Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

Holiday Hacks: 6 Cyberthreats to Watch Right Now

6 Ways to Strengthen Your GDPR Compliance Efforts

Top Stories

6 CISO Resolutions for 2019

Holiday Hacks: 6 Cyberthreats to Watch ...

Name That Toon: I Spy

6 Ways to Strengthen Your GDPR Compliance ...

7 Common Breach Disclosure Mistakes

News & Commentary

Email Bomb Threats Follow Sextortion Playbook

Curtis Franklin Jr., Senior Editor at Dark Reading

News

Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/14/2018

0 comments | Read | Post a Comment

Iranian Hackers Target Nuclear Experts, US Officials

Quick Hits

Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.

By Dark Reading Staff , 12/14/2018

0 comments | Read | Post a Comment

Who Are You, Really? A Peek at the Future of Identity

Kelly Sheridan, Staff Editor, Dark Reading

News

Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.

By Kelly Sheridan Staff Editor, Dark Reading, 12/14/2018

0 comments | Read | Post a Comment

Retailers: Avoid the Hackable Holidaze

Commentary

The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.

By Fred Kneip CEO at CyberGRX, 12/14/2018

0 comments | Read | Post a Comment

2019 Attacker Playbook

Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.

By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018

0 comments | Read | Post a Comment

Cybercriminals Change Tactics to Outwit Machine-Learning Defense

Quick Hits

The rise in machine learning for security has forced criminals to rethink how to avoid detection.

By Dark Reading Staff , 12/14/2018

0 comments | Read | Post a Comment

Universities Get Schooled by Hackers

News

Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/13/2018

0 comments | Read | Post a Comment

Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business

News

Enterprises are struggling with familiar old security challenges as a result, new survey shows.

By Jai Vijayan Freelance writer, 12/13/2018

0 comments | Read | Post a Comment

Cybercrime Is World's Biggest Criminal Growth Industry

Quick Hits

The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.

By Dark Reading Staff , 12/13/2018

0 comments | Read | Post a Comment

Setting the Table for Effective Cybersecurity: 20 Culinary Questions

Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA

Commentary

Even the best chefs will produce an inferior product if they begin with the wrong ingredients.

By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 12/13/2018

0 comments | Read | Post a Comment

Education Gets an 'F' for Cybersecurity

Quick Hits

The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.

By Dark Reading Staff , 12/13/2018

0 comments | Read | Post a Comment

The Economics Fueling IoT (In)security

Ariel Kriger, VP Business Development at VDOO

Commentary

Attackers understand the profits that lie in the current lack of security. That must change.

By Ariel Kriger VP Business Development at VDOO, 12/13/2018

0 comments | Read | Post a Comment

Worst Password Blunders of 2018 Hit Organizations East and West

News

Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018

3 comments | Read | Post a Comment

Latest Comment: MarkSitkowski, I think this says it all: linkedin.com/pulse/watch-mark-sitkowski/

Bug Hunting Paves Path to Infosec Careers

News

Ethical hackers use bug bounty programs to build the skills they need to become security professionals.

By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018

0 comments | Read | Post a Comment

U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign

News

McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.

By Jai Vijayan Freelance writer, 12/12/2018

0 comments | Read | Post a Comment

Deception: Honey vs. Real Environments

Dr. Salvatore Stolfo, Fouder & CTO, Allure Security

Commentary

A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.

By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 12/12/2018

0 comments | Read | Post a Comment

Mac Malware Cracks WatchGuard’s Top 10 List

News

Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.

By Steve Zurier Freelance Writer, 12/12/2018

0 comments | Read | Post a Comment

Arctic Wolf Buys RootSecure

Quick Hits

The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.

By Dark Reading Staff , 12/12/2018

0 comments | Read | Post a Comment

Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3

Quick Hits

One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.

By Dark Reading Staff , 12/12/2018

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, I often receive the "your request to delete your gmail account will be processed...

Forget Shifting Security Left; It's Time to Race Left

Jerry Gamblin, Principal Security Engineer, Kenna Security

Commentary

Once DevOps teams decide to shift left, they can finally look forward instead of backward.

By Jerry Gamblin Principal Security Engineer, Kenna Security, 12/12/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by acampbell448

Look deep into my eyes. You are getting sleepy, very sleepy......

