Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

Security Leaders Share Tips for Boardroom Chats

7 Breaches & Hacks That Throw Shade on Biometric Security

6 Ways Airlines and Hotels Can Keep Their Networks Secure

Top Stories

Security Leaders Share Tips for Boardroom ...

7 Steps to Web App Security

7 Breaches & Hacks That Throw Shade on ...

6 Ways Airlines and Hotels Can Keep Their ...

8 Ways to Spot an Insider Threat

News & Commentary

Malware Linked to Ryuk Targets Financial & Military Data

Kelly Sheridan, Staff Editor, Dark Reading

News

A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.

By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2019

0 comments | Read | Post a Comment

US Sanctions 3 Cyber Attack Groups Tied to DPRK

Quick Hits

Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.

By Dark Reading Staff , 9/13/2019

0 comments | Read | Post a Comment

6 Questions to Ask Once You’ve Learned of a Breach

With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.

By Steve Zurier Contributing Writer, 9/13/2019

0 comments | Read | Post a Comment

No Quick Fix for Security-Worker Shortfall

News

Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees.

By Robert Lemos Contributing Writer, 9/13/2019

0 comments | Read | Post a Comment

Taking a Fresh Look at Security Ops: 10 Tips

Commentary

Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.

By Joshua Goldfarb Independent Consultant, 9/13/2019

0 comments | Read | Post a Comment

Escaping Email: Unlocking Message Security for SMS, WhatsApp

Messaging is growing in importance as dislike for email increases. That means knowing how to protect critical data in the messaging era is a must for IT security.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/12/2019

0 comments | Read | Post a Comment

Instagram Bug Put User Account Details, Phone Numbers at Risk

News

The vulnerability, now patched, is the latest in a series of bad news for Facebook.

By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019

0 comments | Read | Post a Comment

Indictments Do Little to Stop Iranian Group from New Attacks on Universities

News

Cobalt Dickens targeted more than 60 universities in the US and elsewhere this summer, according to a new report.

By Jai Vijayan Contributing Writer, 9/12/2019

0 comments | Read | Post a Comment

North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants

Quick Hits

The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.

By Dark Reading Staff , 9/12/2019

0 comments | Read | Post a Comment

Security Leaders Share Tips for Boardroom Chats

Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.

By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019

0 comments | Read | Post a Comment

A Definitive Guide to Crowdsourced Vulnerability Management

David Baker, CSO & VP of Operations, Bugcrowd

Commentary

Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.

By David Baker CSO & VP of Operations, Bugcrowd, 9/12/2019

0 comments | Read | Post a Comment

NetCAT Vulnerability Is Out of the Bag

Quick Hits

Researchers discover a side-channel vulnerability that exploits the network performance-enhancing capabilities of recent Intel server CPUs.

By Dark Reading Staff , 9/12/2019

1 Comment | Read | Post a Comment

Latest Comment: tdsan, DDIO, or Direct Data I/O, is an Intel-exclusive performance enhancement that...

APIs Get Their Own Top 10 Security List

News

OWASP's new list of API weaknesses focuses on issues that have caused recent data breaches and pose common security hazards in modern cloud-based applications.

By Robert Lemos Contributing Writer, 9/12/2019

0 comments | Read | Post a Comment

The Fight Against Synthetic Identity Fraud

Kathleen Peters, SVP & Head of Fraud & Identity, Experian

Commentary

Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.

By Kathleen Peters SVP & Head of Fraud & Identity, Experian, 9/12/2019

0 comments | Read | Post a Comment

Community Projects Highlight Need for Security Volunteers

News

From university courses to open source self-starters, community software projects aim to solve problems for populations in need. A focus on security is required as well.

By Robert Lemos Contributing Writer, 9/11/2019

0 comments | Read | Post a Comment

Proposed Browser Security Guidelines Would Mean More Work for IT Teams

Chris Hickman, Chief Security Officer at Keyfactor

Commentary

CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.

By Chris Hickman Chief Security Officer at Keyfactor, 9/11/2019

0 comments | Read | Post a Comment

Fed Kaspersky Ban Made Permanent by New Rules

Quick Hits

A new set of regulations converts the government ban on using Kaspersky products from a temporary rule to one that's permanent.

By Dark Reading Staff , 9/11/2019

1 Comment | Read | Post a Comment

Latest Comment: kathleenrkeaton, Thank so much

281 Arrested in International BEC Takedown

News

Conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, the Department of Justice reports.

By Kelly Sheridan Staff Editor, Dark Reading, 9/11/2019

0 comments | Read | Post a Comment

Firmware: A New Attack Vector Requiring Industry Leadership

Tony Surak, CMO, DataTribe & Board Member Attila Security, ReFirm Labs

Commentary

It's time for cybersecurity manufacturers and solution providers to step up and show leadership in addressing firmware security. Read why and how.

By Tony Surak CMO, DataTribe & Board Member Attila Security, ReFirm Labs, 9/11/2019

0 comments | Read | Post a Comment

Third-Party Features Leave Websites More Vulnerable to Attack

Quick Hits

A new report points out the dangers to customer data of website reliance on multiple third parties.

