Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Containerized Apps: An 8-Point Security Checklist
7 Variants (So Far) of Mirai
I, for One, Welcome Our Robotic Security Overlords
Dark Reading Launches Second INsecurity Conference
10 Open Source Security Tools You Should Know
News & Commentary
Exposed Container Orchestration Systems Putting Many Orgs at Risk
Jai Vijayan, Freelance writerNews
More than 22,600 open container orchestration and API management systems discovered on the Internet.
By Jai Vijayan Freelance writer, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
'Wallchart' Phishing Campaign Exploits World Cup Watchers
Kelly Sheridan, Staff Editor, Dark ReadingNews
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
By Kelly Sheridan Staff Editor, Dark Reading, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
Mass. Man Pleads Guilty in ATM Jackpotting Operation
Dark Reading Staff, Quick Hits
Citizens Bank ATM and others targeted in the scheme.
By Dark Reading Staff , 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
F-Secure Buys MWR InfoSecurity
Dark Reading Staff, Quick Hits
Finnish endpoint security company buys British security service provider in cash deal.
By Dark Reading Staff , 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
7 Ways Cybercriminals Are Scamming a Fortune from Cryptocurrencies
Ericka Chickowski, Contributing Writer, Dark Reading
Cryptocurrencies, how do hackers love thee? Let us count the ways.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
3 Tips for Driving User Buy-in to Security Policies
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
Trump-Kim Meeting Was a Magnet For Russian Cyberattacks
Jai Vijayan, Freelance writerNews
Attacks directed at targets in Singapore went through the roof earlier this week.
By Jai Vijayan Freelance writer, 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Email, Social Media Still Security Nightmares
Dark Reading Staff, Quick Hits
Phishing and banking trojans continue to be major threats brought into the enterprise.
By Dark Reading Staff , 6/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Hackers Crack iPhone Defense Built to Block Forensic Tools
Dark Reading Staff, Quick Hits
Grayshift, the company behind a system to help police break into iPhones, says it found a workaround for USB Restricted Mode.
By Dark Reading Staff , 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Modern Cybersecurity Demands a Different Corporate Mindset
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Intel Discloses Yet Another Side Channel Vulnerability
Jai Vijayan, Freelance writerNews
Moderate severity Lazy FP restore flaw affects Intel Core-based microprocessors.
By Jai Vijayan Freelance writer, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
Demystifying Mental Health in the Infosec Community
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts talk about burnout, diversity, mental health, and legal issues in a new Community track at Black Hat USA.
By Kelly Sheridan Staff Editor, Dark Reading, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
Kaspersky Lab Freezes Work with Europol in Protest of EU Vote
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New European Parliament document calls out Kaspersky Lab software as 'malicious' and says it should be banned.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften TechnologiesCommentary
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
By David Shefter Chief Technology Officer at Ziften Technologies, 6/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Mobile App Threats Continue to Grow
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Criminals looking to profit from corporate resources and information keep going after mobile devices, two new reports confirm.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
23,000 Compromised in HealthEquity Data Breach
Dark Reading Staff, Quick Hits
HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.
By Dark Reading Staff , 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer
Here are eight measures to take to ensure the security of your containerized application environment.
By Jai Vijayan Freelance writer, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, CorelightCommentary
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
By Greg Bell CEO, Corelight, 6/14/2018
Comment1 Comment  |  Read  |  Post a Comment
DDoS Amped Up: DNS, Memcached Attacks Rise
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
China and the US are the world's leading sources of distributed denial-of-service botnet attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/13/2018
Comment0 comments  |  Read  |  Post a Comment
Blockchain All the Rage But Comes With Numerous Risks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
By Kelly Sheridan Staff Editor, Dark Reading, 6/13/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Paladin Cyber Introduces Paladin Browser Protection as Google Chrome Extension
US Cyber Challenge Kicks Off 2018 Camp Season at Virginia Tech
Pulse Secure Virtual Application Delivery Controller Extends Availability to AWS GovCloud (US)
Teams & Enterprises Can Now Sign On With a Single Click on Wickr Pro
Symantec Introduces Cloud-Based Network Security Solution with Web Isolation; adds Complete Endpoint Protection
Hacker Known As 'Vigilance' Charged for Cyberattacks On Minnesota State Government Databases
Corelight Expands Product Portfolio with New Network Visibility Sensors
68% of EU, US Crypto Exchanges and Wallets Fail on Proper Customer Identity Checks
More Products & Releases
PR Newswire
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise security—the IT team members tasked with protecting critical data from cyber threats—and will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12557
PUBLISHED: 2018-06-19
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could ...
CVE-2018-12559
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequ...
CVE-2018-12560
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.
CVE-2018-12561
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.
CVE-2018-12562
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).
Flash Poll
Video
Slideshows
Twitter Feed