Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
8 Cryptomining Malware Families to Keep on the Radar
The Equifax Breach One Year Later: 6 Action Items for Security Pros
The SOC Gets a Makeover
7 Ways Blockchain is Being Used for Security
TLS 1.3 Won't Break Everything
News & Commentary
The 'Opsec Fail' That Helped Unmask a North Korean State Hacker
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How Park Jin Hyok – charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks – inadvertently blew his cover via email accounts.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
Dark Reading Staff, Quick Hits
Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.
By Dark Reading Staff , 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Ericka Chickowski, Contributing Writer, Dark Reading
Move beyond generic, annual security awareness training with these important tips.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/21/2018
Comment1 Comment  |  Read  |  Post a Comment
US Approves Cyber Weapons Against Foreign Enemies
Dark Reading Staff, Quick Hits
The White House is changing the rules on its use of digital weapons to fight adversaries targeting US networks.
By Dark Reading Staff , 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Data Manipulation: How Security Pros Can Respond to an Emerging Threat
PJ Kirner, CTO & Founder, IllumioCommentary
Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
By PJ Kirner CTO & Founder, Illumio, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Executive Branch Makes Significant Progress As DMARC Deadline Nears
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The DHS directive on email security has an approaching deadline that most departments in the executive branch might actually meet.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/21/2018
Comment0 comments  |  Read  |  Post a Comment
Think Like An Attacker: How a Red Team Operates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Retail Sector Second-Worst Performer on Application Security
Jai Vijayan, Freelance writerNews
A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
By Jai Vijayan Freelance writer, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Account Takeover Attacks Become a Phishing Fave
Dark Reading Staff, Quick Hits
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
By Dark Reading Staff , 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
3 Drivers Behind the Increasing Frequency of DDoS Attacks
Carlos Morales, Vice President of Global Sales Engineering and Operations at NETSCOUTCommentary
What's causing the uptick? Motivation, opportunity, and new capabilities.
By Carlos Morales Vice President of Global Sales Engineering and Operations at NETSCOUT, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Japanese Cryptocurrency Exchange Hit with $60M Theft
Dark Reading Staff, Quick Hits
The incident highlights a broader problem of poor security in cryptocurrency exchanges throughout the country.
By Dark Reading Staff , 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin SystemsCommentary
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018
Comment4 comments  |  Read  |  Post a Comment
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Suit underscores longtime battle between vendors and labs over control of security testing protocols.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/19/2018
Comment4 comments  |  Read  |  Post a Comment
Cryptojackers Grow Dramatically on Enterprise Networks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new report shows that illicit cryptomining malware is growing by leaps and bounds on the networks of unsuspecting victims.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
As Tech Drives the Business, So Do CISOs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
Mirai Hackers' Sentence Includes No Jail Time
Dark Reading Staff, Quick Hits
The trio behind Mirai sentenced to probation and public service in return for cooperation with law enforcement and researchers.
By Dark Reading Staff , 9/19/2018
Comment2 comments  |  Read  |  Post a Comment
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, YubicoCommentary
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
By John Fontana Standards & Identity Analyst, Yubico, 9/19/2018
Comment5 comments  |  Read  |  Post a Comment
FBI: Phishing Attacks Aim to Swap Payroll Information
Dark Reading Staff, Quick Hits
Social engineering scams target employees' payroll credentials so attackers can access and change their bank account data.
By Dark Reading Staff , 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Success for New CISOs
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
You've been hired to make an impact. These tips can help set you up for continued success.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
8 Keys to a Successful Penetration Test
Curtis Franklin Jr., Senior Editor at Dark Reading
Pen tests are expensive, but there are key factors that can make them worth the investment.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Williamastro
Current Conversations Nice
In reply to: Thanks for sharing
Post Your Own Reply
Posted by arianapham
Current Conversations good idea.I agree with you
In reply to: thank
Post Your Own Reply
More Conversations
Products & Releases
CrowdStrike and Secureworks Form Partnership to Integrate Secureworks’ Red Cloak Behavioral Analytics with CrowdStrike’s Endpoint Protection Platform
World-renowned Cybersecurity Veteran Richard Bejtlich Joins Corelight as Principal Security Strategist
Appdome Releases Two New Mobile App Security Protections
Varonis Announces Interoperability with RSA Identity Governance and Lifecycle
HTG 360, Vade Secure Partner to Strengthen Anti-Phishing Capabilities for Office 365 Clients
ThreatConnect Now Integrates with Dragos Worldview Intelligence
Corelight Secures $25 Million in Series B Funding Led by General Catalyst
Former Gartner Security Analyst Ian McShane Joins Endgame As VP Of Product Marketing
More Products & Releases
PR Newswire
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17368
PUBLISHED: 2018-09-23
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
CVE-2018-17369
PUBLISHED: 2018-09-23
An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter.
CVE-2018-17400
PUBLISHED: 2018-09-23
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application.
CVE-2018-17401
PUBLISHED: 2018-09-23
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature.
CVE-2018-17402
PUBLISHED: 2018-09-23
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number.
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Flash Poll
Video
Slideshows
Twitter Feed