In reply to: AI Hypnotist!
Post Your Own Reply

Posted by StephenGiderson

This is not the first coverage I have read whereby usually the employees of that very company are the ones to be doing all the dirty work. Most of the time it is about money whereas on other occasions, it could be out of...

In reply to: Be on guard
Post Your Own Reply

Posted by StephenGiderson

I bet the hackers of the world are just waiting for Toyota to launch some competition for this now. It's probably going to be the best way to test if their security team has done a good enough job trying to protect their...

In reply to: Hit or miss…
Post Your Own Reply

Posted by MarkSindone

I reckon that people in all walks of life need to be given an opportunity to understand the impact of the work that they are doing. It's not just about being in privacy, but even the people who are working in waste collection...

In reply to: Find your passion
Post Your Own Reply

Posted by Ritu_G

Why are these areas always the focus when the topic of cybercrime is being discussed? The same culprits are just there improving their techniques whilst we are out here falling victims to their clever scamming. More users...

In reply to: The same faces
Post Your Own Reply

Posted by Ritu_G

It has become ever so often that we hear of organizations being fined due to their security lax that led to breaches. However, where do those hefty sums of money go to? Are they being channelled to a proper platform that...

In reply to: Channel the fine properly
Post Your Own Reply

Posted by cumberbatch00111

camera, camera everywhere, not a single news to rely on

In reply to: Caption goes like:
Post Your Own Reply

Posted by CameronRobertson

Sadly, I have to admit that I have personally taken online quizzes too just for fun. Some of them even offered rewards which are not that great but hey, who wouldn't want a free gift just for taking an easy 5-minute quiz?...

In reply to: Too easy
Post Your Own Reply

Posted by CameronRobertson

Scammers have been doing this job for decades so they are getting better as we speak. Look at the percentage of victims who became vulnerable just over a phonecall. We need to be vigilant at all costs because only we have...

In reply to: Scam game
Post Your Own Reply

Posted by MarkSitkowski

I think this says it all: linkedin.com/pulse/watch-mark-sitkowski/

In reply to: Is It Really The Password's Fault?
Post Your Own Reply

Posted by tdsan

I wanted to address some of the statements listed: → "Always have a different password for every different service."...and it's impossible to manage them all without technology to help manage the digital identity." Yes,...

In reply to: Interesting article, but I am not so sure the information he provided is correct
Post Your Own Reply

Posted by wkilburn

So now we are monitoring the monitor?

In reply to: Cartoon contest
Post Your Own Reply

More Conversations

Products & Releases

CrowdStrike Part of MITRE ATT&CK Product Evaluation

Vodafone Announces 2019 Global Trends Report, Enterprise Brand Refresh

Trend Micro Research Uncovers Major Flaws in Leading IoT Protocols 12/4/18 7:00 am CST

Application Security for AWS Lambda Customers

Venafi Secures $100M Financing Round Led by TCV

Steve Lipner Appointed Chair of NIST Information Security and Privacy Advisory Board

More Than Half of Companies See Rise in Mobile Security Threats: Bitglass 2018 BYOD Report

King & Union and Farsight Security Announce Strategic Partnership

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Higher Education: 15 Books to Help Cybersecurity Pros Be Better

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

Worst Password Blunders of 2018 Hit Organizations East and West

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3

Dark Reading Staff 12/12/2018

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......

Cartoon Archive

White Papers

Reducing the Human Attack Surface with Phishing Simulations

Know Your Unknowns With a Master IP Address List Audit

Mitigating False-Positives to Improve Software Publishing

Shutting Down Banking Trojans

The Changing Landscape of U.S. Election Security

More White Papers

Current Issue

10 Best Practices That Could Reshape Your IT Security Department

This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-20161
PUBLISHED: 2018-12-15

A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...

CVE-2018-20159
PUBLISHED: 2018-12-15

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...

CVE-2018-20157
PUBLISHED: 2018-12-15

The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.

CVE-2018-20154
PUBLISHED: 2018-12-14

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.

CVE-2018-20155
PUBLISHED: 2018-12-14

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.

Reports

How Enterprises Are Using IT Threat Intelligence

Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.

Download Now!

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

More Reports

Flash Poll

All Polls

Video