Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Slideshows

Latest Content
Page 1 / 2   >   >>
Effective Pen Tests Follow These 7 Steps
Slideshows  |  5/14/2019  | 
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
Demystifying the Dark Web: What You Need to Know
Slideshows  |  5/10/2019  | 
The Dark Web and Deep Web are not the same, neither is fully criminal, and more await in this guide to the Internet's mysterious corners.
The 2019 State of Cloud Security
Slideshows  |  5/3/2019  | 
Enterprise cloud security is making real progress, but emerging technologies call for security teams to keep up the pace.
7 Types of Experiences Every Security Pro Should Have
Slideshows  |  4/29/2019  | 
As the saying goes, experience is the best teacher. It'll also make you a better and more well-rounded security pro.
How to Build a Cloud Security Model
Slideshows  |  4/26/2019  | 
Security experts point to seven crucial steps companies should be taking as they move data and processes to cloud environments.
7 Ways to Get the Most from Your IDS/IPS
Slideshows  |  4/23/2019  | 
Intrusion detection and prevention is at the foundation of successful security in-depth. Securing the perimeter requires a solid understanding of these two critical components.
Third-Party Cyber-Risk by the Numbers
Slideshows  |  4/19/2019  | 
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
7 Tips for an Effective Employee Security Awareness Program
Slideshows  |  4/17/2019  | 
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
8 'SOC-as-a-Service' Offerings
Slideshows  |  4/12/2019  | 
These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.
8 Steps to More Effective Small Business Security
Slideshows  |  4/8/2019  | 
Small business face the same security challenges as large enterprises but with much smaller security teams. Here are 8 things to do to get the most from yours.
6 Essential Skills Cybersecurity Pros Need to Develop in 2019
Slideshows  |  4/3/2019  | 
In a time of disruption in the security and tech worlds, cybersecurity professionals can't afford to become complacent even in the face of a skills shortage.
7 Malware Families Ready to Ruin Your IoT's Day
Slideshows  |  3/29/2019  | 
This latest list of Internet of Things miscreants doesn't limit itself to botnets, like Mirai.
10 Movies All Security Pros Should Watch
Slideshows  |  3/26/2019  | 
Don't expect to read about any of the classics, like 'War Games' or 'Sneakers,' which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.
Inside Incident Response: 6 Key Tips to Keep in Mind
Slideshows  |  3/22/2019  | 
Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.
6 Ways Mature DevOps Teams Are Killing It in Security
Slideshows  |  3/19/2019  | 
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
7 Low-Cost Security Tools
Slideshows  |  3/15/2019  | 
Security hardware doesn't have to be expensive or complex to do the job. Here are seven examples of low-cost hardware that could fill a need in your security operations.
6 Questions to Ask While Buying a Connected Car
Slideshows  |  3/5/2019  | 
Here are six questions to keep in mind when you walk into the showroom to buy a networked car.
Your Employees Want to Learn. How Should You Teach Them?
Slideshows  |  2/26/2019  | 
Security practitioners are most likely to stay at organizations that offer career development. Here are eight tips to consider as you plan your course of action.
6 Tips for Getting the Most from Your VPN
Slideshows  |  2/22/2019  | 
VPNs are critical for information security. But simply having these cozy security tunnels in the toolkit isn't enough to keep an organization's data safe.
6 Tax Season Tips for Security Pros
Slideshows  |  2/19/2019  | 
Here are some practical ways to keep your company safe as Uncle Sam comes calling.
Security Spills: 9 Problems Causing the Most Stress
Slideshows  |  2/14/2019  | 
Security practitioners reveal what's causing them the most frustration in their roles.
2019 Security Spending Outlook
Slideshows  |  2/12/2019  | 
Cybersecurity and IT risk budgets continue to grow. Here's how they'll be spent.
6 Reasons to Be Wary of Encryption in Your Enterprise
Slideshows  |  2/8/2019  | 
Encryption can be critical to data security, but it's not a universal panacea.
7 Tips for Communicating with the Board
Slideshows  |  2/6/2019  | 
The key? Rather than getting bogged down in the technical details, focus on how a security program is addressing business risk.
