News & Commentary

Latest Content
Page 1 / 2   >   >>
Researchers Propose New Approach to Address Online Password-Guessing Attacks
News  |  2/21/2019  | 
Recommended best practices not effective against certain types of attacks, they say.
Attack Campaign Experiments with Rapid Changes in Email Lure Content
News  |  2/21/2019  | 
It's like polymorphic behavior only the changes are in the email lures themselves, with randomized changes to headers, subject lines, and body content.
Human Negligence to Blame for the Majority of Insider Threats
News  |  2/21/2019  | 
In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web a 20% jump from 2018.
Why Cybersecurity Burnout Is Real (and What to Do About It)
Commentary  |  2/21/2019  | 
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
New Free Tool Scans for Chrome Extension Safety
Quick Hits  |  2/21/2019  | 
CRXcavator scans extensions in real time based on factors including permissions, external calls, and third-party libraries.
Cyber Extortionists Can Earn $360,000 a Year
News  |  2/21/2019  | 
Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.
Security Analysts Are Only Human
Commentary  |  2/21/2019  | 
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
Insurer Offers GDPR-Specific Coverage for SMBs
News  |  2/20/2019  | 
Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.
As Businesses Move Critical Data to Cloud, Security Risks Abound
News  |  2/20/2019  | 
Companies think their data is safer in the public cloud than in on-prem data centers, but the transition is driving security issues.
Mastercard, GCA Create Small Business Cybersecurity Toolkit
News  |  2/20/2019  | 
A new toolkit developed by the Global Cybersecurity Alliance aims to give small businesses a cookbook for better cybersecurity.
POS Vendor Announces January Data Breach
Quick Hits  |  2/20/2019  | 
More than 120 restaurants were affected by an incident that exposed customer credit card information.
9 Years After: From Operation Aurora to Zero Trust
Commentary  |  2/20/2019  | 
How the first documented nation-state cyberattack is changing security today.
Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks
Quick Hits  |  2/20/2019  | 
A recent wave of cybercrime has targeted organizations with employees in Belgium, France, Germany, Poland, Romania, and Serbia.
The Anatomy of a Lazy Phish
Commentary  |  2/20/2019  | 
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
'Formjacking' Compromises 4,800 Sites Per Month. Could Yours Be One?
News  |  2/20/2019  | 
Cybercriminals see formjacking as a simple opportunity to take advantage of online retailers and all they need is a small piece of JavaScript.
North Korea's Lazarus Group Targets Russian Companies For First Time
News  |  2/19/2019  | 
In an unusual development, the group known for its attacks against companies in countries viewed as geopolitical foes is now going after companies in a country considered an ally, Check Point Software says.
Google Research: No Simple Fix For Spectre-Class Vulnerabilities
News  |  2/19/2019  | 
Chip makers focus on performance has left microprocessors open to numerous side-channel attacks that cannot be fixed by software updates - only by hard choices.
19 Minutes to Escalation: Russian Hackers Move the Fastest
News  |  2/19/2019  | 
New data from CrowdStrike's incident investigations in 2018 uncover just how quickly nation-state hackers from Russia, North Korea, China, and Iran pivot from patient zero in a target organization.
Making the Case for a Cybersecurity Moon Shot
Commentary  |  2/19/2019  | 
There are severe and unsolved problems in our industry that justify a sustained effort and substantial investment. It's worth picking one.
6 Tax Season Tips for Security Pros
Slideshows  |  2/19/2019  | 
Here are some practical ways to keep your company safe as Uncle Sam comes calling.
Breach in Stanford System Exposes Student Records
Quick Hits  |  2/19/2019  | 
A wide variety of data was visible through the vulnerability.
Palo Alto Networks to Buy Demisto for $560M
Quick Hits  |  2/19/2019  | 
This marks Palo Alto Networks' latest acquisition and its first of 2019.
Security Leaders Are Fallible, Too
Commentary  |  2/19/2019  | 
Security leaders set the tone for their organizations, and there are many places where the process can go wrong. Second in a six-part series.
Privacy Ops: The New Nexus for CISOs & DPOs
Commentary  |  2/18/2019  | 
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
Hackers Found Phishing for Facebook Credentials
Quick Hits  |  2/15/2019  | 
A "very realistic-looking" login prompt is designed to capture users' Facebook credentials, researchers report.
