Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

7 SMB Security Tips That Will Keep Your Company Safe
8 Ways Businesses Unknowingly Help Hackers
7 Considerations Before Adopting Security Standards
Works of Art: Cybersecurity Inspires 6 Winning Ideas
Name That Toon: SOC Puppets
News & Commentary
Sophos for Sale: Thoma Bravo Offers $3.9B
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.
By Kelly Sheridan Staff Editor, Dark Reading, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Cyber Theft, Humint Helped China Cut Corners on Passenger Jet
Jai Vijayan, Contributing WriterNews
Beijing likely saved a lot of time and billions of dollars by copying components for its C919 plane from others, a new report from CrowdStrike says.
By Jai Vijayan Contributing Writer, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Pitney Bowes Hit by Ransomware
Dark Reading Staff, Quick Hits
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
By Dark Reading Staff , 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Tamper Protection Arrives for Microsoft Defender ATP
Dark Reading Staff, Quick Hits
The feature, designed to block unauthorized changes to security features, is now generally available.
By Dark Reading Staff , 10/14/2019
Comment2 comments  |  Read  |  Post a Comment
When Using Cloud, Paranoia Can Pay Off
Robert Lemos, Contributing WriterNews
Journalists are increasingly concerned about what cloud providers may access or share with governments - and companies should worry as well.
By Robert Lemos Contributing Writer, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
Kevin Gosschalk, CEO of Arkose LabsCommentary
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
By Kevin Gosschalk CEO of Arkose Labs, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Click2Mail Suffers Data Breach
Dark Reading Staff, Quick Hits
Mail provider discovered customer data being used in spam messages.
By Dark Reading Staff , 10/11/2019
Comment1 Comment  |  Read  |  Post a Comment
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
By Steve Zurier Contributing Writer, 10/11/2019
Comment1 Comment  |  Read  |  Post a Comment
FBI: Phishing Can Defeat Two-Factor Authentication
Dark Reading Staff, Quick Hits
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
By Dark Reading Staff , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
A Murderers' Row of Poisoning Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading
Poisoning can be used against network infrastructure and applications. Understanding how DNS cache poisoning, machine learning model poisoning, and other attacks work can help you prepare the proper antidote.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
Creative Wi-Fi Passwords
Beyond the Edge, Dark Reading
Let's see a hacker figure out one of these.
By Beyond the Edge Dark Reading, 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
Close the Gap Between Cyber-Risk and Business Risk
Brian Contos, CISO & VP of Techology Innovation at VerodinCommentary
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
By By Brian Contos, CISO, Verodin , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
iTunes Zero-Day Exploited to Deliver BitPaymer
Kelly Sheridan, Staff Editor, Dark ReadingNews
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security
Jai Vijayan, Contributing WriterNews
At many organizations, the attitude to securing software appears to be throwing a lot of technology at the problem, a new study finds.
By Jai Vijayan Contributing Writer, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Imperva Details Response to Customer Database Exposure
Dark Reading Staff, Quick Hits
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
By Dark Reading Staff , 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Akamai Snaps Up ChameleonX to Tackle Magecart
Dark Reading Staff, Quick Hits
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
By Dark Reading Staff , 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Works of Art: Cybersecurity Inspires 6 Winning Ideas
Terry Sweeney, Contributing Editor
The Center for Long Term Cybersecurity recently awarded grants to six artists in a contest to come up with ideas for works with security themes and elements. Check 'em out.
By Terry Sweeney Contributing Editor, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at LastlineCommentary
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
By Dr. Giovanni Vigna Chief Technology Officer at Lastline, 10/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Attackers Hide Behind Trusted Domains, HTTPS
Robert Lemos, Contributing WriterNews
One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.
By Robert Lemos Contributing Writer, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Magecart Attack on Volusion Highlights Supply Chain Dangers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Mia Doyle
Current Conversations really useful, thank you!
In reply to: comment
Post Your Own Reply
More Conversations
PR Newswire
edge
edge
Poisoning can be used against network infrastructure and applications. Understanding how DNS cache poisoning, machine learning model poisoning, and other attacks work can help you prepare the proper antidote.
The Center for Long Term Cybersecurity recently awarded grants to six artists in a contest to come up with ideas for works with security themes and elements. Check 'em out.
The unappreciated core of your enterprise IT network needs your security team's TLC. Here are a few ways to give Active Directory the security love it needs.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Flash Poll
Video
Slideshows
Twitter Feed