Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

7 SMB Security Tips That Will Keep Your Company Safe
8 Ways Businesses Unknowingly Help Hackers
7 Considerations Before Adopting Security Standards
Works of Art: Cybersecurity Inspires 6 Winning Ideas
Name That Toon: SOC Puppets
News & Commentary
Typosquatting Websites Proliferate in Run-up to US Elections
Jai Vijayan, Contributing WriterNews
People who mistype the URL for their political candidate or party's website could end up on an opposing party or candidate's website, Digital Shadow's research shows.
By Jai Vijayan Contributing Writer, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
How to Build a Rock-Solid Cybersecurity Culture
Joan Goodchild, Contributing Writer
In part one of this two-part series, we start with the basics getting everyone to understand what's at stake and then look at lessons from the trenches.
By Joan Goodchild Contributing Writer, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Advice From Betty White
Beyond the Edge, Dark Reading
Among the beloved entertainer's advice: "Double bag those passwords."Thanks, Betty.
By Beyond the Edge Dark Reading, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
Dark Reading Staff, Quick Hits
The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
By Dark Reading Staff , 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
James Plouffe, Lead Architect at MobileIronCommentary
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
By James Plouffe Lead Architect at MobileIron, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Launches Security Health Analytics in Beta
Dark Reading Staff, Quick Hits
The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.
By Dark Reading Staff , 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cryptojacking Worm Targets and Infects 2,000 Docker Hosts
Robert Lemos, Contributing WriterNews
Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.
By Robert Lemos Contributing Writer, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Federal CIOs Zero In on Zero Trust
William Peteroy, Chief Technology Officer, Security, at GigamonCommentary
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
By William Peteroy Chief Technology Officer, Security, at Gigamon, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers following the ransomware variant uncover new data on how much its affiliates earn and where they spend it.
By Kelly Sheridan Staff Editor, Dark Reading, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
Targeted Ransomware Attacks Show No Signs of Abating
Jai Vijayan, Contributing WriterNews
Criminals are becoming more sophisticated and targeted in going after enterprise organizations, a new Q2/Q3 report finds.
By Jai Vijayan Contributing Writer, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
IoT Attacks Up Significantly in First Half of 2019
Dark Reading Staff, Quick Hits
New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.
By Dark Reading Staff , 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
More Breaches, Less Certainty Cause Dark Web Prices to Plateau
Robert Lemos, Contributing WriterNews
New research finds it's now less than $10 for full credit details on a consumer, $100 for a distributed denial-of-service attack, and $50 for access to a US bank account.
By Robert Lemos Contributing Writer, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Protect Against Ransomware Attacks
AJ Nash, Director of Cyber Intelligence Strategy at AnomaliCommentary
Paying a ransom is strongly discouraged by experts. So, how do you protect your organization?
By AJ Nash Director of Cyber Intelligence Strategy at Anomali, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
Symantec Adds Endpoint Security Tool to Revamp Portfolio
Dark Reading Staff, Quick Hits
Symantec Endpoint Security aims to deliver protection, detection, threat hunting, and response in a single tool.
By Dark Reading Staff , 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
14 Hot Cybersecurity Certifications Right Now
Joan Goodchild, Contributing Writer
In an industry where certifications can make or break a job candidacy, which ones have security pros been going after in 2019?
By Joan Goodchild Contributing Writer, 10/15/2019
Comment2 comments  |  Read  |  Post a Comment
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Marc Laliberte, Senior Security Analyst, WatchGuard TechnologiesCommentary
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
By Marc Laliberte Senior Security Analyst, WatchGuard Technologies, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
Sophos for Sale: Thoma Bravo Offers $3.9B
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.
By Kelly Sheridan Staff Editor, Dark Reading, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Cyber Theft, Humint Helped China Cut Corners on Passenger Jet
Jai Vijayan, Contributing WriterNews
Beijing likely saved a lot of time and billions of dollars by copying components for its C919 plane from others, a new report from CrowdStrike says.
By Jai Vijayan Contributing Writer, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Pitney Bowes Hit by Ransomware
Dark Reading Staff, Quick Hits
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
By Dark Reading Staff , 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Tamper Protection Arrives for Microsoft Defender ATP
Dark Reading Staff, Quick Hits
The feature, designed to block unauthorized changes to security features, is now generally available.
By Dark Reading Staff , 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
edge
edge
In part one of this two-part series, we start with the basics -- getting everyone to understand what's at stake -- and then look at lessons from the trenches.
In an industry where certifications can make or break a job candidacy, which ones have security pros been going after in 2019?
Poisoning can be used against network infrastructure and applications. Understanding how DNS cache poisoning, machine learning model poisoning, and other attacks work can help you prepare the proper antidote.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13116
PUBLISHED: 2019-10-16
The MuleSoft Mule runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections.
CVE-2019-17664
PUBLISHED: 2019-10-16
NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to ex...
CVE-2019-17665
PUBLISHED: 2019-10-16
NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.
CVE-2019-17435
PUBLISHED: 2019-10-16
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.
CVE-2019-17436
PUBLISHED: 2019-10-16
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system.
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Flash Poll
Video
Slideshows
Twitter Feed