Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
8 Cryptomining Malware Families to Keep on the Radar
The Equifax Breach One Year Later: 6 Action Items for Security Pros
The SOC Gets a Makeover
7 Ways Blockchain is Being Used for Security
TLS 1.3 Won't Break Everything
News & Commentary
New Xbash Malware a Cocktail of Malicious Functions
Jai Vijayan, Freelance writerNews
The new malware tool targeting Windows and Linux systems combines cryptomining, ransomware, botnet, and self-propagation capabilities.
By Jai Vijayan Freelance writer, 9/17/2018
Comment0 comments  |  Read  |  Post a Comment
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark ReadingNews
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2018
Comment1 Comment  |  Read  |  Post a Comment
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff, Quick Hits
Altaba tells SEC it will incur $47 million to settle consumer litigation for massive Yahoo data breaches.
By Dark Reading Staff , 9/17/2018
Comment2 comments  |  Read  |  Post a Comment
Ransomware Takes Down Airport's Flight Information Screens
Dark Reading Staff, Quick Hits
The attack left airport staff to post flight times and gates on whiteboards at Bristol Airport in Britain.
By Dark Reading Staff , 9/17/2018
Comment0 comments  |  Read  |  Post a Comment
The 7 Habits of Highly Effective Security Teams
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 9/17/2018
Comment0 comments  |  Read  |  Post a Comment
How Secure are our Voting Systems for November 2018?
Dark Reading Staff, CommentaryVideo
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the country’s highly decentralized voting systems to safeguard the integrity of upcoming elections.
By Dark Reading Staff , 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
EternalBlue Infections Persist
Dark Reading Staff, Quick Hits
Indonesia, Taiwan, Vietnam, Thailand, Egypt, Russia, China, among the top 10 nations with the most machines infected with the exploit.
By Dark Reading Staff , 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
Military, Government Users Just as Bad About Password Hygiene as Civilians
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Guccifer to Be Extradited to US for Prison Sentence
Dark Reading Staff, Quick Hits
Four-year, four-month term will follow a longer sentence in hacker's home country of Romania.
By Dark Reading Staff , 9/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Is Only 1 Part of Election Security
Jasson Casey, CTO & SVP, Engineering, at SecurityScorecardCommentary
Protecting the 2018 election cycle means fixing the information infrastructure.
By Jasson Casey CTO & SVP, Engineering, at SecurityScorecard, 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities
Jai Vijayan, Freelance writerNews
One year after Armis disclosed 'BlueBorne,' a large number of Android, Linux, and iOS devices remain unpatched.
By Jai Vijayan Freelance writer, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers bypass a Trusted Computing Group security measure to manipulate the firmware and steal data in memory.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2018
Comment2 comments  |  Read  |  Post a Comment
Enterprise Security Needs an Open Data Solution
Carey Nachenberg, Chief Scientist at ChronicleCommentary
What would it look like if more than a tiny fraction of enterprises had access to all the signals hidden in their big data today?
By Carey Nachenberg Chief Scientist at Chronicle, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
Kelihos Botnet Operator Pleads Guilty in Federal Court
Dark Reading Staff, Quick Hits
The 38-year-old Russian national operated several botnets and infected thousands of systems with malware.
By Dark Reading Staff , 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
Bomgar Buys BeyondTrust
Dark Reading Staff, Quick Hits
The companies join forces to broaden their privileged access management portfolio and will take on the BeyondTrust name.
By Dark Reading Staff , 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Increasingly Vulnerable Software Supply Chain
Thomas Etheridge, Vice President of Services, CrowdStrikeCommentary
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
By Thomas Etheridge Vice President of Services, CrowdStrike, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
Modular Malware Brings Stealthy Attacks to Former Soviet States
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new malware technique is making phishing attacks harder to spot when they succeed.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Malware Campaign Targeting Jaxx Wallet Holders Shut Down
Kelly Sheridan, Staff Editor, Dark ReadingNews
A site spoofing the official Jaxx website was discovered packing several infections for Windows and Mac machines, and has been shut down.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Creators of Tools for Building Malicious Office Docs Ditch Old Exploits
Jai Vijayan, Freelance writerNews
In their place is a collection of new exploits for more recently disclosed — and therefore not likely widely patched — vulnerabilities.
By Jai Vijayan Freelance writer, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
New Study Details Business Benefits of Biometrics
Dark Reading Staff, Quick Hits
Biometric authentication can be good for security and for business, according to a new study from Goode Intelligence
By Dark Reading Staff , 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by DorisHuntley
Current Conversations Rignt
In reply to: Re: Passwords, people. Passwords.
Post Your Own Reply
More Conversations
Products & Releases
CrowdStrike and Secureworks Form Partnership to Integrate Secureworks’ Red Cloak Behavioral Analytics with CrowdStrike’s Endpoint Protection Platform
World-renowned Cybersecurity Veteran Richard Bejtlich Joins Corelight as Principal Security Strategist
Appdome Releases Two New Mobile App Security Protections
Varonis Announces Interoperability with RSA Identity Governance and Lifecycle
HTG 360, Vade Secure Partner to Strengthen Anti-Phishing Capabilities for Office 365 Clients
ThreatConnect Now Integrates with Dragos Worldview Intelligence
Corelight Secures $25 Million in Series B Funding Led by General Catalyst
Former Gartner Security Analyst Ian McShane Joins Endgame As VP Of Product Marketing
More Products & Releases
PR Newswire
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16958
PUBLISHED: 2018-09-18
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...
CVE-2018-16959
PUBLISHED: 2018-09-18
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI is ...
CVE-2018-16952
PUBLISHED: 2018-09-18
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password).
CVE-2018-16953
PUBLISHED: 2018-09-18
The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). User input from the name parameter is unsafely reflected in the server response.
CVE-2018-16954
PUBLISHED: 2018-09-18
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login.
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Flash Poll
Video
Slideshows
Twitter Feed