Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

6 Small-Business Password Managers
10 Tips for Building Compliance by Design into Cloud Architecture
8 Holiday Security Tips for Retailers
4 Ways to Soothe a Stressed-Out Incident Response Team
8 Tips for More Secure Mobile Computing
News & Commentary
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Dark Reading Staff, Quick Hits
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
By Dark Reading Staff , 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
8 Backup & Recovery Questions to Ask Yourself
Sara Peters, Senior Editor at Dark Reading
Don't wait until after a disaster, DDoS, or ransomware attack to learn just how good your backups really are.
By Sara Peters Senior Editor at Dark Reading, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
How Does Your Cyber Resilience Measure Up?
Troy Mattern, Vice President for Product and Services Cybersecurity at Motorola SolutionsCommentary
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
By Troy Mattern Vice President for Product and Services Cybersecurity at Motorola Solutions, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites
Jai Vijayan, Contributing WriterNews
'Pipka' JavaScript skimmer has infected at least 16 e-commerce websites so far, according to Visa's Payment Fraud Disruption Group.
By Jai Vijayan Contributing Writer, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Well, Hello, Dolly!
Beyond the Edge, Dark Reading
Eight hours is certainly a start.
By Beyond the Edge Dark Reading, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity: An Organizationwide Responsibility
Guy Bunker, CTO of ClearswiftCommentary
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
By Guy Bunker CTO of Clearswift, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
The Ripple Effect of Data Breaches: How Damage Spreads
Kelly Sheridan, Staff Editor, Dark ReadingNews
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.
By Kelly Sheridan Staff Editor, Dark Reading, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
2019 Trending as Worst Year on Record for Data Breaches
Dark Reading Staff, Quick Hits
New Risk Based Security report shows data breaches up 33.3% over last year so far.
By Dark Reading Staff , 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, GuardicoreCommentary
Avoid sinking security with principles of shipbuilding known since the 15th century.
By Ariel Zeitlin Chief Technology Officer & Co-Founder, Guardicore, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Cardplanet Operator Extradited for Facilitating Credit Card Fraud
Dark Reading Staff, Quick Hits
Russian national Aleksei Burkov is charged with wire fraud, access device fraud, and conspiracy to commit identity theft, among other crimes.
By Dark Reading Staff , 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLensCommentary
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
By Jack Freund Director, Risk Science at RiskLens, 11/13/2019
Comment1 Comment  |  Read  |  Post a Comment
While CISOs Fret, Business Leaders Tout Security Robustness
Jai Vijayan, Contributing WriterNews
A new Nominet survey shows a familiar disconnect between business and security teams on the matter of cyber preparedness.
By Jai Vijayan Contributing Writer, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
Companies Increasingly Fail Interim Security Test, But Gap Narrows
Robert Lemos, Contributing WriterNews
Stability of PCI DSS helps companies cope and create more mature security programs, but some parts of the Payment Card Industry's Data Secure Standard continue to cause headaches.
By Robert Lemos Contributing Writer, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches IE Zero-Day Among 74 Vulnerabilities
Kelly Sheridan, Staff Editor, Dark ReadingNews
The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer.
By Kelly Sheridan Staff Editor, Dark Reading, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
New DDoS Attacks Leverage TCP Amplification
Jai Vijayan, Contributing WriterNews
Attackers over the past month have been using a rarely seen approach to disrupt services at large organizations in several countries.
By Jai Vijayan Contributing Writer, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
The Myths of Multifactor Authentication
Franois Amigorena, Founder & CEO, IS DecisionsCommentary
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?
By Franois Amigorena Founder & CEO, IS Decisions, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Disclose New Vulnerabilities in Windows Drivers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers could take advantage of simple design flaws in widely distributed drivers to gain control over Windows systems.
By Kelly Sheridan Staff Editor, Dark Reading, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
SHAKEN/STIR: Finally! A Solution to Caller ID Spoofing?
Mark B. Cooper, President and Founder, PKI SolutionsCommentary
The ubiquitous Caller ID hasn't changed much over the years, but the technology to exploit it has exploded. That may be about to change.
By Mark B. Cooper President and Founder, PKI Solutions, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
DDoS Attack Targets UK Labour Party Weeks Ahead of Election
Dark Reading Staff, Quick Hits
Cybercriminals tried to take the Labour Party's digital platforms offline weeks before the election on December 12.
By Dark Reading Staff , 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Organizations realize the scale of cyber-risk but lack counter-actions to build resilience.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/12/2019
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by TerryWilliams
Current Conversations very useful information
In reply to: thanks
Post Your Own Reply
More Conversations
PR Newswire
edge
edge
Don't wait until after a disaster, DDoS, or ransomware attack to learn just how good your backups really are.
It can't be overstated: Web attacks and credential stuffing are real, long-term threats. This white paper, sponsored by Akamai, focuses on how they are impacting the high-tech, video media, and entertainment sectors.
IR teams are under tremendous pressure, often working long hours and putting their needs aside amid a security crisis. Their care is just as important as policy and procedure.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18885
PUBLISHED: 2019-11-14
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
CVE-2019-18895
PUBLISHED: 2019-11-14
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
CVE-2019-18957
PUBLISHED: 2019-11-14
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
CVE-2019-16863
PUBLISHED: 2019-11-14
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
CVE-2019-18949
PUBLISHED: 2019-11-14
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Flash Poll
Video
Slideshows
Twitter Feed