Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

2019 Pwnie Award Winners (And Those Who Wish They Weren't)

7 Online Safety Tips for College Students

8 Head-Turning Ransomware Attacks to Hit City Governments

Moving on Up: Ready for Your Apps to Live in the Cloud?

Top Stories

2019 Pwnie Award Winners (And Those Who ...

7 Online Safety Tips for College Students

8 Head-Turning Ransomware Attacks to Hit ...

Contest: Name That Toon

Moving on Up: Ready for Your Apps to Live ...

News & Commentary

What Americans Think About Ransomware

Quick Hits

New Harris Poll survey says most will weigh candidates' cybersecurity positions.

By Dark Reading Staff , 8/19/2019

0 comments | Read | Post a Comment

Instagram Added to Facebook Data-Abuse Bounty Program

News

Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.

By Jai Vijayan Contributing Writer, 8/19/2019

0 comments | Read | Post a Comment

Towns Across Texas Hit in Coordinated Ransomware Attack

News

The state government and cybersecurity groups have mobilized to respond to a mass ransomware attack that simultaneously hit 23 different towns statewide.

By Robert Lemos Contributing Writer, 8/19/2019

0 comments | Read | Post a Comment

VxWorks TCP/IP Stack Vulnerability Poses Major Manufacturing Risk

Curtis Franklin Jr., Senior Editor at Dark Reading

News

A new analysis shows the scale of risk posed by networking vulnerabilities in a popular embedded real-time operating system.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/19/2019

0 comments | Read | Post a Comment

US Chamber of Commerce, FICO Report National Risk Score of 688

Quick Hits

While the score was up for large businesses and down for small firms, the report urges all to prioritize third-party risk management.

By Dark Reading Staff , 8/19/2019

0 comments | Read | Post a Comment

Tough Love: Debunking Myths about DevOps & Security

Commentary

It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.

By Jeff Williams CTO, Contrast Security, 8/19/2019

0 comments | Read | Post a Comment

Modern Technology, Modern Mistakes

As employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk. And that leaves security teams having to defend an ever-expanding attack surface.

By Kacy Zurkus Contributing Writer, 8/19/2019

0 comments | Read | Post a Comment

Compliance Training? What Compliance Training?

Employees can run ... but they can't hide. Or can they?

By Beyond the Edge Dark Reading, 8/19/2019

0 comments | Read | Post a Comment

Google Analyzes Pilfered Password Reuse

Quick Hits

Password Checkup data shows some users still reuse their exposed passwords.

By Dark Reading Staff , 8/16/2019

1 Comment | Read | Post a Comment

Latest Comment: tdsan, They give us the ability to perform MFA/2fA, so this should help to address...

Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown

Kelly Sheridan, Staff Editor, Dark Reading

News

At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.

By Kelly Sheridan Staff Editor, Dark Reading, 8/16/2019

1 Comment | Read | Post a Comment

Latest Comment: tdsan, "Fixing individual vulnerabilities matters," he said toward the end of his...

European Central Bank Website Hit by Malware Attack

Quick Hits

The website was infected with malware that stole information on subscribers to a bank newsletter.

By Dark Reading Staff , 8/16/2019

1 Comment | Read | Post a Comment

Latest Comment: tdsan, Banks' Integrated Reporting Dictionary (BIRD), which publishes information...

Beat the Heat: Dark Reading Caption Contest Winners

Marilyn Cohodas, Managing Editor, Dark Reading

Commentary

Phishing, token codes, training, MFA, polluted data entry, and whales. And the winners are ...

By Marilyn Cohodas Managing Editor, Dark Reading, 8/16/2019

0 comments | Read | Post a Comment

Behind the Scenes at ICS Village

News

ICS Village co-founder Bryson Bort reveals plans for research-dedicated events that team independent researchers, critical infrastructure owners, and government specialists.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/16/2019

0 comments | Read | Post a Comment

More Than 20 Data Breaches Reported Per Day in First Half of 2019

News

But incidents involving SSNs, addresses, birth dates were smaller than in previous years.

By Jai Vijayan Contributing Writer, 8/15/2019

0 comments | Read | Post a Comment

NSA Researchers Talk Development, Release of Ghidra SRE Tool

News

NSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework.

By Kelly Sheridan Staff Editor, Dark Reading, 8/15/2019

0 comments | Read | Post a Comment

Adware, Trojans Hit Education Sector Hard

News

Students continue to be weak links for schools and universities, according to data from security firm Malwarebytes.

By Robert Lemos Contributing Writer, 8/15/2019

0 comments | Read | Post a Comment

New Research Finds More Struts Vulnerabilities

Quick Hits

Despite aggressive updating and patching, many organizations are still using versions of Apache Struts with known -- and new -- vulnerabilities.

By Dark Reading Staff , 8/15/2019

0 comments | Read | Post a Comment

The Flaw in Vulnerability Management: It's Time to Get Real

Jim Souders, Chief Executive Officer at Adaptiva

Commentary

Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future.

By Jim Souders Chief Executive Officer at Adaptiva, 8/15/2019

2 comments | Read | Post a Comment

Latest Comment: JimS980, Automation always has it's limits and challenges. Working across and breaking...

68% of Companies Say Red Teaming Beats Blue Teaming

Quick Hits

The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows.

By Dark Reading Staff , 8/15/2019

0 comments | Read | Post a Comment

The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?

Ray Overby, Co-Founder & President at Key Resources, Inc.

