Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
The Edge Cartoon Contest: You Better Watch Out ...
6 Top Nontechnical Degrees for Cybersecurity
A Cause You Care About Needs Your Cybersecurity Help
Rethinking Enterprise Data Defense
News & Commentary
The Human Factor: 5 Reasons Why Cybersecurity Is a People Problem
Lysa Myers, Security Researcher, ESETCommentary
The industry can only go so far in treating security as a challenge that can be resolved only by engineering.
By Lysa Myers Security Researcher, ESET, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
Password-Cracking Teams Up in CrackQ Release
Robert Lemos, Contributing WriterNews
The open source platform aims to make password-cracking more manageable and efficient for red teams.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
What's in a Botnet? Researchers Spy on Geost Operators
Kelly Sheridan, Staff Editor, Dark ReadingNews
The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism
Black Hat Staff,  News
Investigative journalist Geoff White chats about why now is the right time for his Black Hat Europe Briefing on hackers, journalists, and the ethical ramifications of cybersecurity journalism.
By Alex Wawro, Special to Dark Reading , 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Shades of Shamoon: New Disk-Wiping Malware Targets Middle East Orgs
Jai Vijayan, Contributing WriterNews
'ZeroCleare' shares some of the same features as its more notorious predecessor, IBM Security says.
By Jai Vijayan Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Dark Reading Staff, Quick Hits
Kaspersky creates a prototype ring you can wear on your finger for authentication.
By Dark Reading Staff , 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
The Edge Cartoon Contest: You Better Watch Out ...
John Klossner, Cartoonist
Feeling creative this holiday season? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 12/4/2019
Comment6 comments  |  Read  |  Post a Comment
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, OktaCommentary
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
By Diya Jolly Chief Product Officer, Okta, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Advisory for Windows Hello for Business
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Continue to Exploit Outlook Home Page Flaw
Robert Lemos, Contributing WriterNews
FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Application & Infrastructure Risk Management: You've Been Doing It Backward
John Worrall, Chief Executive Officer at ZeroNorthCommentary
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
By John Worrall Chief Executive Officer at ZeroNorth, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
TrickBot Expands in Japan Ahead of the Holidays
Kelly Sheridan, Staff Editor, Dark ReadingNews
Data indicates TrickBot operators are modifying its modules and launching widespread campaigns around the world.
By Kelly Sheridan Staff Editor, Dark Reading, 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
When Rogue Insiders Go to the Dark Web
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Employees gone bad sell stolen company information, sometimes openly touting their companies, researchers say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
What Security Leaders Can Learn from Marketing
Christopher Kenessey, Chief Executive Officer at NetMotion SoftwareCommentary
Employees can no longer be pawns who must be protected all the time. They must become partners in the battle against threats.
By Christopher Kenessey Chief Executive Officer at NetMotion Software, 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
Smith & Wesson Is Magecart's Latest Target
Dark Reading Staff, Quick Hits
Researchers estimate the gun manufacturer's website was compromised sometime before Black Friday.
By Dark Reading Staff , 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
Siemens Offers Workarounds for Newly Found PLC Vulnerability
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
An undocumented hardware-based special access feature recently found by researchers in Siemens' S7-1200 can be used by attackers to gain control of the industrial devices.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
Leveraging the Cloud for Cyber Intelligence
Paul Kurtz, Co-Founder and Executive Chairman of TruSTARCommentary
How fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise.
By Paul Kurtz Co-Founder and Executive Chairman of TruSTAR, 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
Kali Linux Gets New Desktop Environment & Undercover Theme
Jai Vijayan, Contributing WriterNews
Updates to pen-testing platform are designed to improve performance and user interface, says Offensive Security, maintainer of the open source project.
By Jai Vijayan Contributing Writer, 12/2/2019
Comment0 comments  |  Read  |  Post a Comment
DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies
Robert Lemos, Contributing WriterNews
The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.
By Robert Lemos Contributing Writer, 12/2/2019
Comment0 comments  |  Read  |  Post a Comment
StrandHogg Vulnerability Affects All Versions of Android
Kelly Sheridan, Staff Editor, Dark ReadingNews
The bug enables malware to pose as any legitimate Android app, letting attackers track messages, photos, credentials, and phone conversations.
By Kelly Sheridan Staff Editor, Dark Reading, 12/2/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
edge
edge
Feeling creative this holiday season? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Attackers see credential abuse as a low-risk venture with potential for a high payout, at least for now.
By donating their security expertise, infosec professionals are supporting nonprofits, advocacy groups, and communities in need.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19589
PUBLISHED: 2019-12-05
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives.
CVE-2019-19597
PUBLISHED: 2019-12-05
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
CVE-2019-19598
PUBLISHED: 2019-12-05
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to t...
CVE-2019-19596
PUBLISHED: 2019-12-05
GitBook through 2.6.9 allows XSS via a local .md file.
CVE-2019-19590
PUBLISHED: 2019-12-05
In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote at...
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Flash Poll
Video
Slideshows
Twitter Feed