Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Security Leaders Share Tips for Boardroom Chats
7 Steps to Web App Security
7 Breaches & Hacks That Throw Shade on Biometric Security
6 Ways Airlines and Hotels Can Keep Their Networks Secure
8 Ways to Spot an Insider Threat
News & Commentary
Poll Results: Maybe Not Burned Out, But Definitely 'Well Done'
Sara Peters, Senior Editor at Dark Reading
Staff shortages and an increasingly challenging job are turning up the heat on security pros, Dark Reading readers say.
By Sara Peters Senior Editor at Dark Reading, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark ReadingNews
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Snowden Sued by US Government Over His New Book
Dark Reading Staff, Quick Hits
Civil suit argues the former CIA employee and NSA contractor violated his nondisclosure agreements with the two intel agencies.
By Dark Reading Staff , 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Five Common Cloud Configuration Mistakes
Peter Smith, Founder & Chief Executive Officer, Edgewise NetworksCommentary
It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.
By Peter Smith Founder & Chief Executive Officer, Edgewise Networks, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercriminal's Black Market Pricing Guide
Ericka Chickowski, Contributing Writer
Common prices criminals pay one other for products and services that fuel the cybercriminal ecosystem.
By Ericka Chickowski Contributing Writer, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
15K Private Webcams Could Let Attackers View Homes, Businesses
Dark Reading Staff, Quick Hits
Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.
By Dark Reading Staff , 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
US Companies Unprepared for Privacy Regulations
Dark Reading Staff, Quick Hits
US companies are poorly prepared for even the most rudimentary privacy regulations, a new report says.
By Dark Reading Staff , 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Impersonation Fraud Still Effective in Obtaining Code Signatures
Robert Lemos, Contributing WriterNews
Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature.
By Robert Lemos Contributing Writer, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Jim Gordon, GM, Ecosystem Strategy & Business Development, Intel Platform Security DivisionCommentary
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
By Jim Gordon GM, Ecosystem Strategy & Business Development, Intel Platform Security Division, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Oracle Expands Cloud Security Services at OpenWorld 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company broadens its portfolio with new services developed to centralize and automate cloud security.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing WriterNews
Sanctions on North Korean nation-state hacking groups came amid reports of fresh malicious campaigns directed at US entities from the isolated nation.
By Jai Vijayan Contributing Writer, 9/16/2019
Comment3 comments  |  Read  |  Post a Comment
How a PIA Can CYA
Terry Sweeney, Contributing Editor
More than a compliance mandate, privacy impact assessments can also spot risks early in the product development cycle.
By Terry Sweeney Contributing Editor, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Court Rules In Favor of Firm 'Scraping' Public Data
Dark Reading Staff, Quick Hits
US appeals court said a company can legally use publicly available LinkedIn account information.
By Dark Reading Staff , 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Data Leak Affects Most of Ecuador's Population
Kelly Sheridan, Staff Editor, Dark ReadingNews
An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat SecurityCommentary
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
By Craig Hinkley CEO, WhiteHat Security, 9/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Malware Linked to Ryuk Targets Financial & Military Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
US Sanctions 3 Cyberattack Groups Tied to DPRK
Dark Reading Staff, Quick Hits
Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.
By Dark Reading Staff , 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
6 Questions to Ask Once You’ve Learned of a Breach
Steve Zurier, Contributing Writer
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
By Steve Zurier Contributing Writer, 9/13/2019
Comment1 Comment  |  Read  |  Post a Comment
No Quick Fix for Security-Worker Shortfall
Robert Lemos, Contributing WriterNews
Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees.
By Robert Lemos Contributing Writer, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Taking a Fresh Look at Security Ops: 10 Tips
Joshua Goldfarb, Independent ConsultantCommentary
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
By Joshua Goldfarb Independent Consultant, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
KnowBe4 to Offer $10,000 Women in Cybersecurity Scholarship, Summer 2020 Internship
New IRONSCALES Research Finds Microsoft ATP Takes Up to 250 Days to Create Phishing Attack Signatures
Lacework Closes $42M Financing Round & Adds Cloud Security Leader Andy Byron as President
CISA Launches First Annual President's Cup Cybersecurity Competition
Nexusguard research reveals 1,000% increase in DNS amplification attacks
Stanford Launches Foundations of Information Security Course
Darktrace Cyber AI Analyst Investigates Threats At Machine Speed
Trustwave Rolls out Cloud-Based Cybersecurity Platform Called Fusion
More Products & Releases
PR Newswire
edge
edge
Any Advice for Assessing Third-Party Risk?
Here are five tips about what not to do when assessing the cyber-risk introduced by a third-party supplier.
How a PIA Can CYA
More than a compliance mandate, privacy impact assessments can also spot risks early in the product development cycle.
Escaping Email: Unlocking Message Security for SMS, WhatsApp
Messaging is growing in importance as dislike for email increases. That means knowing how to protect critical data in the messaging era is a must for IT security.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16395
PUBLISHED: 2019-09-17
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
CVE-2019-16396
PUBLISHED: 2019-09-17
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.
CVE-2019-16199
PUBLISHED: 2019-09-17
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process.
CVE-2019-16391
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
CVE-2019-16392
PUBLISHED: 2019-09-17
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Flash Poll
Video
Slideshows
Twitter Feed