Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
The Edge Cartoon Contest: You Better Watch Out ...
6 Top Nontechnical Degrees for Cybersecurity
A Cause You Care About Needs Your Cybersecurity Help
Rethinking Enterprise Data Defense
News & Commentary
Cyberattacks on Retailers Could Increase 20% this Holiday Season
Jai Vijayan, Contributing WriterNews
Commodity malware and ransomware continue to be the biggest threats, says VMWare Carbon Black.
By Jai Vijayan Contributing Writer, 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
The Most, Least Insecure US Cities for SMBs
Dark Reading Staff, Quick Hits
A new report looks at computer activity in the 50 largest metropolitan areas.
By Dark Reading Staff , 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Gallium: The Newest Threat Group on Microsoft's Radar
Kelly Sheridan, Staff Editor, Dark ReadingNews
Hacking group has been targeting telecommunication providers.
By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Get Organized Like a Villain
Rob Ragan & Alex DeFreese, Principal Security Researcher & Managing Security Associate at Bishop FoxCommentary
What cybercrime group FIN7 can teach us about using agile frameworks.
By Rob Ragan & Alex DeFreese Principal Security Researcher & Managing Security Associate at Bishop Fox, 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Thanks, Larry!
Beyond the Edge, Dark Reading
A no-tech trick, a la social engineering, can lead to huge corporate security consequences -- and it might just score the criminal a new car.
By Beyond the Edge Dark Reading, 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Smart Building Security Awareness Grows
Dark Reading Staff, News
In 2020, expect to hear more about smart building security.
By Special to Dark Reading: Brian Buntz, IoT World Today , 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing WriterNews
Chris Kubic worked at the National Security Agency for the past 32 years, finishing his tenure as CISO. He talks about lessons learned during his time there and what they mean for the private sector.
By Robert Lemos Contributing Writer, 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Waking Up to Third-Party Security Risk
Robert Bigman, Former CISO at CIA, Independent ConsultantCommentary
You can't rely on the words, intentions, or security measures of others to guard your company, customer and brand.
By Robert Bigman Former CISO at CIA, Independent Consultant, 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Trickbot Operators Now Selling Attack Tools to APT Actors
Jai Vijayan, Contributing WriterNews
North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
By Jai Vijayan Contributing Writer, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
The Next Security Silicon Valley: Coming to a City Near You?
Sara Peters, Senior Editor at Dark Reading
The high cost of doing business in California's San Francisco Bay Area is just one factor driving infosec companies — established and and startups, alike — to pursue their fortunes elsewhere. Here's where many are going.
By Sara Peters Senior Editor at Dark Reading, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
5 Tips for Keeping Your Security Team on Target
Joshua Goldfarb, Independent ConsultantCommentary
In nearly every security environment, competing priorities are a constant battleground. Here's how to keep the focus on what's important.
By Joshua Goldfarb Independent Consultant, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Google Chrome Now Automatically Alerts Users on Compromised Passwords
Dark Reading Staff, Quick Hits
A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.
By Dark Reading Staff , 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Younger Generations Drive Bulk of 2FA Adoption
Kelly Sheridan, Staff Editor, Dark ReadingNews
Use of two-factor authentication has nearly doubled in the past two years , pointing to a new wave of acceptance.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Nation-State Attackers May Have Co-opted Vega Ransomware
Robert Lemos, Contributing WriterNews
The tactics used by the latest version of the Vega cryptolocker program indicates the code may have been stolen from its authors and is now being used for destructive attacks, a new report suggests.
By Robert Lemos Contributing Writer, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Only Half of Malware Caught by Signature AV
Robert Lemos, Contributing WriterNews
Machine learning and behavioral detection are necessary to catch threats, WatchGuard says in a new report. Meanwhile, network attacks have risen, especially against older vulnerabilities, such as those in Apache Struts.
By Robert Lemos Contributing Writer, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
City of Pensacola, Fla., Confirms Ransomware Attack
Dark Reading Staff, Quick Hits
Most systems remain offline to prevent the attack from spreading.
By Dark Reading Staff , 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Big Changes Are Coming to Security Analytics & Operations
Jon Oltsik, Senior Principal Analyst & Fellow, Enterprise Strategy GroupCommentary
New ESG research points to fundamental problems, a need for scalable security data pipelines, and a migration to the public cloud.
By Jon Oltsik Senior Principal Analyst & Fellow, Enterprise Strategy Group, 12/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A total of 2.7 billion email addresses, 1 billion email account passwords, and nearly 800,000 applications for copies of birth certificate were found on unsecured cloud buckets.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/10/2019
Comment2 comments  |  Read  |  Post a Comment
Microsoft Fixes Windows Zero-Day on Lightest Patch Tuesday of 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
This month's batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by iamkelly
Current Conversations nice
In reply to: Re: very nice
Post Your Own Reply
Posted by herryjone
Current Conversations nice
In reply to: Re: very nice
Post Your Own Reply
More Conversations
Products & Releases
PCI Security Standards Council Publishes V3.0 of Point-To-Point Encryption (P2PE) ® Standard and Program
Accidental Data Breaches Are on the Rise; Corporate Email Is a Leading Cause
Secure Code Warrior Raises US$47.6M
Organizations Grapple With Growing Consumer Expectation for Personalization and Security Challenges
Tenable Acquires Indegy
Nuspire Hires Lewie Dunsworth As New CEO
70 Top Hackers from Around the World Gathered in Finland for the 5G Cybersecurity Hackathon
Kaspersky finds ransomware now targeting back-up data
More Products & Releases
PR Newswire
edge
edge
The Next Security Silicon Valley: Coming to a City Near You?
The high cost of doing business in California's San Francisco Bay Area is just one factor driving infosec companies -- established and and startups, alike -- to pursue their fortunes elsewhere. Here's where many are going.
Security 101: What Is a Man-in-the-Middle Attack?
A breakdown of the common ways criminals employ MitM techniques to snare victims, and tips for protecting users from these dirty tricks.
New: From the Core to the Edge: 7 Reasons You Need Security at the Edge
No longer can you secure the perimeter and trust that nothing will get in or out.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
White Papers
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19767
PUBLISHED: 2019-12-12
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
CVE-2019-19768
PUBLISHED: 2019-12-12
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2019-19769
PUBLISHED: 2019-12-12
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
CVE-2019-19770
PUBLISHED: 2019-12-12
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file).
CVE-2019-19771
PUBLISHED: 2019-12-12
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Flash Poll
Video
Slideshows
Twitter Feed