Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
The Edge Cartoon Contest: You Better Watch Out ...
6 Top Nontechnical Degrees for Cybersecurity
A Cause You Care About Needs Your Cybersecurity Help
Rethinking Enterprise Data Defense
News & Commentary
How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC
Jai Vijayan, Contributing WriterNews
Money meant to fund an Israeli startup wound up directly deposited to the scammers.
By Jai Vijayan Contributing Writer, 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
Data Center Provider CyrusOne Confirms Ransomware Attack
Dark Reading Staff, Quick Hits
The attack struck CyrusOne's managed services division and compromised six customers primarily serviced by a New York data center.
By Dark Reading Staff , 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
Senators Call for End to Controversial NSA Program
Dark Reading Staff, Quick Hits
The program for collecting telephone call metadata has faced increased scrutiny and restrictions since Edward Snowden revealed its existence in 2013.
By Dark Reading Staff , 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?
Steve Zurier, Contributing Writer
Passwordless authentication advocates see 2020 as a potential turning point year for the technology. But can the industry get off the dime?
By Steve Zurier Contributing Writer, 12/6/2019
Comment1 Comment  |  Read  |  Post a Comment
Success Enablers or Silent Killers?
Douglas Ferguson, Founder & CTO, Pharos SecurityCommentary
These five success enablers will help CISOs report, measure, and demonstrate ROI to the C-suite.
By Douglas Ferguson Founder & CTO, Pharos Security, 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Dark Reading Staff, Quick Hits
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing WriterNews
Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.
By Jai Vijayan Contributing Writer, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
With Aporeto, Palo Alto Looks Away from the Firewall and Toward the Future
Dark Reading Staff, News
Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.
By Special to Dark Reading: Maria Korolov, Data Center Knowledge , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
10 Security 'Chestnuts' We Should Roast Over the Open Fire
Joan Goodchild, Contributing Writer
These outdated security rules we all know (and maybe live by) no longer apply.
By Joan Goodchild Contributing Writer, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Assessments can be used against your company in court proceedings. Here's how to mitigate this potential risk.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Defender ATP Brings EDR Capabilities to macOS
Dark Reading Staff, Quick Hits
Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
The Human Factor: 5 Reasons Why Cybersecurity Is a People Problem
Lysa Myers, Security Researcher, ESETCommentary
The industry can only go so far in treating security as a challenge that can be resolved only by engineering.
By Lysa Myers Security Researcher, ESET, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
Password-Cracking Teams Up in CrackQ Release
Robert Lemos, Contributing WriterNews
The open source platform aims to make password-cracking more manageable and efficient for red teams.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
What's in a Botnet? Researchers Spy on Geost Operators
Kelly Sheridan, Staff Editor, Dark ReadingNews
The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism
Black Hat Staff, News
Investigative journalist Geoff White chats about why now is the right time for his Black Hat Europe Briefing on hackers, journalists, and the ethical ramifications of cybersecurity journalism.
By Alex Wawro, Special to Dark Reading , 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Shades of Shamoon: New Disk-Wiping Malware Targets Middle East Orgs
Jai Vijayan, Contributing WriterNews
'ZeroCleare' shares some of the same features as its more notorious predecessor, IBM Security says.
By Jai Vijayan Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Dark Reading Staff, Quick Hits
Kaspersky creates a prototype ring you can wear on your finger for authentication.
By Dark Reading Staff , 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
The Edge Cartoon Contest: You Better Watch Out ...
John Klossner, Cartoonist
Feeling creative this holiday season? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 12/4/2019
Comment7 comments  |  Read  |  Post a Comment
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, OktaCommentary
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
By Diya Jolly Chief Product Officer, Okta, 12/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Issues Advisory for Windows Hello for Business
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Tenable Acquires Indegy
Nuspire Hires Lewie Dunsworth As New CEO
70 Top Hackers from Around the World Gathered in Finland for the 5G Cybersecurity Hackathon
Kaspersky finds ransomware now targeting back-up data
New Genetec Research Shows Almost 4 in 10 Security Cameras Can Be at Risk of Cyberattack Due to Outdated Firmware
LastPass Goes Passwordless
TrueFort Bolsters Management Team with 3 'Company Builder' Female Executives
TrueFort Unveils Application Detection and Response Platform to Secure Applications & Cloud Workloads
More Products & Releases
PR Newswire
edge
edge
Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?
Passwordless authentication advocates see 2020 as a potential turning point year for the technology. But can the industry get off the dime?
10 Security 'Chestnuts' We Should Roast Over the Open Fire
These outdated security rules we all know (and maybe live by) no longer apply.
New: State of the Internet: Web Attacks and Gaming Abuse
Attackers see credential abuse as a low-risk venture with potential for a high payout, at least for now.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Flash Poll
Video
Slideshows
Twitter Feed