Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Leaders Share Tips for Boardroom Chats
7 Steps to Web App Security
7 Breaches & Hacks That Throw Shade on Biometric Security
6 Ways Airlines and Hotels Can Keep Their Networks Secure
 8 Ways to Spot an Insider Threat
News & Commentary
Oracle Expands Cloud Security Services at OpenWorld 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company broadens its portfolio with new services developed to centralize and automate cloud security.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing WriterNews
Sanctions on North Korean nation-state hacking groups came amid reports of fresh malicious campaigns directed at US entities from the isolated nation.
By Jai Vijayan Contributing Writer, 9/16/2019
Comment1 Comment  |  Read  |  Post a Comment
How a PIA Can CYA
Terry Sweeney, Contributing Editor
More than a compliance mandate, privacy impact assessments can also spot risks early in the product development cycle.
By Terry Sweeney Contributing Editor, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Court Rules In Favor of Firm 'Scraping' Public Data
Dark Reading Staff, Quick Hits
US appeals court said a company can legally use publicly available LinkedIn account information.
By Dark Reading Staff , 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Data Leak Affects Most of Ecuador's Population
Kelly Sheridan, Staff Editor, Dark ReadingNews
An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat SecurityCommentary
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
By Craig Hinkley CEO, WhiteHat Security, 9/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Malware Linked to Ryuk Targets Financial & Military Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
US Sanctions 3 Cyberattack Groups Tied to DPRK
Dark Reading Staff, Quick Hits
Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.
By Dark Reading Staff , 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
6 Questions to Ask Once Youve Learned of a Breach
Steve Zurier, Contributing Writer
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
By Steve Zurier Contributing Writer, 9/13/2019
Comment1 Comment  |  Read  |  Post a Comment
No Quick Fix for Security-Worker Shortfall
Robert Lemos, Contributing WriterNews
Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees.
By Robert Lemos Contributing Writer, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Taking a Fresh Look at Security Ops: 10 Tips
Joshua Goldfarb, Independent ConsultantCommentary
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
By Joshua Goldfarb Independent Consultant, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Escaping Email: Unlocking Message Security for SMS, WhatsApp
Curtis Franklin Jr., Senior Editor at Dark Reading
Messaging is growing in importance as dislike for email increases. That means knowing how to protect critical data in the messaging era is a must for IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Instagram Bug Put User Account Details, Phone Numbers at Risk
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, now patched, is the latest in a series of bad news for Facebook.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Indictments Do Little to Stop Iranian Group from New Attacks on Universities
Jai Vijayan, Contributing WriterNews
Cobalt Dickens targeted more than 60 universities in the US and elsewhere this summer, according to a new report.
By Jai Vijayan Contributing Writer, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants
Dark Reading Staff, Quick Hits
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.
By Dark Reading Staff , 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Security Leaders Share Tips for Boardroom Chats
Kelly Sheridan, Staff Editor, Dark Reading
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
A Definitive Guide to Crowdsourced Vulnerability Management
David Baker, CSO & VP of Operations, BugcrowdCommentary
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
By David Baker CSO & VP of Operations, Bugcrowd, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff, Quick Hits
Researchers discover a side-channel vulnerability that exploits the network performance-enhancing capabilities of recent Intel server CPUs.
By Dark Reading Staff , 9/12/2019
Comment1 Comment  |  Read  |  Post a Comment
APIs Get Their Own Top 10 Security List
Robert Lemos, Contributing WriterNews
OWASP's new list of API weaknesses focuses on issues that have caused recent data breaches and pose common security hazards in modern cloud-based applications.
By Robert Lemos Contributing Writer, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
The Fight Against Synthetic Identity Fraud
Kathleen Peters, SVP & Head of Fraud & Identity, ExperianCommentary
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
By Kathleen Peters SVP & Head of Fraud & Identity, Experian, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
sponsored by

The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.

More than a compliance mandate, privacy impact assessments can also spot risks early in the product development cycle.
Messaging is growing in importance as dislike for email increases. That means knowing how to protect critical data in the messaging era is a must for IT security.
From university courses to open source self-starters, community software projects aim to solve problems for populations in need. A focus on security is required as well.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Flash Poll
Video
Slideshows
Twitter Feed