Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

2019 Pwnie Award Winners (And Those Who Wish They Weren't)
7 Online Safety Tips for College Students
8 Head-Turning Ransomware Attacks to Hit City Governments
Contest: Name That Toon
Moving on Up: Ready for Your Apps to Live in the Cloud?
News & Commentary
'Phoning Home': Your Latest Data Exfiltration Headache
Jeff Costlow, CISO, ExtraHopCommentary
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
By Jeff Costlow CISO, ExtraHop, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
7 Big Factors Putting Small Businesses At Risk
Kelly Sheridan, Staff Editor, Dark Reading
Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
How to Avoid Technical Debt in Open Source Projects
Kacy Zurkus, Contributing Writer
Engineering teams have only a certain amount of capacity. Cutting down the volume of rework inherent in the open source business model begins with three best practices.
By Kacy Zurkus Contributing Writer, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
CISOs Struggle with Diminishing Tools to Protect Assets from Growing Threats
Dark Reading Staff, Quick Hits
Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.
By Dark Reading Staff , 8/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Apple Misstep Leaves iPhones Open to Jailbreak
Jai Vijayan, Contributing WriterNews
Newest version of iOS contains a critical bug that the company had previously already patched.
By Jai Vijayan Contributing Writer, 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
Cyberthreats Against Financial Services Up 56%
Dark Reading Staff, Quick Hits
Financial institutions interacting with customers online must prepare for a broader, more sophisticated variety of threats.
By Dark Reading Staff , 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
Who Gets Privileged Access & How to Enforce It
Tim Keeler, Founder and CEO, RemediantCommentary
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
By Tim Keeler Founder and CEO, Remediant, 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
Visa Adds New Fraud Disruption Measures
Steve Zurier, Contributing WriterNews
Payment card giant creates a 'cyber fraud system' to thwart transaction abuse.
By Steve Zurier Contributing Writer, 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
5 Ways to Improve the Patching Process
Kacy Zurkus, Contributing Writer
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
By Kacy Zurkus Contributing Writer, 8/20/2019
Comment1 Comment  |  Read  |  Post a Comment
What Americans Think About Ransomware
Dark Reading Staff, Quick Hits
New Harris Poll survey says most will weigh candidates' cybersecurity positions.
By Dark Reading Staff , 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Instagram Added to Facebook Data-Abuse Bounty Program
Jai Vijayan, Contributing WriterNews
Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.
By Jai Vijayan Contributing Writer, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Towns Across Texas Hit in Coordinated Ransomware Attack
Robert Lemos, Contributing WriterNews
The state government and cybersecurity groups have mobilized to respond to a mass ransomware attack that simultaneously hit 22 different towns statewide.
By Robert Lemos Contributing Writer, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
VxWorks TCP/IP Stack Vulnerability Poses Major Manufacturing Risk
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new analysis shows the scale of risk posed by networking vulnerabilities in a popular embedded real-time operating system.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
US Chamber of Commerce, FICO Report National Risk Score of 688
Dark Reading Staff, Quick Hits
While the score was up for large businesses and down for small firms, the report urges all to prioritize third-party risk management.
By Dark Reading Staff , 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Tough Love: Debunking Myths about DevOps & Security
Jeff Williams, CTO, Contrast SecurityCommentary
It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.
By Jeff Williams CTO, Contrast Security, 8/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Modern Technology, Modern Mistakes
Kacy Zurkus, Contributing Writer
As employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk. And that leaves security teams having to defend an ever-expanding attack surface.
By Kacy Zurkus Contributing Writer, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Compliance Training? What Compliance Training?
Beyond the Edge, Dark Reading
Employees can run ... but they can't hide. Or can they?
By Beyond the Edge Dark Reading, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Google Analyzes Pilfered Password Reuse
Dark Reading Staff, Quick Hits
Password Checkup data shows some users still reuse their exposed passwords.
By Dark Reading Staff , 8/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
By Kelly Sheridan Staff Editor, Dark Reading, 8/16/2019
Comment1 Comment  |  Read  |  Post a Comment
European Central Bank Website Hit by Malware Attack
Dark Reading Staff, Quick Hits
The website was infected with malware that stole information on subscribers to a bank newsletter.
By Dark Reading Staff , 8/16/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
sponsored by

The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.

Engineering teams have only a certain amount of capacity. Cutting down the volume of rework inherent in the open source business model begins with three best practices.
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
As employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk. And that leaves security teams having to defend an ever-expanding attack surface.
Register for Dark Reading Newsletters
Cartoon Contest
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15296
PUBLISHED: 2019-08-21
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is ne...
CVE-2019-15292
PUBLISHED: 2019-08-21
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.
CVE-2019-15293
PUBLISHED: 2019-08-21
An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. There is a User Mode Write AV starting at IDE_ACDStd!IEP_ShowPlugInDialog+0x000000000023d060.
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Flash Poll
Video
Slideshows
Twitter Feed