Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

7 SMB Security Tips That Will Keep Your Company Safe

8 Ways Businesses Unknowingly Help Hackers

7 Considerations Before Adopting Security Standards

Works of Art: Cybersecurity Inspires 6 Winning Ideas

Top Stories

7 SMB Security Tips That Will Keep Your ...

8 Ways Businesses Unknowingly Help Hackers

7 Considerations Before Adopting Security ...

Works of Art: Cybersecurity Inspires 6 ...

Name That Toon: SOC Puppets

News & Commentary

Tor Weaponized to Steal Bitcoin

Quick Hits

A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.

By Dark Reading Staff , 10/18/2019

0 comments | Read | Post a Comment

In A Crowded Endpoint Security Market, Consolidation Is Underway

Kelly Sheridan, Staff Editor, Dark Reading

News

Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.

By Kelly Sheridan Staff Editor, Dark Reading, 10/18/2019

0 comments | Read | Post a Comment

CenturyLink Customer Data Exposed

Quick Hits

Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.

By Dark Reading Staff , 10/18/2019

0 comments | Read | Post a Comment

Glitching: The Hardware Attack that can Disrupt Secure Software

Glitching (or fault-injection) attacks aren't easy (yet). But get ready, because as the IoT grows, these attacks will be a big reason that hardware security should be part of your cybersecurity planning.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/18/2019

0 comments | Read | Post a Comment

SOC Puppet: Dark Reading Caption Contest Winners

Marilyn Cohodas, Managing Editor, Dark Reading

Commentary

Social engineering, SOC analysts, and Sock puns. And the winners are:

By Marilyn Cohodas Managing Editor, Dark Reading, 10/18/2019

0 comments | Read | Post a Comment

Older Amazon Devices Subject to Old Wi-Fi Vulnerability

Quick Hits

The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.

By Dark Reading Staff , 10/17/2019

0 comments | Read | Post a Comment

Debug Feature in Web Dev Tool Exposed Trump Campaign Site, Others to Attack

News

The problem is not with the tool itself but with how some developers and administrators are using it, Comparitech says.

By Jai Vijayan Contributing Writer, 10/17/2019

0 comments | Read | Post a Comment

Phishing Campaign Targets Stripe Credentials, Financial Data

News

Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.

By Kelly Sheridan Staff Editor, Dark Reading, 10/17/2019

0 comments | Read | Post a Comment

State of SMB Insecurity by the Numbers

SMBs still perceive themselves at low risk from cyberthreats — in spite of attack statistics that paint a different pictur

By Ericka Chickowski Contributing Writer, 10/17/2019

0 comments | Read | Post a Comment

Smart Prevention: How Every Enterprise Can Create Human Firewalls

Debby Briggs, Chief Security Officer at NETSCOUT

Commentary

Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.

By Debby Briggs Chief Security Officer at NETSCOUT, 10/17/2019

0 comments | Read | Post a Comment

Yahoo Breach Victims May Qualify for $358 Payout

Quick Hits

Pending approval of the settlement, affected account holders may be eligible for a payout or two years of free credit monitoring.

By Dark Reading Staff , 10/17/2019

0 comments | Read | Post a Comment

Cozy Bear Emerges from Hibernation to Hack EU Ministries

News

The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.

By Robert Lemos Contributing Writer, 10/17/2019

0 comments | Read | Post a Comment

Data Privacy Protections for the Most Vulnerable — Children

Commentary

The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.

By Dimitri Sirota Founder & CEO of BigID, 10/17/2019

2 comments | Read | Post a Comment

Latest Comment: WarnR, Sadly, it's not just companies that need to change their focus to protect children...

Typosquatting Websites Proliferate in Run-up to US Elections

News

People who mistype the URL for their political candidate or party's website could end up on an opposing party or candidate's website, Digital Shadow's research shows.

By Jai Vijayan Contributing Writer, 10/16/2019

0 comments | Read | Post a Comment

How to Build a Rock-Solid Cybersecurity Culture

In part one of this two-part series, we start with the basics — getting everyone to understand what's at stake — and then look at lessons from the trenches.

By Joan Goodchild Contributing Writer, 10/16/2019

0 comments | Read | Post a Comment

Cybersecurity Advice From Betty White

Among the beloved entertainer's advice: "Double bag those passwords." Thanks, Betty.

By Beyond the Edge Dark Reading, 10/16/2019

0 comments | Read | Post a Comment

SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance

Quick Hits

The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.

By Dark Reading Staff , 10/16/2019

0 comments | Read | Post a Comment

Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures

James Plouffe, Lead Architect at MobileIron

Commentary

The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.

By James Plouffe Lead Architect at MobileIron, 10/16/2019

0 comments | Read | Post a Comment

Google Cloud Launches Security Health Analytics in Beta

Quick Hits

The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.

By Dark Reading Staff , 10/16/2019

0 comments | Read | Post a Comment

Cryptojacking Worm Targets and Infects 2,000 Docker Hosts

News

Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.

