Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 SMB Security Tips That Will Keep Your Company Safe
8 Ways Businesses Unknowingly Help Hackers
7 Considerations Before Adopting Security Standards
Works of Art: Cybersecurity Inspires 6 Winning Ideas
Name That Toon: SOC Puppets
News & Commentary
FTC Warns Consumers About Stalking Apps
Dark Reading Staff, Quick Hits
Agency offers tips on how to detect and eradicate the spyware.
By Dark Reading Staff , 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
IoTopia Framework Aims to Bring Security to Device Manufacturers
Kelly Sheridan, Staff Editor, Dark ReadingNews
GlobalPlatform launches an initiative to help companies secure connected devices and services across markets.
By Kelly Sheridan Staff Editor, Dark Reading, 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
Oracle Releases Free Tool for Monitoring Internet Routing Security
Jai Vijayan, Contributing WriterNews
IXP Filter Check gives Internet Exchange Points a way to verify whether they are properly filtering out incorrect and malicious routes.
By Jai Vijayan Contributing Writer, 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
Planning a Zero-Trust Initiative? Here's How to Prioritize
James Carder, CISO & VP, LogRhythm Labs, LogRhythm, Inc.Commentary
If you start by focusing on users, data, access, and managed devices, you will make major strides toward achieving better security.
By James Carder CISO & VP, LogRhythm Labs, LogRhythm, Inc., 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
10% of Small Businesses Breached Shut Down in 2019
Dark Reading Staff, Quick Hits
As a result of cybercrime, 69% of small organizations were forced offline for a limited time and 37% experienced financial loss.
By Dark Reading Staff , 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
What Has Cybersecurity Pros So Stressed -- And Why It's Everyone's Problem
Kevin Coston, Cloud Security Architect, Akamai Technologies
As cyberattacks intensify and the skills gap broadens, it's hard not to wonder how much more those in the industry can take before throwing in the towel.
By Kevin Coston Cloud Security Architect, Akamai Technologies, 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
8 Tips for More Secure Mobile Computing
Curtis Franklin Jr., Senior Editor at Dark Reading
Mobile devices are a huge part of enterprise IT. Here's what to advise their users to do to keep their devices — and critical business data — best protected.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
About 50% of Apps Are Accruing Unaddressed Vulnerabilities
Jai Vijayan, Contributing WriterNews
In rush to fix newly discovered security issues, developers are neglecting to address older ones, Veracode study finds.
By Jai Vijayan Contributing Writer, 10/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Alliance Forms to Focus on Securing Operational Technology
Robert Lemos, Contributing WriterNews
While mainly made up of vendors, the Operational Technology Cyber Security Alliance aims to offer security best practices for infrastructure operators and industrial partners.
By Robert Lemos Contributing Writer, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
FIDO-Based Authentication Arrives for Smartwatches
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Nok Nok App SDK for Smart Watch is designed to let businesses implement FIDO-based authentication on smartwatches.
By Kelly Sheridan Staff Editor, Dark Reading, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
Celeste Fralick, Chief Data Scientist & Senior Principal Engineer, McAfeeCommentary
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
By Celeste Fralick Chief Data Scientist & Senior Principal Engineer, McAfee, 10/22/2019
Comment1 Comment  |  Read  |  Post a Comment
NordVPN Breached Via Data Center Provider's Error
Dark Reading Staff, Quick Hits
The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.
By Dark Reading Staff , 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Autoclerk Database Spills 179GB of Customer, US Government Data
Dark Reading Staff, Quick Hits
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.
By Dark Reading Staff , 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Keeping Too Many Cooks out of the Security Kitchen
Joshua Goldfarb, Independent ConsultantCommentary
A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.
By Joshua Goldfarb Independent Consultant, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Bugcrowd Enters the IT Asset Discovery Business
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New service searches for errant or vulnerable devices on the Internet.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
How Much Security Is Enough? Practitioners Weigh In
Kelly Sheridan, Staff Editor, Dark ReadingNews
Most IT and security pros surveyed say they could afford some, but not all, of the minimum security needed to protect themselves.
By Kelly Sheridan Staff Editor, Dark Reading, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Russian Hackers Using Iranian APT's Infrastructure in Widespread Attacks
Jai Vijayan, Contributing WriterNews
New advisory from the UK's NCSC and the NSA throws fresh light on activity first revealed by Symantec in June.
By Jai Vijayan Contributing Writer, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Partnerships with Intel, Qualcomm, and AMD will bring a new layer of device security that alters the boot process to detect firmware compromise.
By Kelly Sheridan Staff Editor, Dark Reading, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Avast Foils Another CCleaner Attack
Robert Lemos, Contributing WriterNews
'Abiss' attackers used an older VPN profile to get into Avast's network and targeted its CCleaner utility.
By Robert Lemos Contributing Writer, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by SitusPoker1
Current Conversations nice Post
In reply to: SitusPoker1
Post Your Own Reply
Posted by christophertbish
Current Conversations thank for somuch
In reply to: thank pro
Post Your Own Reply
Posted by slotnetwork
Current Conversations very nice blog 
In reply to: Slots Network
Post Your Own Reply
More Conversations
Products & Releases
Splunk Mission Control Takes Off
Claroty Appoints Thorsten Freitag as Chief Executive Officer
Resecurity Forms Team to Deliver In-Depth Analysis of Data Inside Context™ Platform
Akamai Edge Platform Increases Security Protections For Content, Sites, Apps
ThreatConnect Wins SOAR Platform of the Year Award in 2019 CyberSecurity Breakthrough Awards
Forcepoint Delivers Global Security Cloud Offering
Forescout Delivers Impact-Based Security Risk Assessment Tool for Industrial Control System and Operational Technology Networks
Deloitte Consumer Privacy in Retail Survey: The Next Regulatory and Competitive Frontier
More Products & Releases
PR Newswire
edge
edge
What Has Cybersecurity Pros So Stressed -- And Why It's Everyone's Problem
As cyberattacks intensify and the skills gap broadens, it's hard not to wonder how much more those in the industry can take before throwing in the towel.
Surviving Security Alert Fatigue: 7 Tools and Techniques
Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load.
Turning Vision to Reality: A New Road Map for Security Leadership
Among the takeaways from a Gartner Symposium/Xpo session: who should be accountable for data security, why security groups should stop thinking of themselves as protectors, and the consequence of locking down 'dumb' users.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18387
PUBLISHED: 2019-10-23
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
CVE-2019-18212
PUBLISHED: 2019-10-23
XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.
CVE-2019-18213
PUBLISHED: 2019-10-23
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response cap...
CVE-2019-18384
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.
CVE-2019-18385
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Flash Poll
Video
Slideshows
Twitter Feed