Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

7 SMB Security Tips That Will Keep Your Company Safe
8 Ways Businesses Unknowingly Help Hackers
7 Considerations Before Adopting Security Standards
Works of Art: Cybersecurity Inspires 6 Winning Ideas
Name That Toon: SOC Puppets
News & Commentary
About 50% of Apps Are Accruing Unaddressed Vulnerabilities
Jai Vijayan, Contributing WriterNews
In rush to fix newly discovered security issues, developers are neglecting to address older ones, Veracode study finds.
By Jai Vijayan Contributing Writer, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Alliance Forms to Focus on Securing Operational Technology
Robert Lemos, Contributing WriterNews
While mainly made up of vendors, the Operational Technology Cyber Security Alliance aims to offer security best practices for infrastructure operators and industrial partners.
By Robert Lemos Contributing Writer, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
FIDO-Based Authentication Arrives for Smartwatches
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Nok Nok App SDK for Smart Watch is designed to let businesses implement FIDO-based authentication on smartwatches.
By Kelly Sheridan Staff Editor, Dark Reading, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
Celeste Fralick, Chief Data Scientist & Senior Principal Engineer, McAfeeCommentary
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
By Celeste Fralick Chief Data Scientist & Senior Principal Engineer, McAfee, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
NordVPN Breached Via Data Center Provider's Error
Dark Reading Staff, Quick Hits
The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.
By Dark Reading Staff , 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Autoclerk Database Spills 179GB of Customer, US Government Data
Dark Reading Staff, Quick Hits
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.
By Dark Reading Staff , 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Keeping Too Many Cooks out of the Security Kitchen
Joshua Goldfarb, Independent ConsultantCommentary
A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.
By Joshua Goldfarb Independent Consultant, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Bugcrowd Enters the IT Asset Discovery Business
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New service searches for errant or vulnerable devices on the Internet.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
How Much Security Is Enough? Practitioners Weigh In
Kelly Sheridan, Staff Editor, Dark ReadingNews
Most IT and security pros surveyed say they could afford some, but not all, of the minimum security needed to protect themselves.
By Kelly Sheridan Staff Editor, Dark Reading, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Russian Hackers Using Iranian APT's Infrastructure in Widespread Attacks
Jai Vijayan, Contributing WriterNews
New advisory from the UK's NCSC and the NSA throws fresh light on activity first revealed by Symantec in June.
By Jai Vijayan Contributing Writer, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Partnerships with Intel, Qualcomm, and AMD will bring a new layer of device security that alters the boot process to detect firmware compromise.
By Kelly Sheridan Staff Editor, Dark Reading, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Avast Foils Another CCleaner Attack
Robert Lemos, Contributing WriterNews
'Abiss' attackers used an older VPN profile to get into Avast's network and targeted its CCleaner utility.
By Robert Lemos Contributing Writer, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Turn Alexa and Google Home Into Credential Thieves
Dark Reading Staff, Quick Hits
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
By Dark Reading Staff , 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Trend Micro Buys Cloud Conformity to Fight Cloud Competition
Dark Reading Staff, Quick Hits
The cloud security posture management startup was acquired for a reported $70 million.
By Dark Reading Staff , 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
SOC Operations: 6 Vital Lessons & Pitfalls
Todd Thiemann, Director, Arctic Wolf NetworksCommentary
There is no one road to security operations success, but these guidelines will smooth your path.
By Todd Thiemann Director, Arctic Wolf Networks, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Surviving Security Alert Fatigue: 7 Tools and Techniques
Kelly Sheridan, Staff Editor, Dark Reading
Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load.
By Kelly Sheridan Staff Editor, Dark Reading, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Turning Vision to Reality: A New Road Map for Security Leadership
Curtis Franklin Jr., Senior Editor at Dark Reading
Among the takeaways from a Gartner Symposium/Xpo session: who should be accountable for data security, why security groups should stop thinking of themselves as protectors, and the consequence of locking down 'dumb' users.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Tor Weaponized to Steal Bitcoin
Dark Reading Staff, Quick Hits
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
By Dark Reading Staff , 10/18/2019
Comment3 comments  |  Read  |  Post a Comment
In a Crowded Endpoint Security Market, Consolidation Is Underway
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
CenturyLink Customer Data Exposed
Dark Reading Staff, Quick Hits
Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
By Dark Reading Staff , 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by slotnetwork
Current Conversations very nice blog 
In reply to: Slots Network
Post Your Own Reply
More Conversations
PR Newswire
edge
edge
Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load.
Among the takeaways from a Gartner Symposium/Xpo session: who should be accountable for data security, why security groups should stop thinking of themselves as protectors, and the consequence of locking down 'dumb' users.
In part one of this two-part series, we start with the basics -- getting everyone to understand what's at stake -- and then look at lessons from the trenches.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9501
PUBLISHED: 2019-10-22
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
CVE-2019-16971
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVE-2019-16972
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16973
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2015-9496
PUBLISHED: 2019-10-22
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Flash Poll
Video
Slideshows
Twitter Feed