By Robert Lemos Contributing Writer, 10/16/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by Marilyn Cohodas

Check outthe latest from Dark Reading cartoonist John Klossner!

In reply to: Funny cartoon!
Post Your Own Reply

Posted by WarnR

Sadly, it's not just companies that need to change their focus to protect children but also schools. Schools will bypass getting parents consent by allowing companies, like Google (Google Classroom) or DoJo, to be "School...

In reply to: Also schools
Post Your Own Reply

Posted by Crypt0L0cker

Kind of surprised, I was pretty sure that this is Chinese hacker group... What are the names of those underground forums, which are talked about in the article?

In reply to: Sodinokibi Ransomware: Where Attackers' Money Goes">RE:Sodinokibi Ransomware: Where Attackers' Money Goes
Post Your Own Reply

Posted by jevans1230

The old using of sock puppets for Shoulder Surfing technique.

In reply to: Shoulder Surfing
Post Your Own Reply

Posted by jevans1230

I've heard of using alternative power sources for Disaster Recovery but this is ridiculous.

In reply to: Disaster Recovery
Post Your Own Reply

Posted by underestimatess

Day 34: They still haven't noticed we replaced the entire SOC with socks.

In reply to: Sock Puppet Cartoon Contest
Post Your Own Reply

Posted by gif-washco

I have heard and read articles that graduates and inexperienced job candidates cannot get into the cybersecurity field because companies expect certifications for entry-level positions. Someone with CISSP or GIAC certs would...

In reply to: Does not address companies unreasonably seeking "experienced" and "certified" entry-levels
Post Your Own Reply

Posted by Assignmenthelp

Assignment Help Firm provides the best assignment help to the college and university students. Our experts provide 100% plagiarism free content for college and university students.

In reply to: Assignment Help Firm
Post Your Own Reply

Posted by WN2QU

I agree %100 - the author here is akin to using PTSD to sensationalize his article. I have a background in education where I worked in some of the lowest income public schools, trauma & PTSD are much more severe, watching...

In reply to: Re: PTSD is not correct here
Post Your Own Reply

Posted by DonD95004

Here's a great video review of certs specifically geared towards penetration testing from an experienced reviewer: https://www.youtube.com/watch?v=sSXhF0C0QlI&feature=youtu.be

In reply to: Pentesting Specific Certs
Post Your Own Reply

Posted by onlineit1

Microsoft Power BI is the trending BI tool in the IT market. The demand for this product has increased day-to-day. Microsoft has released the Power BI latest updates to attract more and more customers in the IT...

In reply to: Power BI latest updates
Post Your Own Reply

Posted by mcavanaugh1

To confirm, most of the claims declined and firms that are suing their insurer attempted to file a claim under a non-cyber policy. Mondelez is the case most reference however they tried to get coverage under their...

In reply to: Re: Cyber Insurance claim
Post Your Own Reply

More Conversations

Products & Releases

Duo Security Raises $70 Million, Earning Valuation of More than $1 Billion

Resecurity Forms Team to Deliver In-Depth Analysis of Data Inside Context™ Platform

Akamai Edge Platform Increases Security Protections For Content, Sites, Apps

ThreatConnect Wins SOAR Platform of the Year Award in 2019 CyberSecurity Breakthrough Awards

Forcepoint Delivers Global Security Cloud Offering

Forescout Delivers Impact-Based Security Risk Assessment Tool for Industrial Control System and Operational Technology Networks

Deloitte Consumer Privacy in Retail Survey: The Next Regulatory and Competitive Frontier

FireEye Launches Digital Threat Monitoring to Protect Organizations' Brands, People & Data

More Products & Releases

PR Newswire

How to Build a Rock-Solid Cybersecurity Culture

In part one of this two-part series, we start with the basics -- getting everyone to understand what's at stake -- and then look at lessons from the trenches.

14 Hot Cybersecurity Certifications Right Now

In an industry where certifications can make or break a job candidacy, which ones have security pros been going after in 2019?

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

More Informa Tech Live Events

Cartoon

Latest Comment: Check outthe latest from Dark Reading cartoonist John Klossner!

Cartoon Archive

White Papers

IDC Workbook: Cloud Security Roadmap

9 Ways Cybercriminals Disrupt Business Operations

7 Experts Discuss Evaluating MSSPs

The DevOps Roadmap for Security

How to Combat Island Hopping

More White Papers

Current Issue

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-18214
PUBLISHED: 2019-10-19

The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)

CVE-2019-18202
PUBLISHED: 2019-10-19

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.

CVE-2019-18209
PUBLISHED: 2019-10-19

templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.

CVE-2019-18198
PUBLISHED: 2019-10-18

In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.

CVE-2019-18197
PUBLISHED: 2019-10-18

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...

Reports

2019 Online Malware and Threats

As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?

Download Now!

The State of IT Operations and Cybersecurity Operations

0 comments

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

More Reports

Flash Poll

All Polls

Video