Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
7 Online Safety Tips for College Students
8 Head-Turning Ransomware Attacks to Hit City Governments
Contest: Name That Toon
Moving on Up: Ready for Your Apps to Live in the Cloud?
News & Commentary
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
Silence APT Group Broadens Attacks on Banks, Gets More Dangerous
Jai Vijayan, Contributing WriterNews
Over the past year, the financial damage linked to the Russian-speaking threat group has spiked fivefold, Group-IP says.
By Jai Vijayan Contributing Writer, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
Splunk Buys SignalFx for $1.05 Billion
Dark Reading Staff, Quick Hits
Deal will yield 'one platform that can monitor the entire enterprise application lifecycle,' Splunk CEO says.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark ReadingNews
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
'Box Shield' Brings New Security Controls
Kelly Sheridan, Staff Editor, Dark ReadingNews
New controls and threat detection capabilities built into Box aim to prevent accidental data leakage and misuse.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
eSentire Blends Managed Detection Response With Machine Learning
Dark Reading Staff, CommentaryVideo
While many infosec pros believe they're getting managed detection response (MDR) from their managed security service providers, that's not necessarily the case, according to Eldon Sprickerhoff, Founder and Chief Innovation Officer of eSentire. Adding machine learning to the mix helps automate MDR, strengthening an organization's security posture.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
Ransomware Hits Fortnite Players
Dark Reading Staff, Quick Hits
Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
State-Sponsored Cyberattacks Target Medical Research
Robert Lemos, Contributing WriterNews
Cancer research is a particular target among Chinese espionage groups, says security firm FireEye.
By Robert Lemos Contributing Writer, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
New Confidential Computing Consortium Includes Google, Intel, Microsoft
Dark Reading Staff, Quick Hits
The Linux Foundation plans to form a community to "define and accelerate" the adoption of confidential computing.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
Bad Actors Find Leverage With Automated Active Attacks
Dark Reading Staff, CommentaryVideo
Once used only by nation-state attackers, automated active attacks have gone mainstream and allow the average cyber-criminal to gain entry and engage in malfeasance, says Chet Wisniewski, Principal Research scientist with Sophos. Luckily, organizations are getting smarter at spotting these stealthy, customized attacks earlier than they used to.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
'Phoning Home': Your Latest Data Exfiltration Headache
Jeff Costlow, CISO, ExtraHopCommentary
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
By Jeff Costlow CISO, ExtraHop, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
7 Big Factors Putting Small Businesses At Risk
Kelly Sheridan, Staff Editor, Dark Reading
Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
How to Avoid Technical Debt in Open Source Projects
Kacy Zurkus, Contributing Writer
Engineering teams have only a certain amount of capacity. Cutting down the volume of rework inherent in the open source business model begins with three best practices.
By Kacy Zurkus Contributing Writer, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
CISOs Struggle with Diminishing Tools to Protect Assets from Growing Threats
Dark Reading Staff, Quick Hits
Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.
By Dark Reading Staff , 8/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Apple Misstep Leaves iPhones Open to Jailbreak
Jai Vijayan, Contributing WriterNews
Newest version of iOS contains a critical bug that the company had previously already patched.
By Jai Vijayan Contributing Writer, 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
Cyberthreats Against Financial Services Up 56%
Dark Reading Staff, Quick Hits
Financial institutions interacting with customers online must prepare for a broader, more sophisticated variety of threats.
By Dark Reading Staff , 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
Who Gets Privileged Access & How to Enforce It
Tim Keeler, Founder and CEO, RemediantCommentary
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
By Tim Keeler Founder and CEO, Remediant, 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
Visa Adds New Fraud Disruption Measures
Steve Zurier, Contributing WriterNews
Payment card giant creates a 'cyber fraud system' to thwart transaction abuse.
By Steve Zurier Contributing Writer, 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
5 Ways to Improve the Patching Process
Kacy Zurkus, Contributing Writer
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
By Kacy Zurkus Contributing Writer, 8/20/2019
Comment1 Comment  |  Read  |  Post a Comment
What Americans Think About Ransomware
Dark Reading Staff, Quick Hits
New Harris Poll survey says most will weigh candidates' cybersecurity positions.
By Dark Reading Staff , 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
JASK Integrates with Cisco Security Portfolio, Joins Cisco Security Technical Alliance
Morphisec Announces 2019 Women in Cybersecurity Scholarship Winners
OwnBackup Appoints Adrian Kunzle as Head of Product & Strategy
ZeroFOX Launches Election Protection Package
Global Cyber Alliance Launches Cybersecurity Development Platform for Internet of Things (IoT) Devices
Deloitte and Splunk Provide Automated Security Monitoring and Response Capabilities to Organizations Worldwide
Women’s Society of Cyberjutsu Crowns First Wicked6 Cyber Games Champion
Canon & PrinterLogic Integration Allows for Serverless Printing with Security Features
More Products & Releases
PR Newswire
sponsored by

The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.
Engineering teams have only a certain amount of capacity. Cutting down the volume of rework inherent in the open source business model begins with three best practices.
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
As employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk. And that leaves security teams having to defend an ever-expanding attack surface.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5638
PUBLISHED: 2019-08-21
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user accou...
CVE-2019-6177
PUBLISHED: 2019-08-21
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Le...
CVE-2019-10687
PUBLISHED: 2019-08-21
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.
CVE-2019-11601
PUBLISHED: 2019-08-21
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
CVE-2019-11602
PUBLISHED: 2019-08-21
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Flash Poll
Video
Slideshows
Twitter Feed