Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
6 Small-Business Password Managers
10 Tips for Building Compliance by Design into Cloud Architecture
8 Holiday Security Tips for Retailers
4 Ways to Soothe a Stressed-Out Incident Response Team
8 Tips for More Secure Mobile Computing
News & Commentary
Researchers Find New Approach to Attacking Cloud Infrastructure
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
By Kelly Sheridan Staff Editor, Dark Reading, 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
OpenText to Buy Carbonite for $800M Cash in $1.42B Deal
Dark Reading Staff, Quick Hits
The acquisition was confirmed just six months after Carbonite bought Webroot.
By Dark Reading Staff , 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
Account Fraud Harder to Detect as Criminals Move from Bots to 'Sweat Shops'
Joan Goodchild, Contributing Writer
Cheap labor, frequent data breaches, and better fraud detection technology are fueling frustrating changes in attackers' methods.
By Joan Goodchild Contributing Writer, 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
Joker's Stash Puts $130M Price Tag on Credit Card Database
Dark Reading Staff, Quick Hits
A new analysis advises security teams on what they should know about the underground payment card seller.
By Dark Reading Staff , 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
5 Security Processes You Shouldn't Overlook During M&A
Julie Cullivan, Chief Technology and People Officer, Forescout TechnologiesCommentary
Security needs to be a central element of due diligence if a merger or acquisition is to succeed
By Julie Cullivan Chief Technology and People Officer, Forescout Technologies, 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
New: 2019 State of the Internet / Security: Media Under Assault
Akamai Staff, Akamai Staff
It can't be overstated: Web attacks and credential stuffing are real, long-term threats. This white paper, sponsored by Akamai, focuses on how they are impacting the high-tech, video media, and entertainment sectors.
By Akamai Staff Akamai Staff, 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
4 Ways to Soothe a Stressed-Out Incident Response Team
Joan Goodchild, Contributing Writer
IR teams are under tremendous pressure, often working long hours and putting their needs aside amid a security crisis. Their care is just as important as policy and procedure.
By Joan Goodchild Contributing Writer, 11/8/2019
Comment0 comments  |  Read  |  Post a Comment
Bugcrowd Pays Out Over $500K in Bounties in One Week
Jai Vijayan, Contributing WriterNews
In all, bug hunters from around the world submitted over 6,500 vulnerabilities in October alone.
By Jai Vijayan Contributing Writer, 11/8/2019
Comment0 comments  |  Read  |  Post a Comment
Hospital Cyberattacks Linked to Increase in Heart Attack Mortality
Dark Reading Staff, Quick Hits
Breach remediation processes adversely impact timeliness in patient care and outcomes, a new study finds.
By Dark Reading Staff , 11/8/2019
Comment0 comments  |  Read  |  Post a Comment
Ring Flaw Underscores Impact of IoT Vulnerabilities
Robert Lemos, Contributing WriterNews
A vulnerability in Amazon's Ring doorbell cameras would have allowed a local attacker to gain access to a target's entire wireless network.
By Robert Lemos Contributing Writer, 11/8/2019
Comment0 comments  |  Read  |  Post a Comment
9 Principles to Simplify Security
Menny Barzilay, CEO at Cytactic & Founder of the THINK:CYBER NewsletterCommentary
This isn't a one-size-fits-all situation. Simplify as much as you can, as the saying goes, but no more than that.
By Menny Barzilay CEO at Cytactic & Founder of the THINK:CYBER Newsletter, 11/8/2019
Comment0 comments  |  Read  |  Post a Comment
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading
The right password manager can help bring enterprise-class security to small businesses. Here are a half-dozen candidates to strengthen your access management.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Twitter & Trend Micro Fall Victim to Malicious Insiders
Jai Vijayan, Contributing WriterNews
The companies are the latest on a long and growing list of organizations that have fallen victim to users with legitimate access to enterprise systems and data.
By Jai Vijayan Contributing Writer, 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
TA542 Brings Back Emotet with Late September Spike
Kelly Sheridan, Staff Editor, Dark ReadingNews
Overall volumes of banking Trojans and RATs increased during the third quarter, when Emotet was suspiciously absent until mid-September.
By Kelly Sheridan Staff Editor, Dark Reading, 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
To Prove Cybersecurity's Worth, Create a Cyber Balance Sheet
Andrew Morrison, Principal, Cyber Risk Services, at DeloitteCommentary
How tying and measuring security investments to business impacts can elevate executives' understanding and commitment to cyber-risk reduction.
By Andrew Morrison Principal, Cyber Risk Services, at Deloitte, 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
Capital One Shifts Its CISO to New Role
Dark Reading Staff, Quick Hits
The bank is searching for a new chief information security officer months after its major data breach.
By Dark Reading Staff , 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
PayPal Upsets Microsoft as Phishers' Favorite Brand
Dark Reading Staff, Quick Hits
Several factors edged the world's most popular payment service into the top spot.
By Dark Reading Staff , 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
Find New Talent, Don't Fight Over CISSPs: Insights from (ISC)2 COO
Curtis Franklin Jr., Senior Editor at Dark Reading
The skills gap will only be closed by attracting and retaining new talent. So don't limit your talent search to CISSPs, says the COO of the organization that issues the CISSP certification.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/7/2019
Comment3 comments  |  Read  |  Post a Comment
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQCommentary
There is no premium that will recover the millions of dollars your company spends on R&D if your intellectual property is hacked and stolen.
By Chris Kennedy CISO & VP Customer Success, AttackIQ, 11/7/2019
Comment3 comments  |  Read  |  Post a Comment
Kaspersky Analysis Shines Light on DarkUniverse APT Group
Jai Vijayan, Contributing WriterNews
Threat actor was active between 2009 and 2017, targeting military, government, and private organizations.
By Jai Vijayan Contributing Writer, 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by debrajohansen
Current Conversations thanks
In reply to: thanks
Post Your Own Reply
More Conversations
Products & Releases
Fortress Launches Collaboration to Help Protect the Power Grid from Cyber Threats
CISA Releases Cyber Essentials for Small Businesses and Governments
Cyxtera Technologies Announces Spin Out of Cybersecurity Business
CounterFlow AI and CrowdStrike Partner to Help Companies Accelerate Threat Detection and Response
Major Employers Commit to Build a Stronger Cybersecurity Workforce Pipeline
Adaptiva's Evolve VM Now Scans for Every Vulnerability in the National Vulnerability Database Within 15 Minutes
Fewer than half of cybersecurity professionals have a plan in place to deal with IoT attacks, despite the fact that ninety percent worry about future threats
Threat Stack Announces Python Support for Application Security Monitoring
More Products & Releases
PR Newswire
edge
edge
Account Fraud Harder to Detect as Criminals Move from Bots to 'Sweat Shops'
Cheap labor, frequent data breaches, and better fraud detection technology are fueling frustrating changes in attackers' methods.
New: 2019 State of the Internet / Security: Media Under Assault
It can't be overstated: Web attacks and credential stuffing are real, long-term threats. This white paper, sponsored by Akamai, focuses on how they are impacting the high-tech, video media, and entertainment sectors.
4 Ways to Soothe a Stressed-Out Incident Response Team
IR teams are under tremendous pressure, often working long hours and putting their needs aside amid a security crisis. Their care is just as important as policy and procedure.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations’ risk exposure. While many are confident in their security strategies and processes, they’re also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Flash Poll
Video
Slideshows
Twitter Feed