Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cybercriminal's Black Market Pricing Guide
6 Questions to Ask Once You've Learned of a Breach
Poll Results: Maybe Not Burned Out, But Definitely 'Well Done'
Name That Toon: SOC Puppets
Security Leaders Share Tips for Boardroom Chats
News & Commentary
Deconstructing an iPhone Spearphishing Attack
Marc Rogers, Executive Director of Cybersecurity, OktaCommentary
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
By Marc Rogers Executive Director of Cybersecurity, Okta, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Ping Identity Prices IPO at $15 per Share
Dark Reading Staff, Quick Hits
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
By Dark Reading Staff , 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Crowdsourced Security & the Gig Economy
Alex Haynes, Chief Information Security Officer, CDLCommentary
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
By Alex Haynes Chief Information Security Officer, CDL, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
The 20 Worst Metrics in Cybersecurity
Ericka Chickowski, Contributing Writer
Security leaders are increasingly making their case through metrics, as well they should as long as they're not one of these.
By Ericka Chickowski Contributing Writer, 9/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Saudi IT Providers Hit in Cyber Espionage Operation
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Symantec identifies new 'Tortoiseshell' nation-state group as the attackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
WannaCry Detections At An All-Time High
Jai Vijayan, Contributing WriterNews
More than 12,000 variants of the infamous malware are targeting systems that are still open to the EternalBlue exploit - but the potential danger is low, Sophos warns.
By Jai Vijayan Contributing Writer, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Cybercriminals Exploit Simple Human Mistakes
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
The Top 'Human Hacks' to Watch For Now
Joan Goodchild, Contributing Writer
Social engineering is as old as mankind. But its techniques have evolved with time. Here are the latest tricks criminals are using to dupe end users.
By Joan Goodchild Contributing Writer, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
GitHub Becomes CVE Numbering Authority, Acquires Semmle
Dark Reading Staff, Quick Hits
Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
DevSecOps: Recreating Cybersecurity Culture
Steve Martino, Senior Vice President, Chief Information Security Officer, CiscoCommentary
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
By Steve Martino Senior Vice President, Chief Information Security Officer, Cisco, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
New Security Startup Emerges from Stealth Mode
Dark Reading Staff, Quick Hits
GK8 creates proprietary platform for securing blockchain transactions, no Internet needed.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
One Arrested in Ecuador's Mega Data Leak
Dark Reading Staff, Quick Hits
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
Cryptominer Attacks Ramp Up, Focus on Persistence
Robert Lemos, Contributing WriterNews
The latest attacks, such as Skidmap and Smominru, add capabilities to allow them to persist longer on Windows and Linux systems, surviving initial attempts at eliminating them.
By Robert Lemos Contributing Writer, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
24.3M Unsecured Health Records Expose Patient Data, Images
Dark Reading Staff, Quick Hits
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
A Virus Walks Into a Bar ...
Beyond the Edge, Dark Reading
Laughter is, well, contagious. Jokes begin in earnest at the one-minute mark.
By Beyond the Edge Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Ransomware Criminals Turn Friends into Enemies
Chester Wisniewski, Principal Research Scientist, SophosCommentary
Managed service providers are the latest pawns in ransomware's game of chess.
By Chester Wisniewski Principal Research Scientist, Sophos, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
Poll Results: Maybe Not Burned Out, But Definitely 'Well Done'
Sara Peters, Senior Editor at Dark Reading
Staff shortages and increasingly challenging jobs are turning up the heat on security pros, readers say.
By Sara Peters Senior Editor at Dark Reading, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark ReadingNews
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Snowden Sued by US Government Over His New Book
Dark Reading Staff, Quick Hits
Civil suit argues the former CIA employee and NSA contractor violated his nondisclosure agreements with the two intel agencies.
By Dark Reading Staff , 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Five Common Cloud Configuration Mistakes
Peter Smith, Founder & Chief Executive Officer, Edgewise NetworksCommentary
It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.
By Peter Smith Founder & Chief Executive Officer, Edgewise Networks, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
edge
edge
Security leaders are increasingly making their case through metrics, as well they should -- as long as they're not one of these.
Social engineering is as old as mankind. But its techniques have evolved with time. Here are the latest tricks criminals are using to dupe end users.
Here are five tips about what not to do when assessing the cyber-risk introduced by a third-party supplier.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14994
PUBLISHED: 2019-09-19
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version...
CVE-2019-15000
PUBLISHED: 2019-09-19
The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6....
CVE-2019-15001
PUBLISHED: 2019-09-19
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain rem...
CVE-2019-16398
PUBLISHED: 2019-09-19
On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
CVE-2019-11779
PUBLISHED: 2019-09-19
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Flash Poll
Video
Slideshows
Twitter Feed