Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
10 Notable Security Acquisitions of 2019 (So Far)
Slideshows  |  6/15/2019  | 
In a year when security companies have been snapped up left and right, these deals stand out from the chaos.
Common Hacker Tool Hit with Hackable Vulnerability
Quick Hits  |  6/14/2019  | 
A researcher has found a significant exploit in one of the most frequently used text editors.
Better Cybersecurity Research Requires More Data Sharing
News  |  6/14/2019  | 
Researchers at the Workshop on the Economics of Information Security highlight the cost savings of sharing cybersecurity data and push for greater access to information on breaches, attacks, and incidents.
Sensory Overload: Filtering Out Cybersecurity's Noise
Commentary  |  6/14/2019  | 
No organization can prioritize and mitigate hundreds of risks effectively. The secret lies in carefully filtering out the risks, policies, and processes that waste precious time and resources.
Triton Attackers Seen Scanning US Power Grid Networks
News  |  6/14/2019  | 
The development follows speculation and concern among security experts that the attack group would expand its scope to the power grid.
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
News  |  6/13/2019  | 
New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year.
Cyberattack Hits Aircraft Parts Manufacturer
Quick Hits  |  6/13/2019  | 
Belgium's Asco has shut down manufacturing around the world, including the US, in response to a major cybersecurity event, but what happened isn't clear.
Congress Gives 'Hack Back' Legislation Another Try
Quick Hits  |  6/13/2019  | 
Officials reintroduce a bill that would let businesses monitor attacker behavior and target intruders on corporate networks.
The CISO's Drive to Consolidation
Commentary  |  6/13/2019  | 
Cutting back on the number of security tools you're using can save money and leave you safer. Here's how to get started.
7 Truths About BEC Scams
Slideshows  |  6/13/2019  | 
Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.
Google Adds Two-Factor Authentication For Its Apps on iOS
News  |  6/13/2019  | 
Android-based two-factor authentication now works for Google applications on iPad and iPhone.
The Rise of 'Purple Teaming'
Commentary  |  6/13/2019  | 
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.
Black Hat Q&A: Defending Against Cheaper, Accessible Deepfake Tech
News  |  6/13/2019  | 
ZeroFoxs Matt Price and Mike Price discuss their work researching cybersecurity responses to the rising tide of deepfake videos.
BlueKeep RDP Vulnerability a Ticking Time Bomb
News  |  6/13/2019  | 
One month after Microsoft disclosed the flaw, nearly 1 million systems remain unpatched, and Internet scans looking for vulnerable systems have begun increasing.
SQL Injection Attacks Represent Two-Third of All Web App Attacks
News  |  6/13/2019  | 
When Local File Inclusion attacks are counted, nearly nine in 10 attacks are related to input validation failures, Akamai report shows.
Apple Pledges Privacy, Beefs Up Security
News  |  6/12/2019  | 
The company hits back at the data economy and fellow tech giants Facebook and Google by announcing its own single sign-on service. A host of other iterative security improvements are on their way as well.
DNS Observatory Offers Researchers New Insight into Global DNS Activity
News  |  6/12/2019  | 
Among its early findings, 60% of the DNS transactions captured were handled by just 1,000 name servers.
New Funding Values KnowBe4 at $1 Billion
Quick Hits  |  6/12/2019  | 
The $300 million investment is being led by KKR.
CrowdStrike Prices IPO Above Range at $34
News  |  6/12/2019  | 
The endpoint security firm raised $612 million ahead of today's public debut.
Tomorrow's Cybersecurity Analyst Is Not Who You Think
Commentary  |  6/12/2019  | 
Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.
Predicting Vulnerability Weaponization
Commentary  |  6/12/2019  | 
Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.
Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw
News  |  6/11/2019  | 
In vulnerability disclosure programs, organizations are paying more in total for XSS issues than any other vulnerability type, HackerOne says.
Suppliers Spotlighted After Breach of Border Agency Subcontractor
News  |  6/11/2019  | 
Attackers increasingly use third-party service providers to bypass organizations' security. The theft of images from US Customs and Border Protection underscores the weakness suppliers can create.
Microsoft Issues Fixes for 88 Vulnerabilities
News  |  6/11/2019  | 
Four of the flaws are publicly known but none have been listed as under active attack.
'Have I Been Pwned' Is Up for Sale
Quick Hits  |  6/11/2019  | 
Troy Hunt, who has been running HIBP solo for six years, launched "Project Svalbard" so the site can evolve with more resources, funding, and support.
