Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 SMB Security Tips That Will Keep Your Company Safe
8 Ways Businesses Unknowingly Help Hackers
7 Considerations Before Adopting Security Standards
Works of Art: Cybersecurity Inspires 6 Winning Ideas
Name That Toon: SOC Puppets
News & Commentary
Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Partnerships with Intel, Qualcomm, and AMD will bring a new layer of device security that alters the boot process to detect firmware compromise.
By Kelly Sheridan Staff Editor, Dark Reading, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Avast Foils Another CCleaner Attack
Robert Lemos, Contributing WriterNews
'Abiss' attackers used an older VPN profile to get into Avast's network and targeted its CCleaner utility.
By Robert Lemos Contributing Writer, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Turn Alexa and Google Home Into Credential Thieves
Dark Reading Staff, Quick Hits
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
By Dark Reading Staff , 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Trend Micro Buys Cloud Conformity to Fight Cloud Competition
Dark Reading Staff, Quick Hits
The cloud security posture management startup was acquired for a reported $70 million.
By Dark Reading Staff , 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
SOC Operations: 6 Vital Lessons & Pitfalls
Todd Thiemann, Director, Arctic Wolf NetworksCommentary
There is no one road to security operations success, but these guidelines will smooth your path.
By Todd Thiemann Director, Arctic Wolf Networks, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Surviving Alert Fatigue: 7 Tools and Techniques
Kelly Sheridan, Staff Editor, Dark Reading
Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load.
By Kelly Sheridan Staff Editor, Dark Reading, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Tor Weaponized to Steal Bitcoin
Dark Reading Staff, Quick Hits
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
By Dark Reading Staff , 10/18/2019
Comment1 Comment  |  Read  |  Post a Comment
In A Crowded Endpoint Security Market, Consolidation Is Underway
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
CenturyLink Customer Data Exposed
Dark Reading Staff, Quick Hits
Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
By Dark Reading Staff , 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Glitching: The Hardware Attack That Can Disrupt Secure Software
Curtis Franklin Jr., Senior Editor at Dark Reading
Glitching (or fault-injection) attacks aren't easy (yet). But get ready, because as the IoT grows, these attacks will be a big reason that hardware security should be part of your cybersecurity planning.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
SOC Puppet: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Social engineering, SOC analysts, and Sock puns. And the winners are:
By Marilyn Cohodas Managing Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Older Amazon Devices Subject to Old Wi-Fi Vulnerability
Dark Reading Staff, Quick Hits
The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.
By Dark Reading Staff , 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Debug Feature in Web Dev Tool Exposed Trump Campaign Site, Others to Attack
Jai Vijayan, Contributing WriterNews
The problem is not with the tool itself but with how some developers and administrators are using it, Comparitech says.
By Jai Vijayan Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Phishing Campaign Targets Stripe Credentials, Financial Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
By Kelly Sheridan Staff Editor, Dark Reading, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer
SMBs still perceive themselves at low risk from cyberthreats — in spite of attack statistics that paint a different pictur
By Ericka Chickowski Contributing Writer, 10/17/2019
Comment2 comments  |  Read  |  Post a Comment
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Debby Briggs, Chief Security Officer at NETSCOUTCommentary
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
By Debby Briggs Chief Security Officer at NETSCOUT, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Yahoo Breach Victims May Qualify for $358 Payout
Dark Reading Staff, Quick Hits
Pending approval of the settlement, affected account holders may be eligible for a payout or two years of free credit monitoring.
By Dark Reading Staff , 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Cozy Bear Emerges from Hibernation to Hack EU Ministries
Robert Lemos, Contributing WriterNews
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.
By Robert Lemos Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Protections for the Most Vulnerable — Children
Dimitri Sirota, Founder & CEO of BigIDCommentary
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
By Dimitri Sirota Founder & CEO of BigID, 10/17/2019
Comment2 comments  |  Read  |  Post a Comment
Typosquatting Websites Proliferate in Run-up to US Elections
Jai Vijayan, Contributing WriterNews
People who mistype the URL for their political candidate or party's website could end up on an opposing party or candidate's website, Digital Shadow's research shows.
By Jai Vijayan Contributing Writer, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Resecurity Forms Team to Deliver In-Depth Analysis of Data Inside Context™ Platform
Akamai Edge Platform Increases Security Protections For Content, Sites, Apps
ThreatConnect Wins SOAR Platform of the Year Award in 2019 CyberSecurity Breakthrough Awards
Forcepoint Delivers Global Security Cloud Offering
Forescout Delivers Impact-Based Security Risk Assessment Tool for Industrial Control System and Operational Technology Networks
Deloitte Consumer Privacy in Retail Survey: The Next Regulatory and Competitive Frontier
FireEye Launches Digital Threat Monitoring to Protect Organizations' Brands, People & Data
FireEye Launches Purple Team Assessments
More Products & Releases
PR Newswire
edge
edge
Surviving Alert Fatigue: 7 Tools and Techniques
Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load.
How to Build a Rock-Solid Cybersecurity Culture
In part one of this two-part series, we start with the basics -- getting everyone to understand what's at stake -- and then look at lessons from the trenches.
14 Hot Cybersecurity Certifications Right Now
In an industry where certifications can make or break a job candidacy, which ones have security pros been going after in 2019?
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16966
PUBLISHED: 2019-10-21
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on...
CVE-2019-9491
PUBLISHED: 2019-10-21
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
CVE-2019-16964
PUBLISHED: 2019-10-21
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any comma...
CVE-2019-16965
PUBLISHED: 2019-10-21
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
CVE-2019-18203
PUBLISHED: 2019-10-21
On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Flash Poll
Video
Slideshows
Twitter Feed