Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
8 Cryptomining Malware Families to Keep on the Radar
The Equifax Breach One Year Later: 6 Action Items for Security Pros
The SOC Gets a Makeover
7 Ways Blockchain is Being Used for Security
TLS 1.3 Won't Break Everything
News & Commentary
Internet-Connected CCTV Cameras Vulnerable to 'Peekaboo' Hack
Jai Vijayan, Freelance writerNews
Zero-day flaw in China-based NUUO's video recorder technology still unfixed three months after vendor was alerted.
By Jai Vijayan Freelance writer, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
The Security Costs of Cloud-Native Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Websites Attack Attempts Rose in Q2
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New data shows hackers hit websites, on average, every 25 minutes.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
IoT Threats Triple Since 2017
Dark Reading Staff, Quick Hits
Rapidly evolving malware is posing an ever-greater threat to the IoT – and business users of the Internet.
By Dark Reading Staff , 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Symantec Offers Free Website Security Service for Midterm Elections
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security vendor offers US election jurisdictions its Project Dolphin phishing/website spoofing-detection service and security resources.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
GovPayNow Leak of 14M+ Records Dates Back to 2012
Dark Reading Staff, Quick Hits
Thousands of US state and local governments use the service to process online payments for everything from traffic tickets to court fines.
By Dark Reading Staff , 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Overhauling the 3 Pillars of Security Operations
Dave Frampton, Vice President of Security Solutions at Sumo LogicCommentary
Modern apps and the cloud mean that organizations must now rethink older security practices.
By Dave Frampton Vice President of Security Solutions at Sumo Logic, 9/18/2018
Comment1 Comment  |  Read  |  Post a Comment
New Xbash Malware a Cocktail of Malicious Functions
Jai Vijayan, Freelance writerNews
The new malware tool targeting Windows and Linux systems combines cryptomining, ransomware, botnet, and self-propagation capabilities.
By Jai Vijayan Freelance writer, 9/17/2018
Comment0 comments  |  Read  |  Post a Comment
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark ReadingNews
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2018
Comment1 Comment  |  Read  |  Post a Comment
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff, Quick Hits
Altaba tells SEC it will incur $47 million to settle consumer litigation for massive Yahoo data breaches.
By Dark Reading Staff , 9/17/2018
Comment2 comments  |  Read  |  Post a Comment
Ransomware Takes Down Airport's Flight Information Screens
Dark Reading Staff, Quick Hits
The attack left airport staff to post flight times and gates on whiteboards at Bristol Airport in Britain.
By Dark Reading Staff , 9/17/2018
Comment0 comments  |  Read  |  Post a Comment
The 7 Habits of Highly Effective Security Teams
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 9/17/2018
Comment0 comments  |  Read  |  Post a Comment
How Secure are our Voting Systems for November 2018?
Dark Reading Staff, CommentaryVideo
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the country’s highly decentralized voting systems to safeguard the integrity of upcoming elections.
By Dark Reading Staff , 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
EternalBlue Infections Persist
Dark Reading Staff, Quick Hits
Indonesia, Taiwan, Vietnam, Thailand, Egypt, Russia, China, among the top 10 nations with the most machines infected with the exploit.
By Dark Reading Staff , 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
Military, Government Users Just as Bad About Password Hygiene as Civilians
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Guccifer to Be Extradited to US for Prison Sentence
Dark Reading Staff, Quick Hits
Four-year, four-month term will follow a longer sentence in hacker's home country of Romania.
By Dark Reading Staff , 9/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Is Only 1 Part of Election Security
Jasson Casey, CTO & SVP, Engineering, at SecurityScorecardCommentary
Protecting the 2018 election cycle means fixing the information infrastructure.
By Jasson Casey CTO & SVP, Engineering, at SecurityScorecard, 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities
Jai Vijayan, Freelance writerNews
One year after Armis disclosed 'BlueBorne,' a large number of Android, Linux, and iOS devices remain unpatched.
By Jai Vijayan Freelance writer, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers bypass a Trusted Computing Group security measure to manipulate the firmware and steal data in memory.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2018
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by WillieBennett
Current Conversations nice  
In reply to: Re: On Firmwarenice
Post Your Own Reply
More Conversations
Products & Releases
CrowdStrike and Secureworks Form Partnership to Integrate Secureworks’ Red Cloak Behavioral Analytics with CrowdStrike’s Endpoint Protection Platform
World-renowned Cybersecurity Veteran Richard Bejtlich Joins Corelight as Principal Security Strategist
Appdome Releases Two New Mobile App Security Protections
Varonis Announces Interoperability with RSA Identity Governance and Lifecycle
HTG 360, Vade Secure Partner to Strengthen Anti-Phishing Capabilities for Office 365 Clients
ThreatConnect Now Integrates with Dragos Worldview Intelligence
Corelight Secures $25 Million in Series B Funding Led by General Catalyst
Former Gartner Security Analyst Ian McShane Joins Endgame As VP Of Product Marketing
More Products & Releases
PR Newswire
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
CVE-2018-16819
PUBLISHED: 2018-09-18
admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests.
CVE-2018-16820
PUBLISHED: 2018-09-18
admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Flash Poll
Video
Slideshows
Twitter Feed