Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

What You Need to Know About Zero Trust Security

The State of Cyber Security Incident Response

7 Signs of the Rising Threat of Magecart Attacks in 2019

Top Stories

7 Recent Wins Against Cybercrime

What You Need to Know About Zero Trust ...

The State of Cyber Security Incident Response

7 Signs of the Rising Threat of Magecart ...

Name That Toon: End User Lockdown

News & Commentary

First American Financial Corp. Left Mortgage Data Exposed on Website

Quick Hits

Real estate title firm reportedly has closed a hole in its website that had left hundreds of millions of real estate tile insurance files accessible without authentication, according to KrebsOnSecurity.

By Dark Reading Staff , 5/24/2019

0 comments | Read | Post a Comment

Mist Computing Startup Distributes Security AI to the Network Edge

Curtis Franklin Jr., Senior Editor at Dark Reading

News

MistNet, founded by former Juniper employees, moves AI processing to the network edge to build distributed detection and analysis models for security.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/24/2019

0 comments | Read | Post a Comment

NSS Labs Admits Its Test of CrowdStrike Falcon Was 'Inaccurate'

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

CrowdStrike, NSS Labs reach confidential settlement over 2017 endpoint product testing dispute.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/24/2019

0 comments | Read | Post a Comment

How Security Vendors Can Address the Cybersecurity Talent Shortage

Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet

Commentary

The talent gap is too large for any one sector, and cybersecurity vendors have a big role to play in helping to close it.

By Rob Rashotte VP of Global Training and Technical Field Enablement at Fortinet, 5/24/2019

1 Comment | Read | Post a Comment

Latest Comment: ealmer, Fully agree - everybody can and should learn. If you read - you remember 10%,...

7 Recent Wins Against Cybercrime

The increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders.

By Jai Vijayan Contributing Writer, 5/24/2019

0 comments | Read | Post a Comment

Researcher Publishes Four Zero-Day Exploits in Three Days

News

The exploits for local privilege escalation vulnerabilities in Windows could be integrated into malware before Microsoft gets a chance to fix the issues.

By Robert Lemos Contributing Writer, 5/23/2019

0 comments | Read | Post a Comment

To Manage Security Risk, Manage Data First

Kelly Sheridan, Staff Editor, Dark Reading

News

At Interop 2019, IT and security experts urged attendees to focus on data asset management as a means of mitigating risk.

By Kelly Sheridan Staff Editor, Dark Reading, 5/23/2019

0 comments | Read | Post a Comment

Moody's Outlook Downgrade of Equifax: A Wake-up Call to Boards

News

The move provides another spark to light a fire under CISOs to improve how they measure and communicate security risks to the board, security experts say.

By Ericka Chickowski Contributing Writer, 5/23/2019

0 comments | Read | Post a Comment

FEC Gives Green Light for Free Cybersecurity Help in Federal Elections

News

Official opinion issued by the Federal Election Commission to nonprofit Defending Digital Campaigns is good news for free and reduced-cost security offerings to political candidates and committees.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/23/2019

0 comments | Read | Post a Comment

Mobile Exploit Fingerprints Devices with Sensor Calibration Data

Quick Hits

Data from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit.

By Dark Reading Staff , 5/23/2019

0 comments | Read | Post a Comment

Google's Origin & the Danger of Link Sharing

Dr. Salvatore Stolfo, Fouder & CTO, Allure Security

Commentary

How the act of sharing links to files stored in a public cloud puts organizations at risk, and what security teams can do to safeguard data and PII.

By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 5/23/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, How MUCH of your old information is OUT THERE? I just reviewed my linked-in...

Microsoft Opens Defender ATP for Mac to Public Preview

Quick Hits

Users of the security platform who have preview features enabled can access Defender ATP for Mac via the Security Center onboarding section.

By Dark Reading Staff , 5/23/2019

0 comments | Read | Post a Comment

Russian Nation-State Hacking Unit's Tools Get More Fancy

News

APT28/Fancy Bear has expanded its repertoire to more than 30 commands for infecting systems, executing code, and reconnaissance, researchers have found.

By Robert Lemos Contributing Writer, 5/23/2019

0 comments | Read | Post a Comment

Incident Response: 3 Easy Traps & How to Avoid Them

Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC

Commentary

Sage legal advice about navigating a data breach from a troubleshooting cybersecurity outside counsel.

By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 5/23/2019

2 comments | Read | Post a Comment

Latest Comment: REISEN1955, The Landscape itself was changed with first WannaCry in 2017 and then the Experian...

Alphabet's Chronicle Explores Code-Signing Abuse in the Wild

News

A new analysis highlights the prevalence of malware signed by certificate authorities and the problems with trust-based security.

By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2019

0 comments | Read | Post a Comment

New Software Skims Credit Card Info From Online Credit Card Transactions

Quick Hits

The new exploit builds a fake frame around legitimate portions of an online commerce website.

By Dark Reading Staff , 5/22/2019

3 comments | Read | Post a Comment

Latest Comment: REISEN1955, I have to check the techs on that, Clark Howard - our consumer pro down here...

Data Asset Management: What Do You Really Need?

News

At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.

By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2019

0 comments | Read | Post a Comment

Baltimore Email, Other Systems Still Offline from May 7 Ransomware Attack

Quick Hits

The city's mayor says there's no 'exact timeline on when all systems will be restored.'