6 Security Tips Before You Put a Digital Assistant to Work
Slideshows  |  2/4/2019  | 
If you absolutely have to have Amazon Alexa or Google Assistant in your home, heed the following advice.
Access Control Lists: 6 Key Principles to Keep in Mind
Slideshows  |  1/30/2019  | 
Build them carefully and maintain them rigorously, and ACLs will remain a productive piece of your security infrastructure for generations of hardware to come.
Credential Compromises by the Numbers
Slideshows  |  1/25/2019  | 
Recent statistics show just how much credential stealing has become a staple in the attacker playbook.
Real-World Threats That Trump Spectre & Meltdown
Slideshows  |  1/22/2019  | 
New side-channel attacks are getting lots of attention, but other more serious threats should top your list of threats.
8 Tips for Monitoring Cloud Security
Slideshows  |  1/18/2019  | 
Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
7 Privacy Mistakes That Keep Security Pros on Their Toes
Slideshows  |  1/15/2019  | 
When it comes to privacy, it's the little things that can lead to big mishaps.
6 Serverless and Containerization Trends CISOs Should Track
Slideshows  |  1/11/2019  | 
Security leaders must stay on top of a fast-moving world of cloud deployment options.
6 Ways to Beat Back BEC Attacks
Slideshows  |  1/9/2019  | 
Don't assume your employees know how to spot business email compromises they need some strong training and guidance on how to respond in the event of an attack.
How Intel Has Responded to Spectre and Meltdown
Slideshows  |  1/4/2019  | 
In a newly published editorial and video, Intel details what specific actions it has taken in the wake of the discovery of the CPU vulnerabilities.
6 Ways to Anger Attackers on Your Network
Slideshows  |  12/26/2018  | 
Because you can't hack back without breaking the law, these tactics will frustrate, deceive, and annoy intruders instead.
7 Business Metrics Security Pros Need to Know
Slideshows  |  12/21/2018  | 
These days, security has to speak the language of business. These KPIs will get you started.
8 Security Tips to Gift Your Loved Ones For the Holidays
Slideshows  |  12/18/2018  | 
Before the wrapping paper starts flying, here's some welcome cybersecurity advice to share with friends and family.
2019 Attacker Playbook
Slideshows  |  12/14/2018  | 
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Slideshows  |  12/12/2018  | 
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
6 CISO Resolutions for 2019
Slideshows  |  12/10/2018  | 
The ultimate to-do list for ambitious security leaders.
7 Common Breach Disclosure Mistakes
Slideshows  |  12/6/2018  | 
How you report a data breach can have a big impact on its fallout.
6 Ways to Strengthen Your GDPR Compliance Efforts
Slideshows  |  12/5/2018  | 
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Slideshows  |  11/30/2018  | 
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
7 Real-Life Dangers That Threaten Cybersecurity
Slideshows  |  11/26/2018  | 
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
2018 Hacker Kids Gift Guide
Slideshows  |  11/21/2018  | 
Fun gift choices that foster design thinking and coding skills in kids both young and old.
7 Holiday Security Tips for Retailers
Slideshows  |  11/19/2018  | 
It's the most wonderful time of the year and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Slideshows  |  11/15/2018  | 
Building cybersecurity skills is a must; paying a lot for the education is optional. Here are seven options for increasing knowledge without depleting a budget.
7 Cool New Security Tools to be Revealed at Black Hat Europe
Slideshows  |  11/12/2018  | 
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
What You Should Know About Grayware (and What to Do About It)
Slideshows  |  11/9/2018  | 
Grayware is a tricky security problem, but there are steps you can take to defend your organization when you recognize the risk.
20 Cybersecurity Firms to Watch
Slideshows  |  11/7/2018  | 
A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year.
7 Non-Computer Hacks That Should Never Happen
Slideshows  |  11/5/2018  | 
From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.
Page 1 / 2   >   >>


Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Artist Uses Malware in Installation
Dark Reading Staff 5/17/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12198
PUBLISHED: 2019-05-20
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
CVE-2019-12185
PUBLISHED: 2019-05-20
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web r...
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.