Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

5 Updates from PCI SSC That You Need to Know
7 Ways VPNs Can Turn from Ally to Threat
Why You Need to Think About API Security
'Playing Around' with Code Keeps Security, DevOps Skills Sharp
Name That Toon: SOC Puppets
News & Commentary
Click2Mail Suffers Data Breach
Dark Reading Staff, Quick Hits
Mail provider discovered customer data being used in spam messages.
By Dark Reading Staff , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
By Steve Zurier Contributing Writer, 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
FBI: Phishing Can Defeat Two-Factor Authentication
Dark Reading Staff, Quick Hits
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
By Dark Reading Staff , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
A Murderers' Row of Poisoning Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading
Poisoning can be used against network infrastructure and applications. Understanding how DNS cache poisoning, machine learning model poisoning and other attacks work can help you prepare the proper antidote.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
Creative Wi-Fi Passwords
Beyond the Edge, Dark Reading
Let's see a hacker figure out one of these.
By Beyond the Edge Dark Reading, 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
Close the Gap Between Cyber-Risk and Business Risk
Brian Contos, CISO & VP of Techology Innovation at VerodinCommentary
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
By By Brian Contos, CISO, Verodin , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
iTunes Zero-Day Exploited to Deliver BitPaymer
Kelly Sheridan, Staff Editor, Dark ReadingNews
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security
Jai Vijayan, Contributing WriterNews
At many organizations, the attitude to securing software appears to be throwing a lot of technology at the problem, a new study finds.
By Jai Vijayan Contributing Writer, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Imperva Details Response to Customer Database Exposure
Dark Reading Staff, Quick Hits
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
By Dark Reading Staff , 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Akamai Snaps Up ChameleonX to Tackle Magecart
Dark Reading Staff, Quick Hits
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
By Dark Reading Staff , 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Works of Art: Cybersecurity Inspires 6 Winning Ideas
Terry Sweeney, Contributing Editor
The Center for Long Term Cybersecurity recently awarded grants to six artists in a contest to come up with ideas for works with security themes and elements. Check 'em out.
By Terry Sweeney Contributing Editor, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at LastlineCommentary
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
By Dr. Giovanni Vigna Chief Technology Officer at Lastline, 10/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Attackers Hide Behind Trusted Domains, HTTPS
Robert Lemos, Contributing WriterNews
One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.
By Robert Lemos Contributing Writer, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Magecart Attack on Volusion Highlights Supply Chain Dangers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Network Security Must Transition into the Cloud Era
John Grady, Analyst at Enterprise Strategy GroupCommentary
An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.
By John Grady Analyst at Enterprise Strategy Group, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing WriterNews
State has highest number of people in information security roles and the most current job openings, Comparitech study finds.
By Jai Vijayan Contributing Writer, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Tool Sprawl Reaches Tipping Point
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How a new open source initiative for interoperable security tools and a wave of consolidation could finally provide some relief for overwhelmed security analysts and SOCs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
USB Drive Security Still Lags
Dark Reading Staff, Quick Hits
While USB drives are frequent pieces of business hardware, a new report says that one-third of US businesses have no policy governing their use.
By Dark Reading Staff , 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers
Dark Reading Staff, Quick Hits
Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers.
By Dark Reading Staff , 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Mia Doyle
Current Conversations really useful, thank you!
In reply to: comment
Post Your Own Reply
More Conversations
PR Newswire
edge
edge
Poisoning can be used against network infrastructure and applications. Understanding how DNS cache poisoning, machine learning model poisoning and other attacks work can help you prepare the proper antidote.
The Center for Long Term Cybersecurity recently awarded grants to six artists in a contest to come up with ideas for works with security themes and elements. Check 'em out.
The unappreciated core of your enterprise IT network needs your security team's TLC. Here are a few ways to give Active Directory the security love it needs.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17537
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.
CVE-2019-17538
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.
CVE-2019-17535
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVE-2019-17536
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
CVE-2019-17533
PUBLISHED: 2019-10-13
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Flash Poll
Video
Slideshows
Twitter Feed