Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Security Leaders Share Tips for Boardroom Chats
7 Steps to Web App Security
7 Breaches & Hacks That Throw Shade on Biometric Security
6 Ways Airlines and Hotels Can Keep Their Networks Secure
8 Ways to Spot an Insider Threat
News & Commentary
Malware Linked to Ryuk Targets Financial & Military Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
US Sanctions 3 Cyber Attack Groups Tied to DPRK
Dark Reading Staff, Quick Hits
Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.
By Dark Reading Staff , 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
6 Questions to Ask Once You’ve Learned of a Breach
Steve Zurier, Contributing Writer
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
By Steve Zurier Contributing Writer, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
No Quick Fix for Security-Worker Shortfall
Robert Lemos, Contributing WriterNews
Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees.
By Robert Lemos Contributing Writer, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Taking a Fresh Look at Security Ops: 10 Tips
Joshua Goldfarb, Independent ConsultantCommentary
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
By Joshua Goldfarb Independent Consultant, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Escaping Email: Unlocking Message Security for SMS, WhatsApp
Curtis Franklin Jr., Senior Editor at Dark Reading
Messaging is growing in importance as dislike for email increases. That means knowing how to protect critical data in the messaging era is a must for IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Instagram Bug Put User Account Details, Phone Numbers at Risk
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, now patched, is the latest in a series of bad news for Facebook.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Indictments Do Little to Stop Iranian Group from New Attacks on Universities
Jai Vijayan, Contributing WriterNews
Cobalt Dickens targeted more than 60 universities in the US and elsewhere this summer, according to a new report.
By Jai Vijayan Contributing Writer, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants
Dark Reading Staff, Quick Hits
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.
By Dark Reading Staff , 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Security Leaders Share Tips for Boardroom Chats
Kelly Sheridan, Staff Editor, Dark Reading
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
A Definitive Guide to Crowdsourced Vulnerability Management
David Baker, CSO & VP of Operations, BugcrowdCommentary
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
By David Baker CSO & VP of Operations, Bugcrowd, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff, Quick Hits
Researchers discover a side-channel vulnerability that exploits the network performance-enhancing capabilities of recent Intel server CPUs.
By Dark Reading Staff , 9/12/2019
Comment1 Comment  |  Read  |  Post a Comment
APIs Get Their Own Top 10 Security List
Robert Lemos, Contributing WriterNews
OWASP's new list of API weaknesses focuses on issues that have caused recent data breaches and pose common security hazards in modern cloud-based applications.
By Robert Lemos Contributing Writer, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
The Fight Against Synthetic Identity Fraud
Kathleen Peters, SVP & Head of Fraud & Identity, ExperianCommentary
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
By Kathleen Peters SVP & Head of Fraud & Identity, Experian, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Community Projects Highlight Need for Security Volunteers
Robert Lemos, Contributing WriterNews
From university courses to open source self-starters, community software projects aim to solve problems for populations in need. A focus on security is required as well.
By Robert Lemos Contributing Writer, 9/11/2019
Comment0 comments  |  Read  |  Post a Comment
Proposed Browser Security Guidelines Would Mean More Work for IT Teams
Chris Hickman, Chief Security Officer at KeyfactorCommentary
CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.
By Chris Hickman Chief Security Officer at Keyfactor, 9/11/2019
Comment0 comments  |  Read  |  Post a Comment
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff, Quick Hits
A new set of regulations converts the government ban on using Kaspersky products from a temporary rule to one that's permanent.
By Dark Reading Staff , 9/11/2019
Comment1 Comment  |  Read  |  Post a Comment
281 Arrested in International BEC Takedown
Kelly Sheridan, Staff Editor, Dark ReadingNews
Conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, the Department of Justice reports.
By Kelly Sheridan Staff Editor, Dark Reading, 9/11/2019
Comment0 comments  |  Read  |  Post a Comment
Firmware: A New Attack Vector Requiring Industry Leadership
Tony Surak, CMO, DataTribe & Board Member Attila Security, ReFirm LabsCommentary
It's time for cybersecurity manufacturers and solution providers to step up and show leadership in addressing firmware security. Read why and how.
By Tony Surak CMO, DataTribe & Board Member Attila Security, ReFirm Labs, 9/11/2019
Comment0 comments  |  Read  |  Post a Comment
Third-Party Features Leave Websites More Vulnerable to Attack
Dark Reading Staff, Quick Hits
A new report points out the dangers to customer data of website reliance on multiple third parties.
By Dark Reading Staff , 9/10/2019
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Stanford Launches Foundations of Information Security Course
Darktrace Cyber AI Analyst Investigates Threats At Machine Speed
Trustwave Rolls out Cloud-Based Cybersecurity Platform Called Fusion
PerimeterX Extends Series C to $57M to Expand Web Application Protection Platform
McAfee Report Uncovers Ransomware Resurgence
Business Losses to Cybercrime Data Breaches to Exceed $5 trillion by 2024
Survey: SMBs Continue to Struggle with IT Security
Shared Assessments Brings New Module to Third Party Risk Management Framework
More Products & Releases
PR Newswire
sponsored by

The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.
Messaging is growing in importance as dislike for email increases. That means knowing how to protect critical data in the messaging era is a must for IT security.
From university courses to open source self-starters, community software projects aim to solve problems for populations in need. A focus on security is required as well.
Artificial intelligence, machine learning, or deep learning? Knowing what the major terms really mean will help you sort through the morass of words on the subject and the security uses of each.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: We've got a new caption contest! Enter and win a $$25 Amazon gift card.
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16317
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerabi...
CVE-2019-16318
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
CVE-2019-16307
PUBLISHED: 2019-09-14
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKe...
CVE-2019-16294
PUBLISHED: 2019-09-14
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVE-2019-16309
PUBLISHED: 2019-09-14
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Flash Poll
Video
Slideshows
Twitter Feed