Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cybercriminal's Black Market Pricing Guide
6 Questions to Ask Once You've Learned of a Breach
Poll Results: Maybe Not Burned Out, But Definitely 'Well Done'
Name That Toon: SOC Puppets
Security Leaders Share Tips for Boardroom Chats
News & Commentary
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading
VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/21/2019
Comment0 comments  |  Read  |  Post a Comment
HP Purchases Security Startup Bromium
Dark Reading Staff, Quick Hits
The purchase will bring new isolation and threat intelligence capabilities to the HP portfolio.
By Dark Reading Staff , 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
Ransomware Strikes 49 School Districts & Colleges in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Dark Reading Staff, Quick Hits
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
By Dark Reading Staff , 9/20/2019
Comment1 Comment  |  Read  |  Post a Comment
A Safer IoT Future Must Be a Joint Effort
Sivan Rauscher, CEO & Co-Founder, SAM Seamless NetworkCommentary
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
By Sivan Rauscher CEO & Co-Founder, SAM Seamless Network, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
A Beginner's Guide to Microsegmentation
Ericka Chickowski, Contributing Writer
In a world in which the data center perimeter has all but evaporated, traditional segmentation no longer is enough. Enter microsegmentation. Here's what organizations need to do to maximize the benefits of this improved security architecture.
By Ericka Chickowski Contributing Writer, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3
Jai Vijayan, Contributing WriterNews
The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.
By Jai Vijayan Contributing Writer, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Metasploit Creator HD Moore's Latest Hack: IT Assets
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Moore has built a network asset discovery tool that wasn't intended to be a pure security tool, but it addresses a glaring security problem.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
California's IoT Security Law Causing Confusion
Robert Lemos, Contributing WriterNews
The law, which goes into effect January 1, requires manufacturers to equip devices with 'reasonable security feature(s).' What that entails is still an open question.
By Robert Lemos Contributing Writer, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
BSIMM10 Emphasizes DevOps' Role in Software Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Security Pros Value Disclosure ... Sometimes
Dark Reading Staff, Quick Hits
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
By Dark Reading Staff , 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Deconstructing an iPhone Spearphishing Attack
Marc Rogers, Executive Director of Cybersecurity, OktaCommentary
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
By Marc Rogers Executive Director of Cybersecurity, Okta, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Ping Identity Prices IPO at $15 per Share
Dark Reading Staff, Quick Hits
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
By Dark Reading Staff , 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Crowdsourced Security & the Gig Economy
Alex Haynes, Chief Information Security Officer, CDLCommentary
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
By Alex Haynes Chief Information Security Officer, CDL, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
The 20 Worst Metrics in Cybersecurity
Ericka Chickowski, Contributing Writer
Security leaders are increasingly making their case through metrics, as well they should as long as they're not one of these.
By Ericka Chickowski Contributing Writer, 9/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Saudi IT Providers Hit in Cyber Espionage Operation
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Symantec identifies new 'Tortoiseshell' nation-state group as the attackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
WannaCry Detections At An All-Time High
Jai Vijayan, Contributing WriterNews
More than 12,000 variants of the infamous malware are targeting systems that are still open to the EternalBlue exploit - but the potential danger is low, Sophos warns.
By Jai Vijayan Contributing Writer, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Cybercriminals Exploit Simple Human Mistakes
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
The Top 'Human Hacks' to Watch For Now
Joan Goodchild, Contributing Writer
Social engineering is as old as mankind. But its techniques have evolved with time. Here are the latest tricks criminals are using to dupe end users.
By Joan Goodchild Contributing Writer, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
GitHub Becomes CVE Numbering Authority, Acquires Semmle
Dark Reading Staff, Quick Hits
Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by juliabeyers
Current Conversations Thanks for your analytics
In reply to: Thanks
Post Your Own Reply
More Conversations
PR Newswire
edge
edge
In a world in which the data center perimeter has all but evaporated, traditional segmentation no longer is enough. Enter microsegmentation. Here's what organizations need to do to maximize the benefits of this improved security architecture.
Security leaders are increasingly making their case through metrics, as well they should -- as long as they're not one of these.
Social engineering is as old as mankind. But its techniques have evolved with time. Here are the latest tricks criminals are using to dupe end users.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16669
PUBLISHED: 2019-09-21
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
CVE-2019-16656
PUBLISHED: 2019-09-21
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
CVE-2019-16657
PUBLISHED: 2019-09-21
TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.
CVE-2019-16658
PUBLISHED: 2019-09-21
TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.
CVE-2019-16659
PUBLISHED: 2019-09-21
TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Flash Poll
Video
Slideshows
Twitter Feed