Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
The Edge Cartoon Contest: You Better Watch Out ...
6 Top Nontechnical Degrees for Cybersecurity
A Cause You Care About Needs Your Cybersecurity Help
Rethinking Enterprise Data Defense
News & Commentary
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing WriterNews
Chris Kubic worked at the National Security Agency for the past 32 years, finishing his tenure as CISO. He talks about lessons learned during his time there and what they mean for the private sector.
By Robert Lemos Contributing Writer, 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Waking Up to Third-Party Security Risk
Robert Bigman, Former CISO at CIA, Independent ConsultantCommentary
You can't rely on the words, intentions, or security measures of others to guard your company, customer and brand.
By Robert Bigman Former CISO at CIA, Independent Consultant, 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Trickbot Operators Now Selling Attack Tools to APT Actors
Jai Vijayan, Contributing WriterNews
North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
By Jai Vijayan Contributing Writer, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
The Next Security Silicon Valley: Coming to a City Near You?
Sara Peters, Senior Editor at Dark Reading
The high cost of doing business in California's San Francisco Bay Area is just one factor driving infosec companies — established and and startups, alike — to pursue their fortunes elsewhere. Here's where many are going.
By Sara Peters Senior Editor at Dark Reading, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
5 Tips for Keeping Your Security Team on Target
Joshua Goldfarb, Independent ConsultantCommentary
In nearly every security environment, competing priorities are a constant battleground. Here's how to keep the focus on what's important.
By Joshua Goldfarb Independent Consultant, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Google Chrome Now Automatically Alerts Users on Compromised Passwords
Dark Reading Staff, Quick Hits
A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.
By Dark Reading Staff , 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Younger Generations Drive Bulk of 2FA Adoption
Kelly Sheridan, Staff Editor, Dark ReadingNews
Use of two-factor authentication has nearly doubled in the past two years , pointing to a new wave of acceptance.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Nation-State Attackers May Have Co-opted Vega Ransomware
Robert Lemos, Contributing WriterNews
The tactics used by the latest version of the Vega cryptolocker program indicates the code may have been stolen from its authors and is now being used for destructive attacks, a new report suggests.
By Robert Lemos Contributing Writer, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Only Half of Malware Caught by Signature AV
Robert Lemos, Contributing WriterNews
Machine learning and behavioral detection are necessary to catch threats, WatchGuard says in a new report. Meanwhile, network attacks have risen, especially against older vulnerabilities, such as those in Apache Struts.
By Robert Lemos Contributing Writer, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
City of Pensacola, Fla., Confirms Ransomware Attack
Dark Reading Staff, Quick Hits
Most systems remain offline to prevent the attack from spreading.
By Dark Reading Staff , 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Big Changes Are Coming to Security Analytics & Operations
Jon Oltsik, Senior Principal Analyst & Fellow, Enterprise Strategy GroupCommentary
New ESG research points to fundamental problems, a need for scalable security data pipelines, and a migration to the public cloud.
By Jon Oltsik Senior Principal Analyst & Fellow, Enterprise Strategy Group, 12/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A total of 2.7 billion email addresses, 1 billion email account passwords, and nearly 800,000 applications for copies of birth certificate were found on unsecured cloud buckets.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Fixes Windows Zero-Day on Lightest Patch Tuesday of 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
This month's batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2019
Comment0 comments  |  Read  |  Post a Comment
Blink Cameras Found with Multiple Vulnerabilities
Dark Reading Staff, Quick Hits
Researchers found three broad types of vulnerabilities, one of which should be particularly concerning to consumers.
By Dark Reading Staff , 12/10/2019
Comment0 comments  |  Read  |  Post a Comment
Security 101: What Is a Man-in-the-Middle Attack?
Joan Goodchild, Contributing Writer
A breakdown of the common ways criminals employ MitM techniques to snare victims, and tips for protecting users from these dirty tricks.
By Joan Goodchild Contributing Writer, 12/10/2019
Comment0 comments  |  Read  |  Post a Comment
Intel's CPU Flaws Continue to Create Problems for the Tech Community
Irfan Ahmed, Assistant Professor in the Department of Computer Science at Virginia Commonwealth UniversityCommentary
We can't wait out this problem and hope that it goes away. We must be proactive.
By Irfan Ahmed Assistant Professor in the Department of Computer Science at Virginia Commonwealth University, 12/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Only 53% of Security Pros Have Ownership of Workforce IAM
Dark Reading Staff, Quick Hits
Most practitioners report an increase in identities, but many don't have control over how those identities are protected from a range of attacks.
By Dark Reading Staff , 12/10/2019
Comment0 comments  |  Read  |  Post a Comment
Deliver a Deadly Counterpunch to Ransomware Attacks: 4 Steps
Mathew Newfield, Chief Information Security Officer at UnisysCommentary
You can't prevent all ransomware attacks. However, it's possible to ensure that if a breach happens, it doesn't spread, affect business, and become a newsworthy event.
By Mathew Newfield Chief Information Security Officer at Unisys, 12/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Scientists Break Largest Encryption Key Yet with Brute Force
Dark Reading Staff, Quick Hits
The key, only one-third the length of most commercial encryption keys, took more than 35 million compute hours to break.
By Dark Reading Staff , 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by iamkelly
Current Conversations nice
In reply to: Re: very nice
Post Your Own Reply
Posted by herryjone
Current Conversations nice
In reply to: Re: very nice
Post Your Own Reply
More Conversations
Products & Releases
Accidental Data Breaches Are on the Rise; Corporate Email Is a Leading Cause
Secure Code Warrior Raises US$47.6M
Organizations Grapple With Growing Consumer Expectation for Personalization and Security Challenges
Tenable Acquires Indegy
Nuspire Hires Lewie Dunsworth As New CEO
70 Top Hackers from Around the World Gathered in Finland for the 5G Cybersecurity Hackathon
Kaspersky finds ransomware now targeting back-up data
New Genetec Research Shows Almost 4 in 10 Security Cameras Can Be at Risk of Cyberattack Due to Outdated Firmware
More Products & Releases
PR Newswire
edge
edge
The Next Security Silicon Valley: Coming to a City Near You?
The high cost of doing business in California's San Francisco Bay Area is just one factor driving infosec companies -- established and and startups, alike -- to pursue their fortunes elsewhere. Here's where many are going.
Security 101: What Is a Man-in-the-Middle Attack?
A breakdown of the common ways criminals employ MitM techniques to snare victims, and tips for protecting users from these dirty tricks.
New: From the Core to the Edge: 7 Reasons You Need Security at the Edge
No longer can you secure the perimeter and trust that nothing will get in or out.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
White Papers
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16246
PUBLISHED: 2019-12-12
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.
CVE-2019-17358
PUBLISHED: 2019-12-12
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP ...
CVE-2019-17428
PUBLISHED: 2019-12-12
An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted.
CVE-2019-18345
PUBLISHED: 2019-12-12
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrat...
CVE-2019-19198
PUBLISHED: 2019-12-12
The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Flash Poll
Video
Slideshows
Twitter Feed