By Dark Reading Staff , 5/22/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Many have said that towns and civic government in general are on the bare bones...

Proving the Value of Security Awareness with Metrics that 'Deserve More'

Ira Winkler, CISSP, President, Secure Mentem

Commentary

Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.

By Ira Winkler CISSP, President, Secure Mentem, 5/22/2019

0 comments | Read | Post a Comment

DDoS Attacks Up in Q1 After Months of Steady Decline

News

Sudden surge suggests that new actors have stepped up to the plate to replace the old operators.

By Jai Vijayan Contributing Writer, 5/22/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by REISEN1955

The Landscape itself was changed with first WannaCry in 2017 and then the Experian catastrophe - the effective Chernobyl of data breach stories. After these two incidents, data breach and ransomware assumed a whole...

In reply to: Re: InfoSec Law for Dummies (or Engineers)
Post Your Own Reply

Posted by PaulV972

I told you we should worry abit more about vendor lock-in.

In reply to: Caption
Post Your Own Reply

Posted by ealmer

Fully agree - everybody can and should learn. If you read - you remember 10%, if you practice doing- you are up to 75%. Vendors' training is the best place to take people up the learning pyramid by running real cyber...

In reply to: Education is for everybody
Post Your Own Reply

Posted by REISEN1955

I addressed just home users - my bad as most people go to work and therein, not having a basic idea, also commit stupid mistakes in judgment. There is a video here of the subject on user education being critical as...

In reply to: Re: OK but websites are not everything
Post Your Own Reply

Posted by Annesmith

I was unwise to leave my laptop in the same room as my previous boss. Unbeknowst to me, he had replicated the laptop and let the RATS loose. He commenced for three years to infect every laptop, bluetooth device, tablet..you...

In reply to: Rats
Post Your Own Reply

Posted by ToddS207

Microsoft presents software to the public and then they send patches to update it. It seems all of the OEMs are doing the same thing. So shouldn't there be a financial pentality from GDPR that should be placed on the software...

In reply to: Question to the editor - Isn't the problem with the vendor and their lack of Q/A?
Post Your Own Reply

Posted by REISEN1955

How MUCH of your old information is OUT THERE? I just reviewed my linked-in profile and I need to modify my personal bio very badly tonight. OK, that is not vital stuff but tons of old resumes are probably on...

In reply to: Frightening thought too
Post Your Own Reply

Posted by REISEN1955

I have to check the techs on that, Clark Howard - our consumer pro down here in Georgia, advocates for it all of the time. Should be buried under options in your card-holder site, such as Capital One.

In reply to: Re: Temporary card numbers
Post Your Own Reply

Posted by Christian Bryant

This article is a reminder that many engineers are woefully clueless when it comes to cyberlaw and some are clearly the wrong person to have in a room with lawyers after an "event". It also calls to my attention that...

In reply to: InfoSec Law for Dummies (or Engineers)
Post Your Own Reply

Posted by SharonB187

It proves that no organization is safe from making security errors. I wonder why this issue was not identified before.

In reply to: Consider everything and everyone as vulnerable
Post Your Own Reply

Posted by jenshadus

I've done the same for the credit limit. I use only one credit card. Who offers the one time credit card number?

In reply to: Re: Temporary card numbers
Post Your Own Reply

Posted by REISEN1955

Ben saw that management takes locked-down situations very seriously.

In reply to: Re: Pending Review
Post Your Own Reply

More Conversations

Products & Releases

2019 State of Enterprise Secure Access Report

Infocyte Launches Agentless Cloud Workload Protection Platform, Strengthens Capabilities in AWS Environments

Microsoft Joins MANRS to Improve Routing Security

Hunters.AI Raises $5.4M Seed Round to Equip Cybersecurity Teams with Autonomous Threat Hunting Machine

xMatters open-sources its Chaos Engineering tool

Sectigo Sponsors Let’s Encrypt to Enable Certificate Transparency Log Operation

LogRhythm Releases Cloud-Based NextGen Security Information and Event Management (SIEM) Platform

Rackspace and Telos Team Up to Accelerate FedRAMP Journey

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

97% of Americans Can't Ace a Basic Security Test

Steve Zurier, Contributing Writer, 5/20/2019

TeamViewer Admits Breach from 2016

Dark Reading Staff 5/20/2019

New Software Skims Credit Card Info From Online Credit Card Transactions

Dark Reading Staff 5/22/2019

Live Events

Webinars

WorkSpace Connect - Sept 9-11, Dallas - Register Now!

Prepare for the Future of WorkSpaces! Register Today!

Work Styles Are Evolving, Are Your IT Teams Ready?

More Informa Tech Live Events

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: I told you we should worry abit more about vendor lock-in.

Cartoon Archive

White Papers

Building and Managing an IT Security Operations Program

The Vulnerable Landscape: Metrics, Insights & Impact

8 'SOC-as-a-Service' Offerings

Brochure Ribbon: RoboProtect

SANS Review: Securing Your Endpoints with Carbon Black

More White Papers

Current Issue

Building and Managing an IT Security Operations Program

As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-7068
PUBLISHED: 2019-05-24

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

CVE-2019-7069
PUBLISHED: 2019-05-24

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

CVE-2019-7070
PUBLISHED: 2019-05-24

CVE-2019-7071
PUBLISHED: 2019-05-24

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2019-7072
PUBLISHED: 2019-05-24