Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Demystifying the Dark Web: What You Need to Know
How Enterprises Are Developing Secure Applications
7 Types of Experiences Every Security Pro Should Have
Name That Toon: End User Lockdown
The 2019 State of Cloud Security
News & Commentary
Artist Uses Malware in Installation
Dark Reading Staff, Quick Hits
A piece of 'art' currently up for auction features six separate types of malware running on a vulnerable computer.
By Dark Reading Staff , 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter
Jai Vijayan, Contributing WriterNews
Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security.
By Jai Vijayan Contributing Writer, 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
DevOps Repository Firms Establish Shared Analysis Capability
Robert Lemos, Contributing WriterNews
Following an attack on their users, and their shared response, Atlassian, GitHub, and GitLab decide to make the sharing of attack information a permanent facet of their operations.
By Robert Lemos Contributing Writer, 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2019
Comment2 comments  |  Read  |  Post a Comment
Exposed Elasticsearch Database Compromises Data on 8M People
Dark Reading Staff, Quick Hits
Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.
By Dark Reading Staff , 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
A Trustworthy Digital Foundation Is Essential to Digital Government
Gus Hunt, Managing Director and Cyber Strategy Lead for Accenture Federal ServicesCommentary
Agencies must take steps to ensure that citizens trust in the security of government's digital channels.
By Gus Hunt Managing Director and Cyber Strategy Lead for Accenture Federal Services, 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
Google to Replace Titan Security Keys Affected by Bluetooth Bug
Kelly Sheridan, Staff Editor, Dark ReadingNews
A misconfiguration in Bluetooth Titan Security Keys' pairing protocols could compromise users under specific circumstances.
By Kelly Sheridan Staff Editor, Dark Reading, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Executive Order Limits Certain Tech Sales, Hits Huawei Hard
Dark Reading Staff, Quick Hits
The executive order signed by President Trump bars the sale or installation of equipment seen to be controlled by hostile foreign governments and a threat to national security.
By Dark Reading Staff , 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
US Charges Members of GozNym Cybercrime Gang
Jai Vijayan, Contributing WriterNews
The FBI and counterparts from other nations say group infected over 41,000 computers with malware that steals banking credentials.
By Jai Vijayan Contributing Writer, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
The Data Problem in Security
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cyber Workforce Exec Order: Right Question, Wrong Answer
Ryan Shaw, Co-Founder, BionicCommentary
Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.
By Ryan Shaw Co-Founder, Bionic, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
GDPR Drives Changes, but Privacy by Design Proves Elusive
Jai Vijayan, Contributing WriterNews
One year later, the EU mandate's biggest impact has been to focus more attention on data protection and privacy, security analysts say.
By Jai Vijayan Contributing Writer, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
New Intel Vulnerabilities Bring Fresh CPU Attack Dangers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Are Messing with Encryption Traffic to Evade Detection
Robert Lemos, Contributing WriterNews
Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year.
By Robert Lemos Contributing Writer, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Builds on Decentralized Identity Vision
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company elaborates on its plan to balance data control between businesses and consumers by giving more autonomy to individuals.
By Kelly Sheridan Staff Editor, Dark Reading, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Introducing the Digital Transformation Architect
Jordan Blake, VP of Products at BehavioSecCommentary
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
By Jordan Blake VP of Products at BehavioSec, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Two Ransomware Recovery Firms Typically Pay Hackers
Dark Reading Staff, Quick Hits
Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.
By Dark Reading Staff , 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrustCommentary
The transition to Windows 10 doesn't need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.
By Kevin Alexandra Principal Solutions Engineer at BeyondTrust, 5/15/2019
Comment4 comments  |  Read  |  Post a Comment
Website Attack Attempts Rose by 69% in 2018
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Millions of websites have been compromised, but the most likely malware isn't cyptomining: it's quietly stealing files and redirecting traffic, a new Sitelock report shows.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Resolution Requires Cybersecurity Training for Members of Congress
Dark Reading Staff, Quick Hits
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
By Dark Reading Staff , 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
xMatters open-sources its Chaos Engineering tool
Sectigo Sponsors Let’s Encrypt to Enable Certificate Transparency Log Operation
LogRhythm Releases Cloud-Based NextGen Security Information and Event Management (SIEM) Platform
Rackspace and Telos Team Up to Accelerate FedRAMP Journey
SolarWinds Partners with SentinelOne to Grow Security Portfolio with Endpoint Detection and Response
Semmle appoints its first CSO
Sumo Logic Completes $110 Million Funding Round
Quad9 Offers Owners of Android-Based Devices DNS Security Protections for Free
More Products & Releases
PR Newswire
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2019
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168
PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170
PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
Flash Poll
Video
Slideshows
Twitter Feed