Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
6 Small-Business Password Managers
10 Tips for Building Compliance by Design into Cloud Architecture
8 Holiday Security Tips for Retailers
4 Ways to Soothe a Stressed-Out Incident Response Team
8 Tips for More Secure Mobile Computing
News & Commentary
Employee Privacy in a Mobile Workplace
Michael J. Covington, Vice President of Product Strategy at WanderaCommentary
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.
By Michael J. Covington Vice President of Product Strategy at Wandera, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Former White House CIO Shares Enduring Security Strategies
Kelly Sheridan, Staff Editor, Dark ReadingNews
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
By Kelly Sheridan Staff Editor, Dark Reading, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments
Black Hat Staff, News
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visa’s contactless payments security system vulnerabilities.
By Alex Wawro, Special to Dark Reading , 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Why Multifactor Authentication Is Now a Hacker Target
Tanner Johnson, Senior Analyst, Connectivity & IoT, IHS MarkitCommentary
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
By Tanner Johnson Senior Analyst, Connectivity & IoT, IHS Markit, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones
Dark Reading Staff, Quick Hits
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.
By Dark Reading Staff , 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats
Jai Vijayan, Contributing WriterNews
Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways.
By Jai Vijayan Contributing Writer, 11/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Attacker Mistake Botches Cyborg Ransomware Campaign
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
By Kelly Sheridan Staff Editor, Dark Reading, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Up Sharply in Third Quarter of 2019
Dark Reading Staff, Quick Hits
DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly.
By Dark Reading Staff , 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhiCommentary
Trusted Platform Modules are well-suited to a wide range of applications, but for the strongest security, architect them into "defense-in-depth" designs.
By Ari Singer CTO at TrustPhi, 11/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Most Companies Lag Behind '1-10-60' Benchmark for Breach Response
Robert Lemos, Contributing WriterNews
Average company needs 162 hours to detect, triage, and contain a breach, according to a new CrowdStrike survey.
By Robert Lemos Contributing Writer, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & PhelpsCommentary
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
By Nicole Sette Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
Magecart Hits Macy's: Retailer Discloses Data Breach
Dark Reading Staff, Quick Hits
The retail giant discovered malicious code designed to capture customer data planted on its payment page.
By Dark Reading Staff , 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
If You Never Cared About Security ...
Beyond the Edge, Dark Reading
Oh, I used to feel that way. (Until a BEC attack.)
By Beyond the Edge Dark Reading, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
A Security Strategy That Centers on Humans, Not Bugs
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
By Andrea Little Limbago Chief Social Scientist, Virtru, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
Americans Fed Up with Lack of Data Privacy
Robert Lemos, Contributing WriterNews
Eight out of every 10 US adults are worried over their inability to control how data about them is used, a new Pew Research survey shows.
By Robert Lemos Contributing Writer, 11/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Disney+ Credentials Land in Dark Web Hours After Service Launch
Dark Reading Staff, Quick Hits
The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords.
By Dark Reading Staff , 11/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Windows Hello for Business Opens Door to New Attack Vectors
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
By Kelly Sheridan Staff Editor, Dark Reading, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
GitHub Initiative Seeks to Secure Open Source Code
Jai Vijayan, Contributing WriterNews
New Security Lab will give researchers, developers, code maintainers, and organizations a way to coordinate efforts on addressing vulnerabilities.
By Jai Vijayan Contributing Writer, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Medical Device Vendors Hold Healthcare Security for Ransom
Curtis Franklin Jr., Senior Editor at Dark Reading
While being pummeled by ransomware attacks, healthcare centers also face growing IoT-related threats. Here's how they manage security amid a complex set of risks.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerryCommentary
How the helping hand of artificial intelligence allows security teams to remain human while protecting themselves from their own humanity being used against them.
By John McClurg Sr. VP & CISO, BlackBerry, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by KhalilMills
Current Conversations Thank Pro
In reply to: thank so much
Post Your Own Reply
More Conversations
Products & Releases
Egnyte Announces New Layer In Its Industry-Leading Content Intelligence Engine
Google Collaborates with Fortanix to Deliver External Key Management System for Public Cloud
Respond Software Launches First Responder Service to Automate Speed, Accuracy of MDR at Fraction of Cost
Research: A third of the world's largest enterprises use inadequate data sanitization to prevent data breaches at end-of-life
NINJIO Introduces Security Awareness Training for SMBS
Kaspersky: More Senior Execs Making Cyber Decisions
Trend Micro Launches Smart Factory Security Solutions
MITRE Engenuity Announces the Center for Threat-Informed Defense
More Products & Releases
PR Newswire
edge
edge
How Medical Device Vendors Hold Healthcare Security for Ransom
While being pummeled by ransomware attacks, healthcare centers also face growing IoT-related threats. Here's how they manage security amid a complex set of risks.
New: Everything You Always Wanted to Know About Security at the Edge But Were Afraid to Ask
The secure perimeter as we know it is dissolving. So how do you protect your crown jewels when the castle has no walls?
Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed
Degrees, certifications, and experience are all important to career development, but mastering the people side of the equation may matter a whole lot more, CISOs say.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
White Papers
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18858
PUBLISHED: 2019-11-20
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
CVE-2019-3466
PUBLISHED: 2019-11-20
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
CVE-2010-4659
PUBLISHED: 2019-11-20
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.
CVE-2019-4530
PUBLISHED: 2019-11-20
IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.
CVE-2019-4561
PUBLISHED: 2019-11-20
IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the syst...
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Flash Poll
Video
Slideshows
Twitter Feed