Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

6 Security Scams Set to Sweep This Summer
GDPR's First-Year Impact By the Numbers
What 3 Powerful GoT Women Teach Us about Cybersecurity
7 Container Components That Increase a Network's Security
The State of IT Operations and Cybersecurity Operations
News & Commentary
How Fraudulent Domains 'Hide in Plain Sight'
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2019
Comment1 Comment  |  Read  |  Post a Comment
DHS Tests Remote Exploit for BlueKeep RDP Vulnerability
Jai Vijayan, Contributing WriterNews
Agency urges organizations with vulnerable systems to apply mitigations immediately.
By Jai Vijayan Contributing Writer, 6/17/2019
Comment0 comments  |  Read  |  Post a Comment
Power Outage Hits Millions in South America
Dark Reading Staff, Quick Hits
The outage, which is not (so far) seen as the result of a cyberattack, still had a significant impact on network and server availability.
By Dark Reading Staff , 6/17/2019
Comment0 comments  |  Read  |  Post a Comment
New Decryptor Unlocks Latest Versions of Gandcrab
Dark Reading Staff, Quick Hits
The decryptor neutralizes GandCrab versions 5.0 through 5.2 and lets victims unlock their files for free.
By Dark Reading Staff , 6/17/2019
Comment0 comments  |  Read  |  Post a Comment
Utilities, Nations Need Better Plan Against Critical Infrastructure Attackers
Robert Lemos, Contributing WriterNews
The attackers behind the Triton, or Xenotime, intrusions into critical infrastructure (CI) safety systems are testing their skills against electric power companies. Options for defense are still limited, however.
By Robert Lemos Contributing Writer, 6/17/2019
Comment0 comments  |  Read  |  Post a Comment
The Life-Changing Magic of Tidying Up the Cloud
Kaus Phaltankar, CEO and Co-Founder at CaveonixCommentary
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
By Kaus Phaltankar CEO and Co-Founder at Caveonix, 6/17/2019
Comment0 comments  |  Read  |  Post a Comment
10 Notable Security Acquisitions of 2019 (So Far)
Kelly Sheridan, Staff Editor, Dark Reading
In a year when security companies have been snapped up left and right, these deals stand out from the chaos.
By Kelly Sheridan Staff Editor, Dark Reading, 6/15/2019
Comment1 Comment  |  Read  |  Post a Comment
Common Hacker Tool Hit with Hackable Vulnerability
Dark Reading Staff, Quick Hits
A researcher has found a significant exploit in one of the most frequently used text editors.
By Dark Reading Staff , 6/14/2019
Comment1 Comment  |  Read  |  Post a Comment
Better Cybersecurity Research Requires More Data Sharing
Robert Lemos, Contributing WriterNews
Researchers at the Workshop on the Economics of Information Security highlight the cost savings of sharing cybersecurity data and push for greater access to information on breaches, attacks, and incidents.
By Robert Lemos Contributing Writer, 6/14/2019
Comment0 comments  |  Read  |  Post a Comment
Sensory Overload: Filtering Out Cybersecurity's Noise
Joshua Goldfarb, Independent ConsultantCommentary
No organization can prioritize and mitigate hundreds of risks effectively. The secret lies in carefully filtering out the risks, policies, and processes that waste precious time and resources.
By Joshua Goldfarb Independent Consultant, 6/14/2019
Comment0 comments  |  Read  |  Post a Comment
Triton Attackers Seen Scanning US Power Grid Networks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The development follows speculation and concern among security experts that the attack group would expand its scope to the power grid.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/14/2019
Comment0 comments  |  Read  |  Post a Comment
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/13/2019
Comment4 comments  |  Read  |  Post a Comment
Cyberattack Hits Aircraft Parts Manufacturer
Dark Reading Staff, Quick Hits
Belgium's Asco has shut down manufacturing around the world, including the US, in response to a major cybersecurity event, but what happened isn't clear.
By Dark Reading Staff , 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
Congress Gives 'Hack Back' Legislation Another Try
Dark Reading Staff, Quick Hits
Officials reintroduce a bill that would let businesses monitor attacker behavior and target intruders on corporate networks.
By Dark Reading Staff , 6/13/2019
Comment1 Comment  |  Read  |  Post a Comment
The CISO's Drive to Consolidation
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
Cutting back on the number of security tools you're using can save money and leave you safer. Here's how to get started.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer
Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.
By Ericka Chickowski Contributing Writer, 6/13/2019
Comment4 comments  |  Read  |  Post a Comment
Google Adds Two-Factor Authentication For Its Apps on iOS
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Android-based two-factor authentication now works for Google applications on iPad and iPhone.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/13/2019
Comment1 Comment  |  Read  |  Post a Comment
The Rise of 'Purple Teaming'
Joseph R. Salazar, Technical Marketing EngineerCommentary
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.
By Joseph R. Salazar Technical Marketing Engineer, 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
Black Hat Q&A: Defending Against Cheaper, Accessible Deepfake Tech
Black Hat Staff,  News
ZeroFoxs Matt Price and Mike Price discuss their work researching cybersecurity responses to the rising tide of deepfake videos.
By Alex Wawro, Special to Dark Reading , 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
BlueKeep RDP Vulnerability a Ticking Time Bomb
Jai Vijayan, Contributing WriterNews
One month after Microsoft disclosed the flaw, nearly 1 million systems remain unpatched, and Internet scans looking for vulnerable systems have begun increasing.
By Jai Vijayan Contributing Writer, 6/13/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12868
PUBLISHED: 2019-06-18
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
CVE-2019-12865
PUBLISHED: 2019-06-17
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
CVE-2017-10720
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed o...
CVE-2017-10721
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car ga...
CVE-2017-10722
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is install...
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Flash Poll
Video
Slideshows
Twitter Feed