By Dark Reading Staff , 9/10/2019

2 comments | Read | Post a Comment

Latest Comment: tdsan, I do agree that there should be better coding methods (i.e. Python is moving...

More Stories

Current Conversations

Posted by Marilyn Cohodas

We've got a new caption contest! Enter and win a $$25 Amazon gift card.

In reply to: Write a Caption, Win a Prize
Post Your Own Reply

Posted by ifaux

"Also, the black market is where individuals post code (even on Github)" GitHub; This is true. A surprising amount of resources intended for questionable use. Blatant in some cases, or thinly veiled as "security tools".

In reply to: Re: Rationale
Post Your Own Reply

Posted by jeenajohn

It is the intent to provide valuable information and best practices, including an understanding of the regulatory process. removalists melbourne

In reply to: removalists melbourne
Post Your Own Reply

Posted by tdsan

DDIO, or Direct Data I/O, is an Intel-exclusive performance enhancement that allows NICs to directly access a processor's L3 cache, completely bypassing the a server's RAM, to increase NIC performance and lower latencies....

In reply to: Interesting
Post Your Own Reply

Posted by tdsan

I do agree that there should be better coding methods (i.e. Python is moving the top of the list from a security perspective). - Most Security Programming Languages It seems that Java, PHP, Javascript and .Net are...

In reply to: Better methods of using code
Post Your Own Reply

Posted by tdsan

1. Data: If AI/ML is a rocket, data is the fuel. AI/ML requires massive amounts of data to help it train models that can do classifications and predictions with high accuracy. Generally, the more data that goes through...

In reply to: Key points that were left out
Post Your Own Reply

Posted by tdsan

Wow, someone who finally gets it. Symantec is in bed with the NSA and other vendors in the US so it would behoove them to protect their sources. Symantec said it was unclear how APT3 had obtained the NSA tools. But it...

In reply to: Re: Rationale
Post Your Own Reply

Posted by REISEN1955

HUGE need for user education here. Do NOT use the same password for years at a time on the same 10 websites you use because it is easy to remember. DO CHANGE it every month if you can. A common construct...

In reply to: Re: Does it really help users?
Post Your Own Reply

Posted by BanduraCSO

Not surprised...unfortunately it's very common...good news is it is changing slowly but surely!

In reply to: Re: This is such an important topic and covered so well in this article
Post Your Own Reply

Posted by REISEN1955

Unfortunaely, the company i work for puts compliance before security.

In reply to: Re: This is such an important topic and covered so well in this article
Post Your Own Reply

Posted by jeenajohn

Writing with style and getting good compliments on the article is quite hard, to be honest.But you've done it so calmly and with so cool feeling and you've nailed the job. This article is possessed with style and I am giving...

In reply to: Www.hotmail.com
Post Your Own Reply

Posted by jeenajohn

Very informative post ! There is a lot of information here that can help any business get started with a successful social networking campaign ! Hotmail login

In reply to: Hotmail login
Post Your Own Reply

More Conversations

Products & Releases

Stanford Launches Foundations of Information Security Course

Darktrace Cyber AI Analyst Investigates Threats At Machine Speed

Trustwave Rolls out Cloud-Based Cybersecurity Platform Called Fusion

PerimeterX Extends Series C to $57M to Expand Web Application Protection Platform

McAfee Report Uncovers Ransomware Resurgence

Business Losses to Cybercrime Data Breaches to Exceed $5 trillion by 2024

Survey: SMBs Continue to Struggle with IT Security

Shared Assessments Brings New Module to Third Party Risk Management Framework

More Products & Releases

PR Newswire

sponsored by



The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.

Escaping Email: Unlocking Message Security for SMS, WhatsApp

Messaging is growing in importance as dislike for email increases. That means knowing how to protect critical data in the messaging era is a must for IT security.

Community Projects Highlight Need for Security Volunteers

From university courses to open source self-starters, community software projects aim to solve problems for populations in need. A focus on security is required as well.

Security Pros' Painless Guide to Machine Intelligence, AI, ML & DL

Artificial intelligence, machine learning, or deep learning? Knowing what the major terms really mean will help you sort through the morass of words on the subject and the security uses of each.

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

Enterprise Connect Conference & Expo 2020 - Registration Now Open!

More Informa Tech Live Events

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: We've got a new caption contest! Enter and win a $$25 Amazon gift card.

Cartoon Archive

White Papers

Hackers & Artificial Intelligence: A Dynamic Duo

2019 State of the Internet/Security: Financial Services Attack Economy

Testing Security Effectiveness

VPNs' Future: Less User Reliant, More Transparent, & Smarter

Data Science & AI in the Fast Lane

More White Papers

Current Issue

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-14540
PUBLISHED: 2019-09-15

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

CVE-2019-16332
PUBLISHED: 2019-09-15

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.

CVE-2019-16333
PUBLISHED: 2019-09-15

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.

CVE-2019-16334
PUBLISHED: 2019-09-15

In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.

CVE-2019-16335
PUBLISHED: 2019-09-15

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Reports

The State of IT Operations and Cybersecurity Operations

Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

More Reports

Flash Poll

All Polls

Video