Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

7 SMB Security Tips That Will Keep Your Company Safe
8 Ways Businesses Unknowingly Help Hackers
7 Considerations Before Adopting Security Standards
Works of Art: Cybersecurity Inspires 6 Winning Ideas
Name That Toon: SOC Puppets
News & Commentary
Bugcrowd Enters the IT Asset Discovery Business
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New service searches for errant or vulnerable devices on the Internet.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
How Much Security Is Enough? Practitioners Weigh In
Kelly Sheridan, Staff Editor, Dark ReadingNews
Most IT and security pros surveyed say they could afford some, but not all, of the minimum security needed to protect themselves.
By Kelly Sheridan Staff Editor, Dark Reading, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Russian Hackers Using Iranian APT's Infrastructure in Widespread Attacks
Jai Vijayan, Contributing WriterNews
New advisory from the UK's NCSC and the NSA throws fresh light on activity first revealed by Symantec in June.
By Jai Vijayan Contributing Writer, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Partnerships with Intel, Qualcomm, and AMD will bring a new layer of device security that alters the boot process to detect firmware compromise.
By Kelly Sheridan Staff Editor, Dark Reading, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Avast Foils Another CCleaner Attack
Robert Lemos, Contributing WriterNews
'Abiss' attackers used an older VPN profile to get into Avast's network and targeted its CCleaner utility.
By Robert Lemos Contributing Writer, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Turn Alexa and Google Home Into Credential Thieves
Dark Reading Staff, Quick Hits
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
By Dark Reading Staff , 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Trend Micro Buys Cloud Conformity to Fight Cloud Competition
Dark Reading Staff, Quick Hits
The cloud security posture management startup was acquired for a reported $70 million.
By Dark Reading Staff , 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
SOC Operations: 6 Vital Lessons & Pitfalls
Todd Thiemann, Director, Arctic Wolf NetworksCommentary
There is no one road to security operations success, but these guidelines will smooth your path.
By Todd Thiemann Director, Arctic Wolf Networks, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Surviving Security Alert Fatigue: 7 Tools and Techniques
Kelly Sheridan, Staff Editor, Dark Reading
Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load.
By Kelly Sheridan Staff Editor, Dark Reading, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Turning Vision to Reality: A New Road Map for Security Leadership
Curtis Franklin Jr., Senior Editor at Dark Reading
Among the takeaways from a Gartner Symposium/Xpo session: who should be accountable for data security, why security groups should stop thinking of themselves as protectors, and the consequence of locking down 'dumb' users.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Tor Weaponized to Steal Bitcoin
Dark Reading Staff, Quick Hits
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
By Dark Reading Staff , 10/18/2019
Comment1 Comment  |  Read  |  Post a Comment
In A Crowded Endpoint Security Market, Consolidation Is Underway
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
CenturyLink Customer Data Exposed
Dark Reading Staff, Quick Hits
Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
By Dark Reading Staff , 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Glitching: The Hardware Attack That Can Disrupt Secure Software
Curtis Franklin Jr., Senior Editor at Dark Reading
Glitching (or fault-injection) attacks aren't easy (yet). But get ready, because as the IoT grows, these attacks will be a big reason that hardware security should be part of your cybersecurity planning.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
SOC Puppet: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Social engineering, SOC analysts, and Sock puns. And the winners are:
By Marilyn Cohodas Managing Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Older Amazon Devices Subject to Old Wi-Fi Vulnerability
Dark Reading Staff, Quick Hits
The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.
By Dark Reading Staff , 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Debug Feature in Web Dev Tool Exposed Trump Campaign Site, Others to Attack
Jai Vijayan, Contributing WriterNews
The problem is not with the tool itself but with how some developers and administrators are using it, Comparitech says.
By Jai Vijayan Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Phishing Campaign Targets Stripe Credentials, Financial Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
By Kelly Sheridan Staff Editor, Dark Reading, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
By Ericka Chickowski Contributing Writer, 10/17/2019
Comment2 comments  |  Read  |  Post a Comment
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Debby Briggs, Chief Security Officer at NETSCOUTCommentary
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
By Debby Briggs Chief Security Officer at NETSCOUT, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
edge
edge
Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load.
Among the takeaways from a Gartner Symposium/Xpo session: who should be accountable for data security, why security groups should stop thinking of themselves as protectors, and the consequence of locking down 'dumb' users.
In part one of this two-part series, we start with the basics -- getting everyone to understand what's at stake -- and then look at lessons from the trenches.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17424
PUBLISHED: 2019-10-22
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
CVE-2019-16404
PUBLISHED: 2019-10-21
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
CVE-2019-17400
PUBLISHED: 2019-10-21
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
CVE-2019-17498
PUBLISHED: 2019-10-21
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a ...
CVE-2019-16969
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Flash Poll
Video
Slideshows
Twitter Feed