News & Commentary

Latest Content
Page 1 / 2   >   >>
Email Bomb Threats Follow Sextortion Playbook
News  |  12/14/2018  | 
Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.
Iranian Hackers Target Nuclear Experts, US Officials
Quick Hits  |  12/14/2018  | 
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
Who Are You, Really? A Peek at the Future of Identity
News  |  12/14/2018  | 
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
Retailers: Avoid the Hackable Holidaze
Commentary  |  12/14/2018  | 
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
2019 Attacker Playbook
Slideshows  |  12/14/2018  | 
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
Cybercriminals Change Tactics to Outwit Machine-Learning Defense
Quick Hits  |  12/14/2018  | 
The rise in machine learning for security has forced criminals to rethink how to avoid detection.
Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business
News  |  12/13/2018  | 
Enterprises are struggling with familiar old security challenges as a result, new survey shows.
Universities Get Schooled by Hackers
News  |  12/13/2018  | 
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
Cybercrime Is World's Biggest Criminal Growth Industry
Quick Hits  |  12/13/2018  | 
The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Commentary  |  12/13/2018  | 
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
Education Gets an 'F' for Cybersecurity
Quick Hits  |  12/13/2018  | 
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
The Economics Fueling IoT (In)security
Commentary  |  12/13/2018  | 
Attackers understand the profits that lie in the current lack of security. That must change.
Worst Password Blunders of 2018 Hit Organizations East and West
News  |  12/12/2018  | 
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
Bug Hunting Paves Path to Infosec Careers
News  |  12/12/2018  | 
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
News  |  12/12/2018  | 
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
Deception: Honey vs. Real Environments
Commentary  |  12/12/2018  | 
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
Mac Malware Cracks WatchGuards Top 10 List
News  |  12/12/2018  | 
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
Arctic Wolf Buys RootSecure
Quick Hits  |  12/12/2018  | 
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.
Forget Shifting Security Left; It's Time to Race Left
Commentary  |  12/12/2018  | 
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Quick Hits  |  12/12/2018  | 
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Slideshows  |  12/12/2018  | 
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
Battling Bots Brings Big-Budget Blow to Businesses
News  |  12/11/2018  | 
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
Equifax Breach Underscores Need for Accountability, Simpler Architectures
News  |  12/11/2018  | 
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
News  |  12/11/2018  | 
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
Attackers Using New Exploit Kit to Hijack Home & Small Office Routers
News  |  12/11/2018  | 
Goal is to steal banking credentials by redirecting users to phishing sites.
49% of Cloud Databases Left Unencrypted
News  |  12/11/2018  | 
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
The Grinch Bot Before Christmas: A Security Story for the Holidays
Commentary  |  12/11/2018  | 
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
NetSecOPEN Names Founding Members, Board of Directors
Quick Hits  |  12/11/2018  | 
The organization is charged with building open, transparent testing protocols for network security.
Grammarly Takes Bug Bounty Program Public
Quick Hits  |  12/11/2018  | 
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Commentary  |  12/11/2018  | 
The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.
CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks
News  |  12/11/2018  | 
But it still takes an average of 85 days to spot one, the security firm's incident response investigations found.
DanaBot Malware Adds Spam to its Menu
News  |  12/10/2018  | 
A new generation of modular malware increases its value to criminals.
'Highly Active' Seedworm Group Hits IT Services, Governments
News  |  12/10/2018  | 
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
Satan Ransomware Variant Exploits 10 Server-Side Flaws
News  |  12/10/2018  | 
Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
New Google+ Breach Will Lead to Early Service Shutdown
Quick Hits  |  12/10/2018  | 
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
'Dr. Shifro' Prescribes Fake Ransomware Cure
Quick Hits  |  12/10/2018  | 
A Russian firm aims to capitalize on ransomware victims' desperation by offering to unlock files then passing money to attackers.
6 Cloud Security Predictions for 2019
Commentary  |  12/10/2018  | 
How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.
6 CISO Resolutions for 2019
Slideshows  |  12/10/2018  | 
The ultimate to-do list for ambitious security leaders.
'PowerSnitch' Hacks Androids via Power Banks
News  |  12/8/2018  | 
Researcher demonstrates how attackers could steal data from smartphones while they're charging.
Criminals Use Locally Connected Devices to Attack, Loot Banks
News  |  12/7/2018  | 
Tens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.
'Simplify Everything': Google Talks Container Security in 2019
News  |  12/7/2018  | 
Google Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.
Iranian Nationals Charged for Atlanta Ransomware Attack
Quick Hits  |  12/7/2018  | 
The March attack used SamSam ransomware to infect 3,789 computers.
Kubernetes Deployments Around the World Show Vulnerabilities
Quick Hits  |  12/7/2018  | 
Kubernetes owners who expose APIs to the Internet are leaving their systems open to hackers.
Insider Threats & Insider Objections
Commentary  |  12/7/2018  | 
The tyranny of the urgent and three other reasons why its hard for CISOs to establish a robust insider threat prevention program.
Kubernetes Vulnerability Hits Top of Severity Scale
News  |  12/6/2018  | 
The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.
Adobe Flash Zero-Day Spreads via Office Docs
News  |  12/6/2018  | 
Adobe has patched a zero-day in its Flash player after attackers leveraged the exploit in an active campaign.
4 Lessons Die Hard Teaches About Combating Cyber Villains
Commentary  |  12/6/2018  | 
With proper planning, modern approaches, and tools, we can all be heroes in the epic battle against the cyber threat.
Bringing Compliance into the SecDevOps Process
Commentary  |  12/6/2018  | 
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
55% of Companies Don't Offer Mandatory Security Awareness Training
Quick Hits  |  12/6/2018  | 
Even those that provide employee training do so sparingly, a new study finds.
Apple Issues Security Fixes Across Mac, iOS
Quick Hits  |  12/6/2018  | 
Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.
Page 1 / 2   >   >>


Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19007
PUBLISHED: 2018-12-14
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.
CVE-2018-20147
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
CVE-2018-20148
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata.
CVE-2018-20149
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS.
CVE-2018-20150
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.