Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

Cybercriminal's Black Market Pricing Guide

6 Questions to Ask Once You've Learned of a Breach

Poll Results: Maybe Not Burned Out, But Definitely 'Well Done'

Security Leaders Share Tips for Boardroom Chats

Top Stories

Cybercriminal's Black Market Pricing Guide

6 Questions to Ask Once You've Learned of ...

Poll Results: Maybe Not Burned Out, But ...

Name That Toon: SOC Puppets

Security Leaders Share Tips for Boardroom ...

News & Commentary

Saudi IT Providers Hit in Cyber Espionage Operation

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Symantec identifies new 'Tortoiseshell' nation-state group as the attackers.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2019

0 comments | Read | Post a Comment

WannaCry Detections At An All-Time High

News

More than 12,000 variants of the infamous malware are targeting systems that are still open to the EternalBlue exploit - but the potential danger is low, Sophos warns.

By Jai Vijayan Contributing Writer, 9/18/2019

0 comments | Read | Post a Comment

How Cybercriminals Exploit Simple Human Mistakes

Kelly Sheridan, Staff Editor, Dark Reading

News

A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.

By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2019

0 comments | Read | Post a Comment

The Top 'Human Hacks' to Watch For Now

Social engineering is as old as mankind. But its techniques have evolved with time. Here are the latest tricks criminals are using to dupe end users.

By Joan Goodchild Contributing Writer, 9/18/2019

0 comments | Read | Post a Comment

GitHub Becomes CVE Numbering Authority, Acquires Semmle

Quick Hits

Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.

By Dark Reading Staff , 9/18/2019

0 comments | Read | Post a Comment

DevSecOps: Recreating Cybersecurity Culture

Steve Martino, Senior Vice President, Chief Information Security Officer, Cisco

Commentary

Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.

By Steve Martino Senior Vice President, Chief Information Security Officer, Cisco, 9/18/2019

0 comments | Read | Post a Comment

New Security Startup Emerges from Stealth Mode

Quick Hits

GK8 creates proprietary platform for securing blockchain transactions, no Internet needed.

By Dark Reading Staff , 9/18/2019

0 comments | Read | Post a Comment

One Arrested in Ecuador's Mega Data Leak

Quick Hits

Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.

By Dark Reading Staff , 9/18/2019

0 comments | Read | Post a Comment

Cryptominer Attacks Ramp Up, Focus on Persistence

News

The latest attacks, such as Skidmap and Smominru, add capabilities to allow them to persist longer on Windows and Linux systems, surviving initial attempts at eliminating them.

By Robert Lemos Contributing Writer, 9/18/2019

0 comments | Read | Post a Comment

24.3M Unsecured Health Records Expose Patient Data, Images

Quick Hits

Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.

By Dark Reading Staff , 9/18/2019

0 comments | Read | Post a Comment

A Virus Walks Into a Bar ...

Laughter is, well, contagious. Jokes begin in earnest at the one-minute mark.

By Beyond the Edge Dark Reading, 9/18/2019

0 comments | Read | Post a Comment

How Ransomware Criminals Turn Friends into Enemies

Chester Wisniewski, Principal Research Scientist, Sophos

Commentary

Managed service providers are the latest pawns in ransomware's game of chess.

By Chester Wisniewski Principal Research Scientist, Sophos, 9/18/2019

0 comments | Read | Post a Comment

Poll Results: Maybe Not Burned Out, But Definitely 'Well Done'

Staff shortages and increasingly challenging jobs are turning up the heat on security pros, readers say.

By Sara Peters Senior Editor at Dark Reading, 9/17/2019

0 comments | Read | Post a Comment

MITRE Releases 2019 List of Top 25 Software Weaknesses

News

The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.

By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2019

0 comments | Read | Post a Comment

Snowden Sued by US Government Over His New Book

Quick Hits

Civil suit argues the former CIA employee and NSA contractor violated his nondisclosure agreements with the two intel agencies.

By Dark Reading Staff , 9/17/2019

0 comments | Read | Post a Comment

Five Common Cloud Configuration Mistakes

Peter Smith, Founder & Chief Executive Officer, Edgewise Networks

Commentary

It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.

By Peter Smith Founder & Chief Executive Officer, Edgewise Networks, 9/17/2019

0 comments | Read | Post a Comment

Cybercriminal's Black Market Pricing Guide

Common prices criminals pay one other for products and services that fuel the cybercriminal ecosystem.

By Ericka Chickowski Contributing Writer, 9/17/2019

0 comments | Read | Post a Comment

15K Private Webcams Could Let Attackers View Homes, Businesses

Quick Hits

Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.

By Dark Reading Staff , 9/17/2019

0 comments | Read | Post a Comment

US Companies Unprepared for Privacy Regulations

Quick Hits

US companies are poorly prepared for even the most rudimentary privacy regulations, a new report says.

