Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
The 10 Essentials of Infosec Forensics
Frank Taylor: Better Processes Lead to Tighter Security
7 Hot Cybersecurity Trends to Be Highlighted at Black Hat
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
News & Commentary
Penetration Test Data Shows Risk to Domain Admin Credentials
Jai Vijayan, Contributing WriterNews
But gaining a foothold on the LAN via vulnerabilities on Internet-facing assets is becoming harder, Rapid7 found in its real-world pen tests.
By Jai Vijayan Contributing Writer, 7/23/2019
Comment0 comments  |  Read  |  Post a Comment
Business Email Compromise: Thinking Beyond Wire Transfers
Kelly Sheridan, Staff Editor, Dark ReadingNews
As BEC continues to drive record-high losses, cybercriminals devise new tactics for swindling corporate targets out of millions.
By Kelly Sheridan Staff Editor, Dark Reading, 7/23/2019
Comment0 comments  |  Read  |  Post a Comment
Bug Bounties Continue to Rise as Google Boosts its Payouts
Robert Lemos, Contributing WriterNews
Reward for vulnerability research climbed 83% in the past year.
By Robert Lemos Contributing Writer, 7/23/2019
Comment0 comments  |  Read  |  Post a Comment
Russia Attempted to De-Anonymize Tor Browser: Report
Dark Reading Staff, Quick Hits
An attempt to crack Tor was one of many projects hackers discovered when they broke into Russian intelligence contractor SyTech.
By Dark Reading Staff , 7/23/2019
Comment0 comments  |  Read  |  Post a Comment
CISA Warns Public About the Risks of 5G
Dark Reading Staff, Quick Hits
Vulnerabilities include everything from physical risks through the supply chain to business risks.
By Dark Reading Staff , 7/23/2019
Comment0 comments  |  Read  |  Post a Comment
The War for Cyber Talent Will Be Won by Retention not Recruitment
Sundeep Nehra & Dr. Mary Kay Vona, Financial Services Organization, Ernst & Young LLPCommentary
Six steps for creating a work environment that challenges, stimulates, rewards, and constantly engages employees fighting the good fight against cybercriminals.
By Sundeep Nehra & Dr. Mary Kay Vona Financial Services Organization, Ernst & Young LLP, 7/23/2019
Comment1 Comment  |  Read  |  Post a Comment
Equifax to Pay Up to $700mn for Data Breach Damages
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In a settlement with the FTC, consumers affected by the breach are eligible for up to $20,000 in a cash settlement, depending on damages they can prove.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/22/2019
Comment1 Comment  |  Read  |  Post a Comment
How Cybercriminals Break into the Microsoft Cloud
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.
By Kelly Sheridan Staff Editor, Dark Reading, 7/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Firmware Vulnerabilities Show Supply Chain Risks
Dark Reading Staff, Quick Hits
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk.
By Dark Reading Staff , 7/22/2019
Comment0 comments  |  Read  |  Post a Comment
Ex-NSA Contractor Gets 9 Years for Retaining Defense Data
Dark Reading Staff, Quick Hits
Law enforcement recovered two decades' worth of stolen material from the home and car of former government contractor Harold Martin.
By Dark Reading Staff , 7/22/2019
Comment4 comments  |  Read  |  Post a Comment
CISO Pressures: Why the Role Stinks and How to Fix It
Rick McElroy, Principal Security Strategist at Carbon BlackCommentary
CISOs spend much less time in their role than other members of the boardroom. It's a serious problem that must be addressed.
By Rick McElroy Principal Security Strategist at Carbon Black, 7/22/2019
Comment0 comments  |  Read  |  Post a Comment
6 Actions That Made GDPR Real in 2019
Steve Zurier, Contributing Writer
In the wake of recent fines levied against British Airways, Marriott, and Facebook, companies are starting to take data privacy and security more seriously.
By Steve Zurier Contributing Writer, 7/22/2019
Comment0 comments  |  Read  |  Post a Comment
Malware in PyPI Code Shows Supply Chain Risks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/19/2019
Comment0 comments  |  Read  |  Post a Comment
Europol Head Fears 5G Will Give Criminals an Edge
Dark Reading Staff, Quick Hits
Catherine De Bolle is concerned law enforcement will lose its ability to track criminals with the arrival of 5G networks.
By Dark Reading Staff , 7/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Mirai Groups Target Business IoT Devices
Robert Lemos, Contributing WriterNews
More than 30% of Mirai attacks, and an increasing number of variants of the malicious malare, are going after enterprise IoT devices, raising the stakes for business.
By Robert Lemos Contributing Writer, 7/19/2019
Comment1 Comment  |  Read  |  Post a Comment
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPENCommentary
Why apples-to-apples performance tests are the only way to accurately gauge the impact of network security products and solutions.
By Brian Monkman Executive Director at NetSecOPEN, 7/19/2019
Comment3 comments  |  Read  |  Post a Comment
Security Lessons From a New Programming Language
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/18/2019
Comment0 comments  |  Read  |  Post a Comment
BitPaymer Ransomware Operators Wage Custom, Targeted Attacks
Jai Vijayan, Contributing WriterNews
A new framework is allowing the threat group to compile variants of the malware for each victim, Morphisec says.
By Jai Vijayan Contributing Writer, 7/18/2019
Comment0 comments  |  Read  |  Post a Comment
RDP Bug Takes New Approach to Host Compromise
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers show how simply connecting to a rogue machine can silently compromise the host.
By Kelly Sheridan Staff Editor, Dark Reading, 7/18/2019
Comment3 comments  |  Read  |  Post a Comment
Open Source Hacking Tool Grows Up
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Koadic toolkit gets upgrades and a little love from nation-state hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/18/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
sponsored by alkamai

The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.

Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10101
PUBLISHED: 2019-07-23
ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side valid...
CVE-2019-10102
PUBLISHED: 2019-07-23
Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). The impact is: Remote code execution with the same privileges as the...
CVE-2019-10102
PUBLISHED: 2019-07-23
Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive information disclosure. The component is: updateProcInsIdByBusinessId() function in src/main/java/com.thinkgem.jeesite/modules/act/ActDao.java has SQL Injection vulnerability. The attack vector is: network connectivity,authenticat...
CVE-2018-18670
PUBLISHED: 2019-07-23
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/config_form_update.php cf_1~10 parameter.
CVE-2018-18672
PUBLISHED: 2019-07-23
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Flash Poll
Video
Slideshows
Twitter Feed