Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
The Edge Cartoon Contest: You Better Watch Out ...
6 Top Nontechnical Degrees for Cybersecurity
A Cause You Care About Needs Your Cybersecurity Help
Rethinking Enterprise Data Defense
News & Commentary
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Dark Reading Staff, Quick Hits
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing WriterNews
Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.
By Jai Vijayan Contributing Writer, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
With Aporeto, Palo Alto Looks Away from the Firewall and Toward the Future
Dark Reading Staff, News
Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.
By Special to Dark Reading: Maria Korolov, Data Center Knowledge , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
10 Security 'Chestnuts' We Should Roast Over the Open Fire
Joan Goodchild, Contributing Writer
These outdated security rules we all know (and maybe live by) no longer apply.
By Joan Goodchild Contributing Writer, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Assessments can be used against your company in court proceedings. Here's how to mitigate this potential risk.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Defender ATP Brings EDR Capabilities to macOS
Dark Reading Staff, Quick Hits
Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
The Human Factor: 5 Reasons Why Cybersecurity Is a People Problem
Lysa Myers, Security Researcher, ESETCommentary
The industry can only go so far in treating security as a challenge that can be resolved only by engineering.
By Lysa Myers Security Researcher, ESET, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
Password-Cracking Teams Up in CrackQ Release
Robert Lemos, Contributing WriterNews
The open source platform aims to make password-cracking more manageable and efficient for red teams.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
What's in a Botnet? Researchers Spy on Geost Operators
Kelly Sheridan, Staff Editor, Dark ReadingNews
The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism
Black Hat Staff, News
Investigative journalist Geoff White chats about why now is the right time for his Black Hat Europe Briefing on hackers, journalists, and the ethical ramifications of cybersecurity journalism.
By Alex Wawro, Special to Dark Reading , 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Shades of Shamoon: New Disk-Wiping Malware Targets Middle East Orgs
Jai Vijayan, Contributing WriterNews
'ZeroCleare' shares some of the same features as its more notorious predecessor, IBM Security says.
By Jai Vijayan Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Dark Reading Staff, Quick Hits
Kaspersky creates a prototype ring you can wear on your finger for authentication.
By Dark Reading Staff , 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
The Edge Cartoon Contest: You Better Watch Out ...
John Klossner, Cartoonist
Feeling creative this holiday season? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 12/4/2019
Comment6 comments  |  Read  |  Post a Comment
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, OktaCommentary
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
By Diya Jolly Chief Product Officer, Okta, 12/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Issues Advisory for Windows Hello for Business
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Continue to Exploit Outlook Home Page Flaw
Robert Lemos, Contributing WriterNews
FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Application & Infrastructure Risk Management: You've Been Doing It Backward
John Worrall, Chief Executive Officer at ZeroNorthCommentary
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
By John Worrall Chief Executive Officer at ZeroNorth, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
TrickBot Expands in Japan Ahead of the Holidays
Kelly Sheridan, Staff Editor, Dark ReadingNews
Data indicates TrickBot operators are modifying its modules and launching widespread campaigns around the world.
By Kelly Sheridan Staff Editor, Dark Reading, 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
When Rogue Insiders Go to the Dark Web
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Employees gone bad sell stolen company information, sometimes openly touting their companies, researchers say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
What Security Leaders Can Learn from Marketing
Christopher Kenessey, Chief Executive Officer at NetMotion SoftwareCommentary
Employees can no longer be pawns who must be protected all the time. They must become partners in the battle against threats.
By Christopher Kenessey Chief Executive Officer at NetMotion Software, 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
70 Top Hackers from Around the World Gathered in Finland for the 5G Cybersecurity Hackathon
Kaspersky finds ransomware now targeting back-up data
New Genetec Research Shows Almost 4 in 10 Security Cameras Can Be at Risk of Cyberattack Due to Outdated Firmware
LastPass Goes Passwordless
TrueFort Bolsters Management Team with 3 'Company Builder' Female Executives
TrueFort Unveils Application Detection and Response Platform to Secure Applications & Cloud Workloads
Tanium Announces Key Platform Enhancements to Help Customers Achieve Visibility, Management & Security Across Endpoints
Allure Security Unveils Anti-Phishing Solution
More Products & Releases
PR Newswire
edge
edge
10 Security 'Chestnuts' We Should Roast Over the Open Fire
These outdated security rules we all know (and maybe live by) no longer apply.
New: State of the Internet: Web Attacks and Gaming Abuse
Attackers see credential abuse as a low-risk venture with potential for a high payout, at least for now.
A Cause You Care About Needs Your Cybersecurity Help
By donating their security expertise, infosec professionals are supporting nonprofits, advocacy groups, and communities in need.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The security team seem to be taking SiegeWare seriously" 
White Papers
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16770
PUBLISHED: 2019-12-05
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
CVE-2019-19609
PUBLISHED: 2019-12-05
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
CVE-2019-16768
PUBLISHED: 2019-12-05
Exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation m...
CVE-2012-1105
PUBLISHED: 2019-12-05
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
CVE-2019-16769
PUBLISHED: 2019-12-05
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash...
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Flash Poll
Video
Slideshows
Twitter Feed