Commentary

The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.

By Ray Overby Co-Founder & President at Key Resources, Inc., 8/15/2019

3 comments | Read | Post a Comment

Latest Comment: AndrewfOP, I would say this to those who thought mainframes are "inherently" more secure: It...

More Stories

Current Conversations

Posted by Richard F.

Thanks for making additional useful points in the Reply. Actually a number of companies with limits far below USD $5 Million have been caught in this trap. The Montelone Hotel cyber coverage litigation in New Orleans, and...

In reply to: Re: Great Article - But There Are Dangerous Traps for Unwary
Post Your Own Reply

Posted by mcavanaugh1

On your points... First, you are correct. The cyber insurance policies are not standardized. There is no uniform coverage form like you would find in an Auto Insurance or Commercial General Liability policy. ...

In reply to: Re: Great Article - But There Are Dangerous Traps for Unwary
Post Your Own Reply

Posted by blightsey3921

Time to change the spam filter !

In reply to: time to change the spam filter
Post Your Own Reply

Posted by kratiw

In the "everything that is old is new again" category, I liken the push for security awareness to that of the WWII posters (try web search for "WWII security posters"). I'm sure WWII was the first time it was used. The cure...

In reply to: See WWII
Post Your Own Reply

Posted by LevA532

Lifeguard: [ waving naval flags ] Slide back to the firewall! You are blocking the ports! Repeat! You are blocking the bubble ports! [...] Lifeguard: [ through bullhorn ] THE ENTIRE STAFF APPRECIATES YOUR COOPERATION!!...

In reply to: Lifeguard on Duty
Post Your Own Reply

Posted by Hackerproof Tech

Thanks for the plain English explanation. Understanding that certificates supposedly confirm that a given site is the actual site the issues surrounding them are: 1. they can be spoofed. For example Google changes its...

In reply to: Are certificates really safe?
Post Your Own Reply

Posted by tdsan

Also, a token could be issued by the company to validate their authenticity, this would be stored on the customer's browser or computer to ensure they are working with the right organization. This ensures the data is sent...

In reply to: Re: A new way of looking at a problem,
Post Your Own Reply

Posted by SSTOLFO000

T Very wise observation. (I've been a proponent of using ML in security since the inception of my lab at Columbia University, sponsored by DARPA, since 1996.) There are indeed companies that access and analyze DNS and domain...

In reply to: Re: A new way of looking at a problem,
Post Your Own Reply

Posted by tdsan

"Fixing individual vulnerabilities matters," he said toward the end of his talk. In the next five years, one goal is to build a coalition of open attack research teams, encompassing researchers from industry, academia,...

In reply to: I think they already have something like this
Post Your Own Reply

Posted by tdsan

Banks' Integrated Reporting Dictionary (BIRD), which publishes information useful to those preparing regulatory and statistical reports, was infected in December 2018. The infection was discovered this week during site...

In reply to: Oh well, no big deal
Post Your Own Reply

Posted by tdsan

They give us the ability to perform MFA/2fA, so this should help to address some of those issues. Todd

In reply to: Sounds like they are trying to improve the process
Post Your Own Reply

Posted by kratiw

Sorry, I had to do it.

In reply to: What's in your repository?
Post Your Own Reply

More Conversations

Products & Releases

Global Cyber Alliance Launches Cybersecurity Development Platform for Internet of Things (IoT) Devices

Deloitte and Splunk Provide Automated Security Monitoring and Response Capabilities to Organizations Worldwide

Women’s Society of Cyberjutsu Crowns First Wicked6 Cyber Games Champion

Canon & PrinterLogic Integration Allows for Serverless Printing with Security Features

Microsoft, Imprivata Launch Cloud Access Security Tool for Healthcare

70% of Financial Companies Suffered a Cybersecurity Incident in the Past 12 Months

Code42's Data Loss Detection and Response Capabilities Spot Data Theft When Employees Quit

New Cyber Research Records a 91% Reduction in Dwell Time for Users of Deception Technology

More Products & Releases

PR Newswire

sponsored by



The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.

Modern Technology, Modern Mistakes

Compliance Training? What Compliance Training?

Employees can run ... but they can't hide. Or can they?

5 Things to Know About Cyber Insurance

More businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy.

Live Events

Webinars

Data Center World Conference & Expo: Pre-Registration Sign-Up

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

More Informa Tech Live Events

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Lifeguard: [ waving naval flags ] Slide back to the firewall! You are blocking the ports! Repeat! You are blocking the bubble ...

Cartoon Archive

White Papers

Farewell Passwords? The Future of Identity and Authorization

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

[eBook] It's Time to Embrace the Cloud

Are Your Security Controls Yesterday's News?

State of the Cloud

More White Papers

Current Issue

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-15237
PUBLISHED: 2019-08-20

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

CVE-2019-15228
PUBLISHED: 2019-08-20

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

CVE-2019-15229
PUBLISHED: 2019-08-20

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

CVE-2019-15231
PUBLISHED: 2019-08-20

Webmin 1.890, in a default installation, contains a backdoor that allows an unauthenticated attacker to remotely execute commands. This is different from CVE-2019-15107. NOTE: as of 2019-08-19, the vendor reports that "at some point" malicious code was inserted into their build infrastruct...

CVE-2019-15232
PUBLISHED: 2019-08-20

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

Reports

The State of IT Operations and Cybersecurity Operations

Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

More Reports

Flash Poll

All Polls

Video