Staffing Shortage Makes Vulnerabilities Worse
Quick Hits  |  2/15/2019  | 
Businesses don't have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute.
ICS/SCADA Attackers Up Their Game
News  |  2/15/2019  | 
With attackers operating more aggressively and stealthily, some industrial network operators are working to get a jump on the threats.
Post-Quantum Crypto Standards Arent All About the Math
News  |  2/15/2019  | 
The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Commentary  |  2/15/2019  | 
These programs are now an essential strategy in keeping the digital desperados at bay.
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
News  |  2/14/2019  | 
New initiative offers five principles for greater IoT security.
From 'O.MG' to NSA, What Hardware Implants Mean for Security
News  |  2/14/2019  | 
A wireless device resembling an Apple USB-Lightning cable that can exploit any system via keyboard interface highlights risks associated with hardware Trojans and insecure supply chains.
High Stress Levels Impacting CISOs Physically, Mentally
News  |  2/14/2019  | 
Some have even turned to alcohol and medication to cope with pressure.
Toyota Prepping 'PASTA' for its GitHub Debut
News  |  2/14/2019  | 
Carmaker's open source car-hacking tool platform soon will be available to the research community.
Valentine's Emails Laced with Gandcrab Ransomware
News  |  2/14/2019  | 
In the weeks leading up to Valentine's Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails.
Coffee Meets Bagel Confirms Hack on Valentine's Day
Quick Hits  |  2/14/2019  | 
The dating app says users' account data may have been obtained by an unauthorized party.
New Professional Development Institute Aims to Combat Cybersecurity Skills Shortage
Quick Hits  |  2/14/2019  | 
The (ISC)2 announces a new institute for working cybersecurity professionals to continue their education.
Diversity Is Vital to Advance Security
Commentary  |  2/14/2019  | 
Meet five female security experts who are helping to propel our industry forward.
How to Create a Dream Team for the New Age of Cybersecurity
Commentary  |  2/14/2019  | 
When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.
Security Spills: 9 Problems Causing the Most Stress
Slideshows  |  2/14/2019  | 
Security practitioners reveal what's causing them the most frustration in their roles.
2018 Was Second-Most Active Year for Data Breaches
News  |  2/13/2019  | 
Hacking by external actors caused most breaches, but Web intrusions and exposures compromised more records, according to Risk Based Security.
Windows Executable Masks Mac Malware
News  |  2/13/2019  | 
A new strain of MacOS malware hides inside a Windows executable to avoid detection.
Ex-US Intel Officer Charged with Helping Iran Target Her Former Colleagues
News  |  2/13/2019  | 
Monica Witt, former Air Force and counterintel agent, has been indicted for conspiracy activities with Iranian government, hackers.
Researchers Dig into Microsoft Office Functionality Flaws
News  |  2/13/2019  | 
An ongoing study investigating security bugs in Microsoft Office has so far led to two security patches.
5 Expert Tips for Complying with the New PCI Software Security Framework
Commentary  |  2/13/2019  | 
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
Scammers Fall in Love with Valentine's Day
News  |  2/13/2019  | 
Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.
70% of Consumers Want Biometrics in the Workplace
News  |  2/13/2019  | 
Speed, simplicity, and security underscore their desire, a new study shows.
Lessons Learned from a Hard-Hitting Security Review
Commentary  |  2/13/2019  | 
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
Up to 100,000 Reported Affected in Landmark White Data Breach
News  |  2/12/2019  | 
Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.
Microsoft, Adobe Both Close More Than 70 Security Issues
News  |  2/12/2019  | 
With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
News  |  2/12/2019  | 
All data belonging to US usersincluding backup copieshave been deleted in catastrophe, VMEmail says.
Page 1 / 2   >   >>


Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Privacy Ops: The New Nexus for CISOs & DPOs
Amit Ashbel, Security Evangelist, Cognigo,  2/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8955
PUBLISHED: 2019-02-21
In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.
CVE-2019-1698
PUBLISHED: 2019-02-21
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External E...
CVE-2019-1700
PUBLISHED: 2019-02-21
A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) conditio...
CVE-2019-6340
PUBLISHED: 2019-02-21
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RE...
CVE-2019-8996
PUBLISHED: 2019-02-21
In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow.