Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

7 SMB Security Tips That Will Keep Your Company Safe

8 Ways Businesses Unknowingly Help Hackers

7 Considerations Before Adopting Security Standards

Works of Art: Cybersecurity Inspires 6 Winning Ideas

Top Stories

7 SMB Security Tips That Will Keep Your ...

8 Ways Businesses Unknowingly Help Hackers

7 Considerations Before Adopting Security ...

Works of Art: Cybersecurity Inspires 6 ...

Name That Toon: SOC Puppets

News & Commentary

Typosquatting Websites Proliferate in Run-up to US Elections

News

People who mistype the URL for their political candidate or party's website could end up on an opposing party or candidate's website, Digital Shadow's research shows.

By Jai Vijayan Contributing Writer, 10/16/2019

0 comments | Read | Post a Comment

How to Build a Rock-Solid Cybersecurity Culture

In part one of this two-part series, we start with the basics — getting everyone to understand what's at stake — and then look at lessons from the trenches.

By Joan Goodchild Contributing Writer, 10/16/2019

0 comments | Read | Post a Comment

Cybersecurity Advice From Betty White

Among the beloved entertainer's advice: "Double bag those passwords."Thanks, Betty.

By Beyond the Edge Dark Reading, 10/16/2019

0 comments | Read | Post a Comment

SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance

Quick Hits

The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.

By Dark Reading Staff , 10/16/2019

0 comments | Read | Post a Comment

Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures

James Plouffe, Lead Architect at MobileIron

Commentary

The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.

By James Plouffe Lead Architect at MobileIron, 10/16/2019

0 comments | Read | Post a Comment

Google Cloud Launches Security Health Analytics in Beta

Quick Hits

The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.

By Dark Reading Staff , 10/16/2019

0 comments | Read | Post a Comment

Cryptojacking Worm Targets and Infects 2,000 Docker Hosts

News

Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.

By Robert Lemos Contributing Writer, 10/16/2019

0 comments | Read | Post a Comment

Federal CIOs Zero In on Zero Trust

William Peteroy, Chief Technology Officer, Security, at Gigamon

Commentary

Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.

By William Peteroy Chief Technology Officer, Security, at Gigamon, 10/16/2019

0 comments | Read | Post a Comment

Sodinokibi Ransomware: Where Attackers' Money Goes

Kelly Sheridan, Staff Editor, Dark Reading

News

Researchers following the ransomware variant uncover new data on how much its affiliates earn and where they spend it.

By Kelly Sheridan Staff Editor, Dark Reading, 10/15/2019

0 comments | Read | Post a Comment

Targeted Ransomware Attacks Show No Signs of Abating

News

Criminals are becoming more sophisticated and targeted in going after enterprise organizations, a new Q2/Q3 report finds.

By Jai Vijayan Contributing Writer, 10/15/2019

0 comments | Read | Post a Comment

IoT Attacks Up Significantly in First Half of 2019

Quick Hits

New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.

By Dark Reading Staff , 10/15/2019

0 comments | Read | Post a Comment

More Breaches, Less Certainty Cause Dark Web Prices to Plateau

News

New research finds it's now less than $10 for full credit details on a consumer, $100 for a distributed denial-of-service attack, and $50 for access to a US bank account.

By Robert Lemos Contributing Writer, 10/15/2019

0 comments | Read | Post a Comment

5 Steps to Protect Against Ransomware Attacks

AJ Nash, Director of Cyber Intelligence Strategy at Anomali

Commentary

Paying a ransom is strongly discouraged by experts. So, how do you protect your organization?

By AJ Nash Director of Cyber Intelligence Strategy at Anomali, 10/15/2019

0 comments | Read | Post a Comment

Symantec Adds Endpoint Security Tool to Revamp Portfolio

Quick Hits

Symantec Endpoint Security aims to deliver protection, detection, threat hunting, and response in a single tool.

By Dark Reading Staff , 10/15/2019

0 comments | Read | Post a Comment

14 Hot Cybersecurity Certifications Right Now

In an industry where certifications can make or break a job candidacy, which ones have security pros been going after in 2019?

By Joan Goodchild Contributing Writer, 10/15/2019

2 comments | Read | Post a Comment

Latest Comment: gif-washco, I have heard and read articles that graduates and inexperienced job candidates...

Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences

Marc Laliberte, Senior Security Analyst, WatchGuard Technologies

Commentary

Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.

By Marc Laliberte Senior Security Analyst, WatchGuard Technologies, 10/15/2019

0 comments | Read | Post a Comment

Sophos for Sale: Thoma Bravo Offers $3.9B

News

Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.

By Kelly Sheridan Staff Editor, Dark Reading, 10/14/2019

0 comments | Read | Post a Comment

Cyber Theft, Humint Helped China Cut Corners on Passenger Jet

News

Beijing likely saved a lot of time and billions of dollars by copying components for its C919 plane from others, a new report from CrowdStrike says.

By Jai Vijayan Contributing Writer, 10/14/2019

0 comments | Read | Post a Comment

Pitney Bowes Hit by Ransomware

Quick Hits

The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.

By Dark Reading Staff , 10/14/2019

0 comments | Read | Post a Comment

Tamper Protection Arrives for Microsoft Defender ATP

Quick Hits

The feature, designed to block unauthorized changes to security features, is now generally available.

By Dark Reading Staff , 10/14/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by underestimatess

Day 34: They still haven't noticed we replaced the entire SOC with socks.

In reply to: Sock Puppet Cartoon Contest
Post Your Own Reply

Posted by gif-washco

I have heard and read articles that graduates and inexperienced job candidates cannot get into the cybersecurity field because companies expect certifications for entry-level positions. Someone with CISSP or GIAC certs would...

In reply to: Does not address companies unreasonably seeking "experienced" and "certified" entry-levels
Post Your Own Reply

Posted by Assignmenthelp

Assignment Help Firm provides the best assignment help to the college and university students. Our experts provide 100% plagiarism free content for college and university students.

In reply to: Assignment Help Firm
Post Your Own Reply

Posted by WN2QU

I agree %100 - the author here is akin to using PTSD to sensationalize his article. I have a background in education where I worked in some of the lowest income public schools, trauma & PTSD are much more severe, watching...

In reply to: Re: PTSD is not correct here
Post Your Own Reply

Posted by DonD95004

Here's a great video review of certs specifically geared towards penetration testing from an experienced reviewer: https://www.youtube.com/watch?v=sSXhF0C0QlI&feature=youtu.be

In reply to: Pentesting Specific Certs
Post Your Own Reply

Posted by onlineit1

Microsoft Power BI is the trending BI tool in the IT market. The demand for this product has increased day-to-day. Microsoft has released the Power BI latest updates to attract more and more customers in the IT...

In reply to: Power BI latest updates
Post Your Own Reply

Posted by mcavanaugh1

To confirm, most of the claims declined and firms that are suing their insurer attempted to file a claim under a non-cyber policy. Mondelez is the case most reference however they tried to get coverage under their...

In reply to: Re: Cyber Insurance claim
Post Your Own Reply

Posted by jsargeant

This blog is certainly very good information to gather, I have a Samsung and a Lexmark printer , however I was really concerned about the firmware issues, however from this blog I am clear about the Samsung printer, but...

In reply to: firmware issue
Post Your Own Reply

Posted by FurnitureD563

Security holes need to be thoroughly prevented

In reply to: Security holes need to be thoroughly prevented
Post Your Own Reply

Posted by jessicasargent

Your blog was so important for printer users. I have been using the Canon printer but I did not know so much about printer issues.When I read your article explanation at that time I gathered much knowledge about the printer....

In reply to: Printing problem
Post Your Own Reply

Posted by vishals231221

Thanks for this information. This information is very helpful for me.

In reply to: 7 SMB Security Tips That Will Keep Your Company Safe
Post Your Own Reply

Posted by tdsan

I could not agree with you more Bradley, it sounds like you are not just talking about it but you have dealt with the real world. My buddy has went through the same thing you have gone through wiht a security company located...

In reply to: Re: Interesting comment about Garbage
Post Your Own Reply

More Conversations

Products & Releases

Resecurity Forms Team to Deliver In-Depth Analysis of Data Inside Context™ Platform

Akamai Edge Platform Increases Security Protections For Content, Sites, Apps

ThreatConnect Wins SOAR Platform of the Year Award in 2019 CyberSecurity Breakthrough Awards

Forcepoint Delivers Global Security Cloud Offering

Forescout Delivers Impact-Based Security Risk Assessment Tool for Industrial Control System and Operational Technology Networks

Deloitte Consumer Privacy in Retail Survey: The Next Regulatory and Competitive Frontier

FireEye Launches Digital Threat Monitoring to Protect Organizations' Brands, People & Data

FireEye Launches Purple Team Assessments

More Products & Releases

PR Newswire

How to Build a Rock-Solid Cybersecurity Culture

In part one of this two-part series, we start with the basics -- getting everyone to understand what's at stake -- and then look at lessons from the trenches.

14 Hot Cybersecurity Certifications Right Now

In an industry where certifications can make or break a job candidacy, which ones have security pros been going after in 2019?

A Murderers' Row of Poisoning Attacks

Poisoning can be used against network infrastructure and applications. Understanding how DNS cache poisoning, machine learning model poisoning, and other attacks work can help you prepare the proper antidote.

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

More Informa Tech Live Events

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Day 34: They still haven't noticed we replaced the entire SOC with socks.

Cartoon Archive

White Papers

IDC Workbook: Cloud Security Roadmap

7 Experts Discuss Evaluating MSSPs

Securing Containers in a Cloud Environment

2019 Definitive Guide to Public Cloud Security

Everything You Need to Know About Security, Orchestration, Automation, and Response

More White Papers

Current Issue

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-13116
PUBLISHED: 2019-10-16

The MuleSoft Mule runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections.

CVE-2019-17664
PUBLISHED: 2019-10-16

NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to ex...

CVE-2019-17665
PUBLISHED: 2019-10-16

NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.

CVE-2019-17435
PUBLISHED: 2019-10-16

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.

CVE-2019-17436
PUBLISHED: 2019-10-16

A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system.

Reports

2019 Online Malware and Threats

As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?

Download Now!

The State of IT Operations and Cybersecurity Operations

0 comments

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

More Reports

Flash Poll

All Polls

Video