Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cybercriminal's Black Market Pricing Guide
6 Questions to Ask Once You've Learned of a Breach
Poll Results: Maybe Not Burned Out, But Definitely 'Well Done'
Name That Toon: SOC Puppets
Security Leaders Share Tips for Boardroom Chats
News & Commentary
HP Purchases Security Startup Bromium
Dark Reading Staff, Quick Hits
The purchase will bring new isolation and threat intelligence capabilities to the HP portfolio.
By Dark Reading Staff , 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
Ransomware Strikes 49 School Districts & Colleges in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Dark Reading Staff, Quick Hits
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
By Dark Reading Staff , 9/20/2019
Comment1 Comment  |  Read  |  Post a Comment
A Safer IoT Future Must Be a Joint Effort
Sivan Rauscher, CEO & Co-Founder, SAM Seamless NetworkCommentary
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
By Sivan Rauscher CEO & Co-Founder, SAM Seamless Network, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
A Beginner's Guide to Microsegmentation
Ericka Chickowski, Contributing Writer
In a world in which the data center perimeter has all but evaporated, traditional segmentation no longer is enough. Enter microsegmentation. Here's what organizations need to do to maximize the benefits of this improved security architecture.
By Ericka Chickowski Contributing Writer, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3
Jai Vijayan, Contributing WriterNews
The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.
By Jai Vijayan Contributing Writer, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Metasploit Creator HD Moore's Latest Hack: IT Assets
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Moore has built a network asset discovery tool that wasn't intended to be a pure security tool, but it addresses a glaring security problem.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
California's IoT Security Law Causing Confusion
Robert Lemos, Contributing WriterNews
The law, which goes into effect January 1, requires manufacturers to equip devices with 'reasonable security feature(s).' What that entails is still an open question.
By Robert Lemos Contributing Writer, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
BSIMM10 Emphasizes DevOps' Role in Software Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Security Pros Value Disclosure ... Sometimes
Dark Reading Staff, Quick Hits
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
By Dark Reading Staff , 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Deconstructing an iPhone Spearphishing Attack
Marc Rogers, Executive Director of Cybersecurity, OktaCommentary
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
By Marc Rogers Executive Director of Cybersecurity, Okta, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Ping Identity Prices IPO at $15 per Share
Dark Reading Staff, Quick Hits
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
By Dark Reading Staff , 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Crowdsourced Security & the Gig Economy
Alex Haynes, Chief Information Security Officer, CDLCommentary
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
By Alex Haynes Chief Information Security Officer, CDL, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
The 20 Worst Metrics in Cybersecurity
Ericka Chickowski, Contributing Writer
Security leaders are increasingly making their case through metrics, as well they should — as long as they're not one of these.
By Ericka Chickowski Contributing Writer, 9/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Saudi IT Providers Hit in Cyber Espionage Operation
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Symantec identifies new 'Tortoiseshell' nation-state group as the attackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
WannaCry Detections At An All-Time High
Jai Vijayan, Contributing WriterNews
More than 12,000 variants of the infamous malware are targeting systems that are still open to the EternalBlue exploit - but the potential danger is low, Sophos warns.
By Jai Vijayan Contributing Writer, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Cybercriminals Exploit Simple Human Mistakes
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
The Top 'Human Hacks' to Watch For Now
Joan Goodchild, Contributing Writer
Social engineering is as old as mankind. But its techniques have evolved with time. Here are the latest tricks criminals are using to dupe end users.
By Joan Goodchild Contributing Writer, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
GitHub Becomes CVE Numbering Authority, Acquires Semmle
Dark Reading Staff, Quick Hits
Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
DevSecOps: Recreating Cybersecurity Culture
Steve Martino, Senior Vice President, Chief Information Security Officer, CiscoCommentary
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
By Steve Martino Senior Vice President, Chief Information Security Officer, Cisco, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by juliabeyers
Current Conversations Thanks for your analytics
In reply to: Thanks
Post Your Own Reply
More Conversations
Products & Releases
ThreatConnect Partners with RSA® To Bring New SOAR Solution to Market
Business Leaders Have Less Than One Day Each Year to Focus on Cyberrisk: Marsh, Microsoft
KnowBe4 to Offer $10,000 Women in Cybersecurity Scholarship, Summer 2020 Internship
New IRONSCALES Research Finds Microsoft ATP Takes Up to 250 Days to Create Phishing Attack Signatures
Lacework Closes $42M Financing Round & Adds Cloud Security Leader Andy Byron as President
CISA Launches First Annual President's Cup Cybersecurity Competition
Nexusguard research reveals 1,000% increase in DNS amplification attacks
Stanford Launches Foundations of Information Security Course
More Products & Releases
PR Newswire
edge
edge
A Beginner's Guide to Microsegmentation
In a world in which the data center perimeter has all but evaporated, traditional segmentation no longer is enough. Enter microsegmentation. Here's what organizations need to do to maximize the benefits of this improved security architecture.
The 20 Worst Metrics in Cybersecurity
Security leaders are increasingly making their case through metrics, as well they should -- as long as they're not one of these.
The Top 'Human Hacks' to Watch For Now
Social engineering is as old as mankind. But its techniques have evolved with time. Here are the latest tricks criminals are using to dupe end users.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Flash Poll
Video
Slideshows
Twitter Feed