Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
The 10 Essentials of Infosec Forensics
Frank Taylor: Better Processes Lead to Tighter Security
7 Hot Cybersecurity Trends to Be Highlighted at Black Hat
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
News & Commentary
CISO Pressures: Why the Role Stinks and How to Fix It
Rick McElroy, Principal Security Strategist at Carbon BlackCommentary
CISOs spend much less time in their role than other members of the boardroom. It's a serious problem that must be addressed.
By Rick McElroy Principal Security Strategist at Carbon Black, 7/22/2019
Comment0 comments  |  Read  |  Post a Comment
6 Actions that Made GDPR Real in 2019
Steve Zurier, Contributing Writer
In the wake of recent fines levied against British Airways, Marriott, and Facebook, companies are starting to take data privacy and security more seriously.
By Steve Zurier Contributing Writer, 7/22/2019
Comment0 comments  |  Read  |  Post a Comment
Malware in PyPI Code Shows Supply Chain Risks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/19/2019
Comment0 comments  |  Read  |  Post a Comment
Europol Head Fears 5G Will Give Criminals an Edge
Dark Reading Staff, Quick Hits
Catherine De Bolle is concerned law enforcement will lose its ability to track criminals with the arrival of 5G networks.
By Dark Reading Staff , 7/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Mirai Groups Target Business IoT Devices
Robert Lemos, Contributing WriterNews
More than 30% of Mirai attacks, and an increasing number of variants of the malicious malare, are going after enterprise IoT devices, raising the stakes for business.
By Robert Lemos Contributing Writer, 7/19/2019
Comment0 comments  |  Read  |  Post a Comment
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPENCommentary
Why apples-to-apples performance tests are the only way to accurately gauge the impact of network security products and solutions.
By Brian Monkman Executive Director at NetSecOPEN, 7/19/2019
Comment3 comments  |  Read  |  Post a Comment
Security Lessons From a New Programming Language
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/18/2019
Comment0 comments  |  Read  |  Post a Comment
BitPaymer Ransomware Operators Wage Custom, Targeted Attacks
Jai Vijayan, Contributing WriterNews
A new framework is allowing the threat group to compile variants of the malware for each victim, Morphisec says.
By Jai Vijayan Contributing Writer, 7/18/2019
Comment0 comments  |  Read  |  Post a Comment
RDP Bug Takes New Approach to Host Compromise
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers show how simply connecting to a rogue machine can silently compromise the host.
By Kelly Sheridan Staff Editor, Dark Reading, 7/18/2019
Comment2 comments  |  Read  |  Post a Comment
Open Source Hacking Tool Grows Up
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Koadic toolkit gets upgrades — and a little love from nation-state hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/18/2019
Comment0 comments  |  Read  |  Post a Comment
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Jai Vijayan, Contributing Writer
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
By Jai Vijayan Contributing Writer, 7/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Bulgarian Tax Breach Nets All the Records
Dark Reading Staff, Quick Hits
An attack by a 'wizard hacker' results in leaked records for virtually every Bulgarian taxpayer.
By Dark Reading Staff , 7/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Capture the Flag Competitions Strengthen the Cybersecurity Workforce
Dr. Giovanni Vigna, Chief Technology Officer at LastlineCommentary
These competitions challenge participants with problems involving digital forensics, cryptography, binary analysis, web security, and many other fields.
By Dr. Giovanni Vigna Chief Technology Officer at Lastline, 7/18/2019
Comment2 comments  |  Read  |  Post a Comment
79% of US Consumers Fear Webcams Are Watching
Dark Reading Staff, Quick Hits
Widespread privacy concerns have caused 60% of people to cover their laptop webcams — some in creative ways — survey data shows.
By Dark Reading Staff , 7/18/2019
Comment0 comments  |  Read  |  Post a Comment
Calculating the Value of Security
Jason Sandys, Microsoft Enterprise Mobility MVP and Senior Consultant at Coretech AllianceCommentary
What will it take to align staff and budget to protect the organization?
By Jason Sandys Microsoft Enterprise Mobility MVP and Senior Consultant at Coretech Alliance, 7/18/2019
Comment1 Comment  |  Read  |  Post a Comment
MITRE ATT&CK Framework Not Just for the Big Guys
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers discover a third-party algorithm in multiple high-profile Bluetooth devices exposes users to third-party tracking and data access.
By Kelly Sheridan Staff Editor, Dark Reading, 7/17/2019
Comment1 Comment  |  Read  |  Post a Comment
800K Systems Still Vulnerable to BlueKeep
Jai Vijayan, Contributing WriterNews
Organizations with systems exploitable via the RDP flaw pose an increasing risk to themselves and other organizations, BitSight says.
By Jai Vijayan Contributing Writer, 7/17/2019
Comment0 comments  |  Read  |  Post a Comment
Sprint Reveals Account Breach via Samsung Website
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The last-June breach exposed data including names, phone numbers, and account numbers.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/17/2019
Comment1 Comment  |  Read  |  Post a Comment
A Password Management Report Card
Maxine Holt, Research Director, OvumCommentary
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
By Maxine Holt Research Director, Ovum, 7/17/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
In an Evil Internet Minute, £656,393 is Lost to Cybercrime, Reveals RiskIQ
Snyk Names New CEO
BehavioSec Strengthens Anti-Fraud Lead with Updated Authentication Platform
Kali NetHunter App Store Now in Public Beta
Perimeter 81 Launches Zero Trust Application Access
FireEye Expands Managed Defense MDR Services
Radware Expands Its Cloud Workload Protection Service to Include Crypto-Jacking Detection
Day Trader Pleads Guilty to Computer Hacking and Securities Fraud Scheme Targeting Online Brokerage Accounts
More Products & Releases
PR Newswire
sponsored by alkamai

The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.
The 'bring your own device' movement has put security pros on high alert for a new breed of predator who is on the hunt to find ways to exploit the ever-expanding attack surface.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Keep your eyes open! This area has been prone to WireShark attacks!
White Papers
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14230
PUBLISHED: 2019-07-21
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user ...
CVE-2019-14231
PUBLISHED: 2019-07-21
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/un...
CVE-2019-14207
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error).
CVE-2019-14208
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary.
CVE-2019-14209
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Flash Poll
Video
Slideshows
Twitter Feed