Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Ransomware Strikes 49 School Districts & Colleges in 2019
News  |  9/20/2019  | 
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Quick Hits  |  9/20/2019  | 
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
A Safer IoT Future Must Be a Joint Effort
Commentary  |  9/20/2019  | 
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3
News  |  9/19/2019  | 
The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.
Metasploit Creator HD Moore's Latest Hack: IT Assets
News  |  9/19/2019  | 
Moore has built a network asset discovery tool that wasn't intended to be a pure security tool, but it addresses a glaring security problem.
BSIMM10 Emphasizes DevOps' Role in Software Security
News  |  9/19/2019  | 
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
California's IoT Security Law Causing Confusion
News  |  9/19/2019  | 
The law, which goes into effect January 1, requires manufacturers to equip devices with 'reasonable security feature(s).' What that entails is still an open question.
Security Pros Value Disclosure ... Sometimes
Quick Hits  |  9/19/2019  | 
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
Deconstructing an iPhone Spearphishing Attack
Commentary  |  9/19/2019  | 
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
Ping Identity Prices IPO at $15 per Share
Quick Hits  |  9/19/2019  | 
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
Crowdsourced Security & the Gig Economy
Commentary  |  9/19/2019  | 
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
Saudi IT Providers Hit in Cyber Espionage Operation
News  |  9/18/2019  | 
Symantec identifies new 'Tortoiseshell' nation-state group as the attackers.
WannaCry Detections At An All-Time High
News  |  9/18/2019  | 
More than 12,000 variants of the infamous malware are targeting systems that are still open to the EternalBlue exploit - but the potential danger is low, Sophos warns.
How Cybercriminals Exploit Simple Human Mistakes
News  |  9/18/2019  | 
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
GitHub Becomes CVE Numbering Authority, Acquires Semmle
Quick Hits  |  9/18/2019  | 
Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.
DevSecOps: Recreating Cybersecurity Culture
Commentary  |  9/18/2019  | 
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
New Security Startup Emerges from Stealth Mode
Quick Hits  |  9/18/2019  | 
GK8 creates proprietary platform for securing blockchain transactions, no Internet needed.
One Arrested in Ecuador's Mega Data Leak
Quick Hits  |  9/18/2019  | 
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
Cryptominer Attacks Ramp Up, Focus on Persistence
News  |  9/18/2019  | 
The latest attacks, such as Skidmap and Smominru, add capabilities to allow them to persist longer on Windows and Linux systems, surviving initial attempts at eliminating them.
24.3M Unsecured Health Records Expose Patient Data, Images
Quick Hits  |  9/18/2019  | 
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
How Ransomware Criminals Turn Friends into Enemies
Commentary  |  9/18/2019  | 
Managed service providers are the latest pawns in ransomware's game of chess.
MITRE Releases 2019 List of Top 25 Software Weaknesses
News  |  9/17/2019  | 
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
Snowden Sued by US Government Over His New Book
Quick Hits  |  9/17/2019  | 
Civil suit argues the former CIA employee and NSA contractor violated his nondisclosure agreements with the two intel agencies.
Five Common Cloud Configuration Mistakes
Commentary  |  9/17/2019  | 
It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.
Cybercriminal's Black Market Pricing Guide
Slideshows  |  9/17/2019  | 
Common prices criminals pay one other for products and services that fuel the cybercriminal ecosystem.
15K Private Webcams Could Let Attackers View Homes, Businesses
Quick Hits  |  9/17/2019  | 
Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.
US Companies Unprepared for Privacy Regulations
Quick Hits  |  9/17/2019  | 
US companies are poorly prepared for even the most rudimentary privacy regulations, a new report says.
Impersonation Fraud Still Effective in Obtaining Code Signatures
News  |  9/17/2019  | 
Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature.
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Commentary  |  9/17/2019  | 
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
Oracle Expands Cloud Security Services at OpenWorld 2019
News  |  9/16/2019  | 
The company broadens its portfolio with new services developed to centralize and automate cloud security.
US Turning Up the Heat on North Korea's Cyber Threat Operations
News  |  9/16/2019  | 
Sanctions on North Korean nation-state hacking groups came amid reports of fresh malicious campaigns directed at US entities from the isolated nation.
Court Rules In Favor of Firm 'Scraping' Public Data
Quick Hits  |  9/16/2019  | 
US appeals court said a company can legally use publicly available LinkedIn account information.
Data Leak Affects Most of Ecuador's Population
News  |  9/16/2019  | 
An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.
Preventing PTSD and Burnout for Cybersecurity Professionals
Commentary  |  9/16/2019  | 
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
Malware Linked to Ryuk Targets Financial & Military Data
News  |  9/13/2019  | 
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
US Sanctions 3 Cyberattack Groups Tied to DPRK
Quick Hits  |  9/13/2019  | 
Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.
6 Questions to Ask Once Youve Learned of a Breach
Slideshows  |  9/13/2019  | 
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
No Quick Fix for Security-Worker Shortfall
News  |  9/13/2019  | 
Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees.
Taking a Fresh Look at Security Ops: 10 Tips
Commentary  |  9/13/2019  | 
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
Instagram Bug Put User Account Details, Phone Numbers at Risk
News  |  9/12/2019  | 
The vulnerability, now patched, is the latest in a series of bad news for Facebook.
Indictments Do Little to Stop Iranian Group from New Attacks on Universities
News  |  9/12/2019  | 
Cobalt Dickens targeted more than 60 universities in the US and elsewhere this summer, according to a new report.
North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants
Quick Hits  |  9/12/2019  | 
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.
Security Leaders Share Tips for Boardroom Chats
Slideshows  |  9/12/2019  | 
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.
A Definitive Guide to Crowdsourced Vulnerability Management
Commentary  |  9/12/2019  | 
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
NetCAT Vulnerability Is Out of the Bag
Quick Hits  |  9/12/2019  | 
Researchers discover a side-channel vulnerability that exploits the network performance-enhancing capabilities of recent Intel server CPUs.
APIs Get Their Own Top 10 Security List
News  |  9/12/2019  | 
OWASP's new list of API weaknesses focuses on issues that have caused recent data breaches and pose common security hazards in modern cloud-based applications.
The Fight Against Synthetic Identity Fraud
Commentary  |  9/12/2019  | 
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
Community Projects Highlight Need for Security Volunteers
News  |  9/11/2019  | 
From university courses to open source self-starters, community software projects aim to solve problems for populations in need. A focus on security is required as well.
Proposed Browser Security Guidelines Would Mean More Work for IT Teams
Commentary  |  9/11/2019  | 
CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.
Fed Kaspersky Ban Made Permanent by New Rules
Quick Hits  |  9/11/2019  | 
A new set of regulations converts the government ban on using Kaspersky products from a temporary rule to one that's permanent.
Page 1 / 2   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9405
PUBLISHED: 2019-09-20
The wp-piwik plugin before 1.0.5 for WordPress has XSS.
CVE-2015-9407
PUBLISHED: 2019-09-20
The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.
CVE-2015-9408
PUBLISHED: 2019-09-20
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
CVE-2019-16533
PUBLISHED: 2019-09-20
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
CVE-2019-16534
PUBLISHED: 2019-09-20
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.