Higher Education: 15 Books to Help Cybersecurity Pros Be Better
2019 Attacker Playbook
Name That Toon: I Spy
6 CISO Resolutions for 2019
7 Common Breach Disclosure Mistakes
News & Commentary
When Cryptocurrency Falls, What Happens to Cryptominers?
Kelly Sheridan, Staff Editor, Dark ReadingNews
The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.
By Kelly Sheridan Staff Editor, Dark Reading, 12/18/2018
Comment0 comments  |  Read  |  Post a Comment
Memes on Twitter Used to Communicate With Malware
Jai Vijayan, Freelance writerNews
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.
By Jai Vijayan Freelance writer, 12/18/2018
Comment0 comments  |  Read  |  Post a Comment
Twitter Hack May Have State-Sponsored Ties
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
A data leak was disclosed after attackers targeted a support form, which had "unusual activity."
By Kelly Sheridan Staff Editor, Dark Reading, 12/18/2018
Comment0 comments  |  Read  |  Post a Comment
Trend Micro Finds Major Flaws in HolaVPN
Dark Reading Staff, Quick Hits
A popular free VPN is found to have a very high cost for users.
By Dark Reading Staff , 12/18/2018
Comment0 comments  |  Read  |  Post a Comment
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 12/18/2018
Comment0 comments  |  Read  |  Post a Comment
How to Engage Your Cyber Enemies
Guy Nizan, CEO at Intsights Cyber IntelligenceCommentary
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
By Guy Nizan CEO at Intsights Cyber Intelligence, 12/18/2018
Comment2 comments  |  Read  |  Post a Comment
8 Security Tips to Gift Your Loved Ones For the Holidays
Steve Zurier, Freelance Writer
Before the wrapping paper starts flying, here's some welcome cybersecurity advice to share with friends and family.
By Steve Zurier Freelance Writer, 12/18/2018
Comment2 comments  |  Read  |  Post a Comment
Cyber Readiness Institute Launches New Program for SMBs
Steve Zurier, Freelance WriterNews
Program seeks to raise employees' cyber awareness and give small and midsize business owners the tools to make a difference.
By Steve Zurier Freelance Writer, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Disk-Wiping 'Shamoon' Malware Resurfaces With File-Erasing Malware in Tow
Jai Vijayan, Freelance writerNews
As with previous attacks, organizations in the Middle East appear to be main targets, Symantec says.
By Jai Vijayan Freelance writer, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
53 Bugs in 50 Days: Researchers Fuzz Adobe Reader
Kelly Sheridan, Staff Editor, Dark ReadingNews
Automatic vulnerability finding tools detect more than 50 CVEs in Adobe Reader and Adobe Pro during a 50-day experiment.
By Kelly Sheridan Staff Editor, Dark Reading, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Chinese Hackers Stole Classified US Navy Info
Dark Reading Staff, Quick Hits
Cyberattacks reportedly targeted US Defense contractor.
By Dark Reading Staff , 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Lax Controls Leave Fortune 500 Overexposed On the Net
Robert Lemos, Technology Journalist/Data ResearcherNews
The largest companies in the world have an average of 500 servers and devices accessible from the Internet - and many leave thousands of systems open to attack.
By Robert Lemos Technology Journalist/Data Researcher, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Facebook: Photo API Bug Exposed 6.8M User Photos
Dark Reading Staff, Quick Hits
The flaw let developers access images that users may not have shared publicly, including those they started to upload but didnt post.
By Dark Reading Staff , 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Shhhhh! The Secret to Secrets Management
Mark B. Cooper, President and Founder, PKI SolutionsCommentary
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
By Mark B. Cooper President and Founder, PKI Solutions, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Email Bomb Threats Follow Sextortion Playbook
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Iranian Hackers Target Nuclear Experts, US Officials
Dark Reading Staff, Quick Hits
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
By Dark Reading Staff , 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Who Are You, Really? A Peek at the Future of Identity
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
By Kelly Sheridan Staff Editor, Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Retailers: Avoid the Hackable Holidaze
Fred Kneip, CEO at CyberGRXCommentary
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
By Fred Kneip CEO at CyberGRX, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018
Comment2 comments  |  Read  |  Post a Comment
Cybercriminals Change Tactics to Outwit Machine-Learning Defense
Dark Reading Staff, Quick Hits
The rise in machine learning for security has forced criminals to rethink how to avoid detection.
By Dark Reading Staff , 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...
CVE-2018-19829
PUBLISHED: 2018-12-18
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-16884
PUBLISHED: 2018-12-18
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...
CVE-2018-17777
PUBLISHED: 2018-12-18
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have acc...
CVE-2018-18921
PUBLISHED: 2018-12-18
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Flash Poll
Video
Slideshows
Twitter Feed