Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Containerized Apps: An 8-Point Security Checklist
7 Variants (So Far) of Mirai
I, for One, Welcome Our Robotic Security Overlords
Dark Reading Launches Second INsecurity Conference
10 Open Source Security Tools You Should Know
News & Commentary
Destructive Nation-State Cyber Attacks Will Rise, Say European Infosec Pros
Jai Vijayan, Freelance writerNews
More than 90 percent of respondents in a Tripwire survey in Europe expect attacks by state-sponsored threat actors to increase in the next 12 months.
By Jai Vijayan Freelance writer, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Four New Vulnerabilities in Phoenix Contact Industrial Switches
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Artificial Intelligence & the Security Market
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Click2Gov Breaches Attributed to WebLogic Application Flaw
Dark Reading Staff, Quick Hits
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
By Dark Reading Staff , 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
7 Places Where Privacy and Security Collide
Curtis Franklin Jr., Senior Editor at Dark Reading
Privacy and security can experience tension at a number of points in the enterprise. Here are seven — plus some possibilities for easing the strain.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Jason McKay, CTO, LogicworksCommentary
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
By Jason McKay CTO, Logicworks, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office: The Go-To Platform for Zero-Day Exploits
Kelly Sheridan, Staff Editor, Dark ReadingNews
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
By Kelly Sheridan Staff Editor, Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
AppSec in the World of 'Serverless'
Boris Chen, Co-founder and VP Engineering, tCell, Inc.Commentary
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
By Boris Chen Co-founder and VP Engineering, tCell, Inc., 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment3 comments  |  Read  |  Post a Comment
China-Based Cyber Espionage Campaign Targets Satellite, Telecom, Defense Firms
Jai Vijayan, Freelance writerNews
Threat group Thrip is using three computers based in China to steal data from targeted companies in Southeast Asia and the US, Symantec says.
By Jai Vijayan Freelance writer, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, PreemptCommentary
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
By Ajit Sancheti CEO and Co-Founder, Preempt, 6/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Intel VP Talks Data Security Focus Amid Rise of Blockchain, AI
Kelly Sheridan, Staff Editor, Dark ReadingNews
Intel vice president Rick Echevarria discusses the challenges of balancing data security with new technologies like blockchain and artificial intelligence.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Alphabet Launches VirusTotal Monitor to Stop False Positives
Dark Reading Staff, Quick Hits
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
By Dark Reading Staff , 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Improving the Adoption of Security Automation
Dan Koloski, Vice President, Oracle's Systems Management and Security products groupCommentary
Four barriers to automation and how to overcome them.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Best and Worst Tasks for Security Automation
Kelly Sheridan, Staff Editor, Dark Reading
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Mylobot Malware Brings New Sophistication to Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Most Websites and Web Apps No Match for Attack Barrage
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The average website is attacked 50 times per day, with small businesses especially vulnerable.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writerNews
The electric carmaker is the victim of an "extensive and damaging" insider attack, says CEO Elon Musk.
By Jai Vijayan Freelance writer, 6/19/2018
Comment2 comments  |  Read  |  Post a Comment
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
By Kelly Sheridan Staff Editor, Dark Reading, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
How to Prepare for 'WannaCry 2.0'
Shimon Oren, Head of Cyber Intelligence at Deep InstinctCommentary
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
By Shimon Oren Head of Cyber Intelligence at Deep Instinct, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Trillium Opens Michigan Cybersecurity Operations and R&D Center
Avira Launches Free Security Tool for Mac
New Report Shows Fraud on the Rise with Sharp Growth in US-Based Activity
Liongard Raises $1.25M In Funding, Plans to Bring Automation to IT Managed Service Providers
Duo Security's Trusted Endpoints Integrated with Sophos Mobile
FireEye and Gigamon Announce Global Partnership
Cylance Announces $120 Million Funding Round
Arizona Man Sentenced to Prison for Distributed Denial of Service Attacks Against Emergency Communications System and Other Municipal Websites
More Products & Releases
PR Newswire
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise security—the IT team members tasked with protecting critical data from cyber threats—and will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12633
PUBLISHED: 2018-06-22
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (...
CVE-2018-12634
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
CVE-2018-12635
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.
CVE-2018-12630
PUBLISHED: 2018-06-21
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
CVE-2018-12631
PUBLISHED: 2018-06-21
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.
Flash Poll
Video
Slideshows
Twitter Feed