By Dark Reading Staff , 9/17/2019

0 comments | Read | Post a Comment

Impersonation Fraud Still Effective in Obtaining Code Signatures

News

Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature.

By Robert Lemos Contributing Writer, 9/17/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by Tempest2004

Because Sock Puppets don't get fired for being brutally honest describing the weaknesses of existing security controls.

In reply to: sock puppets
Post Your Own Reply

Posted by HimanshuV981

Couldn't agree more. Approx. 90% of advanced threats leverage stolen identities. From phishing attacks to early reconnaissance most attack vectors are focused on compromising the identity of privileged users to further penetrate...

In reply to: Credentials are the Key
Post Your Own Reply

Posted by REISEN1955

It was only then that Sam realized his friend had taken private messaging to a whole new level.

In reply to: Re: shallow fake
Post Your Own Reply

Posted by Deadsnott

I think he may have misunderstood when I suggested using a SOCKS proxy to bypass the firewall.

In reply to: SOCKS puppets
Post Your Own Reply

Posted by tdsan

Well no, not in this case, if we are blocking all traffic (however, hidden or obscure), there will always be a source and destination (we are blocking everything from their country, dns and all). This can be done at the...

In reply to: Re: Utilize the ISP and other vendors to block countries
Post Your Own Reply

Posted by Tempest2004

Fred's sock puppets could have frank security conversations with management without the risk of being fired.

In reply to: sock puppets
Post Your Own Reply

Posted by Tempest2004

Fred has learned that his co-works were more likely to listen to security threat diatribes from his sock puppets.

In reply to: sock puppets
Post Your Own Reply

Posted by PattiDegs

How about instead of doing useless questionnaires, hold your vendors accountable to their contracts by making them sign and agree to what you need from them in a security addendum? Takes way less resources than going through...

In reply to: Assessing Third Party Risk
Post Your Own Reply

Posted by PajamaSam

He still insists that security by obscurity is the way to go.

In reply to: Sock Puppets
Post Your Own Reply

Posted by reg2385

Since they removed my side cube wall, I feel like i am under survellance.

In reply to: Cartoon contest
Post Your Own Reply

Posted by larriee

Doug's penetration testing skills were his most endorsed on LinkedIn.

In reply to: caption
Post Your Own Reply

Posted by WN2QU

Not if they are using tools with Obfuscated Server Lists (OSL's) right?

In reply to: Re: Utilize the ISP and other vendors to block countries
Post Your Own Reply

More Conversations

Products & Releases

Business Leaders Have Less Than One Day Each Year to Focus on Cyberrisk: Marsh, Microsoft

KnowBe4 to Offer $10,000 Women in Cybersecurity Scholarship, Summer 2020 Internship

New IRONSCALES Research Finds Microsoft ATP Takes Up to 250 Days to Create Phishing Attack Signatures

Lacework Closes $42M Financing Round & Adds Cloud Security Leader Andy Byron as President

CISA Launches First Annual President's Cup Cybersecurity Competition

Nexusguard research reveals 1,000% increase in DNS amplification attacks

Stanford Launches Foundations of Information Security Course

Darktrace Cyber AI Analyst Investigates Threats At Machine Speed

More Products & Releases

PR Newswire

The Top 'Human Hacks' to Watch For Now

Social engineering is as old as mankind. But its techniques have evolved with time. Here are the latest tricks criminals are using to dupe end users.

Poll Results: Maybe Not Burned Out, But Definitely 'Well Done'

Staff shortages and increasingly challenging jobs are turning up the heat on security pros, readers say.

Any Advice for Assessing Third-Party Risk?

Here are five tips about what not to do when assessing the cyber-risk introduced by a third-party supplier.

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

Enterprise Connect Conference & Expo 2020 - Registration Now Open!

More Informa Tech Live Events

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Because Sock Puppets don't get fired for being brutally honest describing the weaknesses of existing security controls.

Cartoon Archive

White Papers

Hackers & Artificial Intelligence: A Dynamic Duo

2019 State of the Internet/Security: Financial Services Attack Economy

How to Prioritize Cybersecurity Risks: A Primer for CISOs

American Heart Association Cloud Case Study

VPNs' Future: Less User Reliant, More Transparent, & Smarter

More White Papers

Current Issue

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-3738
PUBLISHED: 2019-09-18

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

CVE-2019-3739
PUBLISHED: 2019-09-18

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

CVE-2019-3740
PUBLISHED: 2019-09-18

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

CVE-2019-3756
PUBLISHED: 2019-09-18

RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.

CVE-2019-3758
PUBLISHED: 2019-09-18

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.

Reports

The State of IT Operations and Cybersecurity Operations

Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

More Reports

Flash Poll

All Polls

Video