Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

7 SMB Security Tips That Will Keep Your Company Safe
8 Ways Businesses Unknowingly Help Hackers
7 Considerations Before Adopting Security Standards
Works of Art: Cybersecurity Inspires 6 Winning Ideas
Name That Toon: SOC Puppets
News & Commentary
Tor Weaponized to Steal Bitcoin
Dark Reading Staff, Quick Hits
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
By Dark Reading Staff , 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
In A Crowded Endpoint Security Market, Consolidation Is Underway
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
CenturyLink Customer Data Exposed
Dark Reading Staff, Quick Hits
Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
By Dark Reading Staff , 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Glitching: The Hardware Attack that can Disrupt Secure Software
Curtis Franklin Jr., Senior Editor at Dark Reading
Glitching (or fault-injection) attacks aren't easy (yet). But get ready, because as the IoT grows, these attacks will be a big reason that hardware security should be part of your cybersecurity planning.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
SOC Puppet: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Social engineering, SOC analysts, and Sock puns. And the winners are:
By Marilyn Cohodas Managing Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Older Amazon Devices Subject to Old Wi-Fi Vulnerability
Dark Reading Staff, Quick Hits
The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.
By Dark Reading Staff , 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Debug Feature in Web Dev Tool Exposed Trump Campaign Site, Others to Attack
Jai Vijayan, Contributing WriterNews
The problem is not with the tool itself but with how some developers and administrators are using it, Comparitech says.
By Jai Vijayan Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Phishing Campaign Targets Stripe Credentials, Financial Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
By Kelly Sheridan Staff Editor, Dark Reading, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
By Ericka Chickowski Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Debby Briggs, Chief Security Officer at NETSCOUTCommentary
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
By Debby Briggs Chief Security Officer at NETSCOUT, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Yahoo Breach Victims May Qualify for $358 Payout
Dark Reading Staff, Quick Hits
Pending approval of the settlement, affected account holders may be eligible for a payout or two years of free credit monitoring.
By Dark Reading Staff , 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Cozy Bear Emerges from Hibernation to Hack EU Ministries
Robert Lemos, Contributing WriterNews
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.
By Robert Lemos Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Protections for the Most Vulnerable Children
Dimitri Sirota, Founder & CEO of BigIDCommentary
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
By Dimitri Sirota Founder & CEO of BigID, 10/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Typosquatting Websites Proliferate in Run-up to US Elections
Jai Vijayan, Contributing WriterNews
People who mistype the URL for their political candidate or party's website could end up on an opposing party or candidate's website, Digital Shadow's research shows.
By Jai Vijayan Contributing Writer, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
How to Build a Rock-Solid Cybersecurity Culture
Joan Goodchild, Contributing Writer
In part one of this two-part series, we start with the basics getting everyone to understand what's at stake and then look at lessons from the trenches.
By Joan Goodchild Contributing Writer, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Advice From Betty White
Beyond the Edge, Dark Reading
Among the beloved entertainer's advice: "Double bag those passwords." Thanks, Betty.
By Beyond the Edge Dark Reading, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
Dark Reading Staff, Quick Hits
The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
By Dark Reading Staff , 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
James Plouffe, Lead Architect at MobileIronCommentary
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
By James Plouffe Lead Architect at MobileIron, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Launches Security Health Analytics in Beta
Dark Reading Staff, Quick Hits
The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.
By Dark Reading Staff , 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cryptojacking Worm Targets and Infects 2,000 Docker Hosts
Robert Lemos, Contributing WriterNews
Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.
By Robert Lemos Contributing Writer, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
edge
edge
In part one of this two-part series, we start with the basics -- getting everyone to understand what's at stake -- and then look at lessons from the trenches.
In an industry where certifications can make or break a job candidacy, which ones have security pros been going after in 2019?
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13545
PUBLISHED: 2019-10-18
In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.
CVE-2019-13541
PUBLISHED: 2019-10-18
In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.
CVE-2019-17367
PUBLISHED: 2019-10-18
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
CVE-2019-17393
PUBLISHED: 2019-10-18
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and pa...
CVE-2019-17526
PUBLISHED: 2019-10-18
** DISPUTED ** An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').pop...
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Flash Poll
Video
Slideshows
Twitter Feed