk Is Heating Up for All Businesses
Risks of nation-state attacks go beyond Iran, and the need for awareness and security don't stop at any national border.
How to Comprehend the Buzz About Honeypots
Honeypots are crucial tools for security researchers and security teams. Understanding what they are and what they can do can be critical for making them safe and useful for your organization.
How to Keep Security on Life Support After Software End-of-Life
It's the end of support this week for Windows 7 and Server 2008. But what if you truly can't migrate off software, even after security updates stop coming?
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: It is too bad the ceiling is made of glass!
White Papers
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3686
PUBLISHED: 2020-01-17
openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security
CVE-2019-3683
PUBLISHED: 2020-01-17
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and...
CVE-2019-3682
PUBLISHED: 2020-01-17
The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.
CVE-2019-17361
PUBLISHED: 2020-01-17
In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
CVE-2019-19142
PUBLISHED: 2020-01-17
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Flash Poll
Video
Slideshows
Twitter Feed