What 3 Powerful GoT Women Teach Us about Cybersecurity
Commentary  |  6/11/2019  | 
Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security.
FBI Warns of Dangers in 'Safe' Websites
News  |  6/11/2019  | 
Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust.
Getting Up to Speed on Magecart
Commentary  |  6/11/2019  | 
Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start.
Federal Photos Filched in Contractor Breach
Quick Hits  |  6/10/2019  | 
Data should never have been on subcontractor's servers, says Customs and Border Protection.
Huawei Represents Massive Supply Chain Risk: Report
News  |  6/10/2019  | 
The Chinese technology giant's enormous product and service footprint gives it access to more data than almost any other single organization, Recorded Future says.
Cognitive Bias Can Hamper Security Decisions
News  |  6/10/2019  | 
A new report sheds light on how human cognitive biases affect cybersecurity decisions and business outcomes.
Voting Machine Vendor Shifts Gears & Pushes for Backup Paper Ballots
Quick Hits  |  6/10/2019  | 
Election Systems & Software will 'no longer sell paperless voting machines,' CEO said.
GoldBrute Botnet Brute-Forcing 1.5M RDP Servers
Quick Hits  |  6/10/2019  | 
Botnets are scanning the Internet for servers exposing RDP and using weak, reused passwords to obtain access.
'Lone Wolf' Scammer Built a Multifaceted BEC Cybercrime Operation
News  |  6/10/2019  | 
A one-man 419 scam evolved into a lucrative social-engineering syndicate over the past decade that conducts a combination of business email compromise, romance, and financial fraud.
Unmixed Messages: Bringing Security & Privacy Awareness Together
Commentary  |  6/10/2019  | 
Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done.
Dark Web Becomes a Haven for Targeted Hits
News  |  6/7/2019  | 
Malware on the Dark Web is increasingly being customized to target specific organizations and executives.
Vulnerability Found in Millions of Email Systems
Quick Hits  |  6/7/2019  | 
The vuln could allow remote execution of code with root privilege in more than 4.1 million systems.
Massive Changes to Tech and Platforms, But Cybercrime? Not So Much
News  |  6/7/2019  | 
The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime.
End User Lockdown: Dark Reading Caption Contest Winners
Commentary  |  6/7/2019  | 
Phishing, cybersecurity training, biometrics and casual Fridays. And the winners are ...
The Minefield of Corporate Email
News  |  6/7/2019  | 
Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud.
Cisco Buys Sentryo
News  |  6/6/2019  | 
Cisco is adding the French company's network visibility products to its IoT network lineup.
Feds Make New Arrest in Darkode Case
News  |  6/6/2019  | 
Another American was arrested and charged alongside three international suspects who remain at large, according to newly unsealed indictment.
Senior Executives More Involved with SOC Operations, Report Finds
Quick Hits  |  6/6/2019  | 
But they are still subject to the same alert fatigue and false-positive issues their junior employees face.
ADT Teams Up with SonicWall for SMB Security Services
News  |  6/6/2019  | 
More than half of all SMBs plan to rely on third party providers for their security tools and services, according to IDC.
6 Security Scams Set to Sweep This Summer
Slideshows  |  6/6/2019  | 
Experts share the cybersecurity threats to watch for and advice to stay protected.
Cyber Talent Gap? Don't Think Like Tinder!
Commentary  |  6/6/2019  | 
If your company truly is a great place to work, make sure your help-wanted ads steer clear of these common job-listing clichs.
Inside the Criminal Businesses Built to Target Enterprises
News  |  6/6/2019  | 
Researchers witness an increase in buying and selling targeted hacking services, custom malware, and corporate network access on the Dark Web.
When Security Goes Off the Rails
Commentary  |  6/6/2019  | 
Cyber can learn a lot from the highly regulated world of rail travel. The most important lesson: the value of impartial analysis.
Vietnam Rises as Cyberthreat
News  |  6/5/2019  | 
The country's rapid economic growth and other factors are driving an increase in cybercrime and cyber espionage activity.
Healthcare Breach Expands to 19.6 Million Patient Accounts
News  |  6/5/2019  | 
LabCorp says its third-party debt-collection provider, AMCA, notified the company that information on 7.7 million patients had leaked. Expect more healthcare companies to come forward.
Page 1 / 2   >   >>


7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
CVE-2019-12830
PUBLISHED: 2019-06-15
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.