7 Ways to Get the Most from Your IDS/IPS
Third-Party Cyber-Risk by the Numbers
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
8 'SOC-as-a-Service' Offerings
8 Steps to More Effective Small Business Security
News & Commentary
Security Vulns in Microsoft Products Continue to Increase
Jai Vijayan, Freelance writerNews
The good news: Removing admin privileges can mitigate most of them, a new study by BeyondTrust shows.
By Jai Vijayan Freelance writer, 4/25/2019
Comment0 comments  |  Read  |  Post a Comment
Cyberattackers Focus on More Subtle Techniques
Robert Lemos, Technology Journalist/Data ResearcherNews
Spam has given way to spear phishing, cryptojacking remains popular, and credential spraying is on the rise.
By Robert Lemos Technology Journalist/Data Researcher, 4/25/2019
Comment0 comments  |  Read  |  Post a Comment
New EternalBlue Family Member Takes Aim at Asian Web Servers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Beapy is a new malware variant that's storming across China, leaving cryptominers in its wake.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/25/2019
Comment0 comments  |  Read  |  Post a Comment
UVA Wins Second Consecutive National Collegiate Cyber Defense Championship
Dark Reading Staff, Quick Hits
The Wahoos came out on top among 235 colleges and universities that took part in the 15-year-old competition.
By Dark Reading Staff , 4/25/2019
Comment0 comments  |  Read  |  Post a Comment
55% of SMBs Would Pay Up Post-Ransomware Attack
Dark Reading Staff, Quick Hits
How a Nigerian ISP Accidentally Hijacked the Internet
Marc Laliberte, Senior Security Analyst, WatchGuard TechnologiesCommentary
For 74 minutes, traffic destined for Google and Cloudflare services was routed through Russia and into the largest system of censorship in the world, China's Great Firewall.
By Marc Laliberte Senior Security Analyst, WatchGuard Technologies, 4/25/2019
Comment0 comments  |  Read  |  Post a Comment
Enterprise Trojan Detections Spike 200% in Q1 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals see greater ROI targeting businesses, which have been slammed with ransomware attacks and Trojans.
By Kelly Sheridan Staff Editor, Dark Reading, 4/25/2019
Comment0 comments  |  Read  |  Post a Comment
Sensitive Data Lingers on Used Storage Drives Sold Online
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Four in 10 used hard drives sold on eBay found to contain sensitive information.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/25/2019
Comment1 Comment  |  Read  |  Post a Comment
Regulations, Insider Threat Handicap Healthcare IT Security
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Healthcare IoT is expanding opportunities for hackers as the sector struggles to keep up security-wise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/25/2019
Comment0 comments  |  Read  |  Post a Comment
Ramblings of a Recovering Academic on the So-Called Lack of Security Talent
Kaan Onarlioglu, Security Architect, AkamaiCommentary
Hiring for security is difficult, as many surveys show. But what the research doesn't explain is the "why" and a lack of talent may not be the sole reason.
By Kaan Onarlioglu Security Architect, Akamai, 4/25/2019
Comment0 comments  |  Read  |  Post a Comment
Indeed.com: Slight Dip in Clicks on US Cybersecurity Job Listings
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Meanwhile, most of the highest-paying positions pay more than $100K, according to new analysis from the job posting site.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/25/2019
Comment1 Comment  |  Read  |  Post a Comment
TA505 Abusing Legit Remote Admin Tool in String of Attacks
Jai Vijayan, Freelance writerNews
Russian-speaking threat group has been targeting retailers and financial institutions in the US and abroad via a spear-phishing campaign.
By Jai Vijayan Freelance writer, 4/24/2019
Comment0 comments  |  Read  |  Post a Comment
5 Security Challenges to API Protection
Ivan Novikov, CEO at WallarmCommentary
Today's application programming interfaces are no longer simple or front-facing, creating new risks for both security and DevOps.
By Ivan Novikov CEO at Wallarm, 4/24/2019
Comment0 comments  |  Read  |  Post a Comment
Survey Shows a Security Conundrum
Dark Reading Staff, Quick Hits
A new report examines and quantifies the conflicts and challenges faced by business security leaders.
By Dark Reading Staff , 4/24/2019
Comment1 Comment  |  Read  |  Post a Comment
Two Charged with Economic Espionage, GE Trade Secret Theft
Dark Reading Staff, Quick Hits
A US national and Chinese national have been charged with conspiring to steal General Electric's trade secrets surrounding turbine technologies.
By Dark Reading Staff , 4/24/2019
Comment1 Comment  |  Read  |  Post a Comment
Attackers Aren't Invincible & We Must Use That to Our Advantage
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
The bad guys only seem infallible. Use their weaknesses to beat them.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 4/24/2019
Comment0 comments  |  Read  |  Post a Comment
New Twist in the Stuxnet Story
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
Google File Cabinet Plays Host to Malware Payloads
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.
By Kelly Sheridan Staff Editor, Dark Reading, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
Demonstration Showcase Brings DevOps to Interop19
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Windows, Antivirus Software at Odds After Latest Update
Robert Lemos, Technology Journalist/Data ResearcherNews
This month's Windows update has caused incompatibilities with software from at least five antivirus companies, resulting in slow boot times and frozen systems.
By Robert Lemos Technology Journalist/Data Researcher, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18643
PUBLISHED: 2019-04-25
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVE-2018-19359
PUBLISHED: 2019-04-25
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
CVE-2019-11488
PUBLISHED: 2019-04-25
Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history.
CVE-2019-11489
PUBLISHED: 2019-04-25
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI.
CVE-2019-3720
PUBLISHED: 2019-04-25
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient san...
Flash Poll
Video
Slideshows
Twitter Feed