Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

7 SMB Security Tips That Will Keep Your Company Safe
8 Ways Businesses Unknowingly Help Hackers
7 Considerations Before Adopting Security Standards
Works of Art: Cybersecurity Inspires 6 Winning Ideas
Name That Toon: SOC Puppets
News & Commentary
Tor Weaponized to Steal Bitcoin
Dark Reading Staff, Quick Hits
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
By Dark Reading Staff , 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
In A Crowded Endpoint Security Market, Consolidation Is Underway
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
CenturyLink Customer Data Exposed
Dark Reading Staff, Quick Hits
Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
By Dark Reading Staff , 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Glitching: The Hardware Attack that can Disrupt Secure Software
Curtis Franklin Jr., Senior Editor at Dark Reading
Glitching (or fault-injection) attacks aren't easy (yet). But get ready, because as the IoT grows, these attacks will be a big reason that hardware security should be part of your cybersecurity planning.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
SOC Puppet: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Social engineering, SOC analysts, and Sock puns. And the winners are:
By Marilyn Cohodas Managing Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Older Amazon Devices Subject to Old Wi-Fi Vulnerability
Dark Reading Staff, Quick Hits
The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.
By Dark Reading Staff , 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Debug Feature in Web Dev Tool Exposed Trump Campaign Site, Others to Attack
Jai Vijayan, Contributing WriterNews
The problem is not with the tool itself but with how some developers and administrators are using it, Comparitech says.
By Jai Vijayan Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Phishing Campaign Targets Stripe Credentials, Financial Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
By Kelly Sheridan Staff Editor, Dark Reading, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
By Ericka Chickowski Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Debby Briggs, Chief Security Officer at NETSCOUTCommentary
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
By Debby Briggs Chief Security Officer at NETSCOUT, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Yahoo Breach Victims May Qualify for $358 Payout
Dark Reading Staff, Quick Hits
Pending approval of the settlement, affected account holders may be eligible for a payout or two years of free credit monitoring.
By Dark Reading Staff , 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Cozy Bear Emerges from Hibernation to Hack EU Ministries
Robert Lemos, Contributing WriterNews
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.
By Robert Lemos Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Protections for the Most Vulnerable Children
Dimitri Sirota, Founder & CEO of BigIDCommentary
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
By Dimitri Sirota Founder & CEO of BigID, 10/17/2019
Comment2 comments  |  Read  |  Post a Comment
Typosquatting Websites Proliferate in Run-up to US Elections
Jai Vijayan, Contributing WriterNews
People who mistype the URL for their political candidate or party's website could end up on an opposing party or candidate's website, Digital Shadow's research shows.
By Jai Vijayan Contributing Writer, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
How to Build a Rock-Solid Cybersecurity Culture
Joan Goodchild, Contributing Writer
In part one of this two-part series, we start with the basics getting everyone to understand what's at stake and then look at lessons from the trenches.
By Joan Goodchild Contributing Writer, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Advice From Betty White
Beyond the Edge, Dark Reading
Among the beloved entertainer's advice: "Double bag those passwords." Thanks, Betty.
By Beyond the Edge Dark Reading, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
Dark Reading Staff, Quick Hits
The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
By Dark Reading Staff , 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
James Plouffe, Lead Architect at MobileIronCommentary
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
By James Plouffe Lead Architect at MobileIron, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Launches Security Health Analytics in Beta
Dark Reading Staff, Quick Hits
The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.
By Dark Reading Staff , 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cryptojacking Worm Targets and Infects 2,000 Docker Hosts
Robert Lemos, Contributing WriterNews
Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.
By Robert Lemos Contributing Writer, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
edge
edge
In part one of this two-part series, we start with the basics -- getting everyone to understand what's at stake -- and then look at lessons from the trenches.
In an industry where certifications can make or break a job candidacy, which ones have security pros been going after in 2019?
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Flash Poll
Video
Slideshows
Twitter Feed