Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

7 SMB Security Tips That Will Keep Your Company Safe

8 Ways Businesses Unknowingly Help Hackers

7 Considerations Before Adopting Security Standards

Works of Art: Cybersecurity Inspires 6 Winning Ideas

Top Stories

7 SMB Security Tips That Will Keep Your ...

8 Ways Businesses Unknowingly Help Hackers

7 Considerations Before Adopting Security ...

Works of Art: Cybersecurity Inspires 6 ...

Name That Toon: SOC Puppets

News & Commentary

About 50% of Apps Are Accruing Unaddressed Vulnerabilities

News

In rush to fix newly discovered security issues, developers are neglecting to address older ones, Veracode study finds.

By Jai Vijayan Contributing Writer, 10/22/2019

0 comments | Read | Post a Comment

Alliance Forms to Focus on Securing Operational Technology

News

While mainly made up of vendors, the Operational Technology Cyber Security Alliance aims to offer security best practices for infrastructure operators and industrial partners.

By Robert Lemos Contributing Writer, 10/22/2019

0 comments | Read | Post a Comment

FIDO-Based Authentication Arrives for Smartwatches

Kelly Sheridan, Staff Editor, Dark Reading

News

The Nok Nok App SDK for Smart Watch is designed to let businesses implement FIDO-based authentication on smartwatches.

By Kelly Sheridan Staff Editor, Dark Reading, 10/22/2019

0 comments | Read | Post a Comment

The AI (R)evolution: Why Humans Will Always Have a Place in the SOC

Celeste Fralick, Chief Data Scientist & Senior Principal Engineer, McAfee

Commentary

In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.

By Celeste Fralick Chief Data Scientist & Senior Principal Engineer, McAfee, 10/22/2019

0 comments | Read | Post a Comment

NordVPN Breached Via Data Center Provider's Error

Quick Hits

The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.

By Dark Reading Staff , 10/22/2019

0 comments | Read | Post a Comment

Autoclerk Database Spills 179GB of Customer, US Government Data

Quick Hits

An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.

By Dark Reading Staff , 10/22/2019

0 comments | Read | Post a Comment

Keeping Too Many Cooks out of the Security Kitchen

Commentary

A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.

By Joshua Goldfarb Independent Consultant, 10/22/2019

0 comments | Read | Post a Comment

Bugcrowd Enters the IT Asset Discovery Business

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

New service searches for errant or vulnerable devices on the Internet.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/22/2019

0 comments | Read | Post a Comment

How Much Security Is Enough? Practitioners Weigh In

News

Most IT and security pros surveyed say they could afford some, but not all, of the minimum security needed to protect themselves.

By Kelly Sheridan Staff Editor, Dark Reading, 10/22/2019

0 comments | Read | Post a Comment

Russian Hackers Using Iranian APT's Infrastructure in Widespread Attacks

News

New advisory from the UK's NCSC and the NSA throws fresh light on activity first revealed by Symantec in June.

By Jai Vijayan Contributing Writer, 10/21/2019

0 comments | Read | Post a Comment

Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs

News

Partnerships with Intel, Qualcomm, and AMD will bring a new layer of device security that alters the boot process to detect firmware compromise.

By Kelly Sheridan Staff Editor, Dark Reading, 10/21/2019

0 comments | Read | Post a Comment

Avast Foils Another CCleaner Attack

News

'Abiss' attackers used an older VPN profile to get into Avast's network and targeted its CCleaner utility.

By Robert Lemos Contributing Writer, 10/21/2019

0 comments | Read | Post a Comment

Researchers Turn Alexa and Google Home Into Credential Thieves

Quick Hits

Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.

By Dark Reading Staff , 10/21/2019

0 comments | Read | Post a Comment

Trend Micro Buys Cloud Conformity to Fight Cloud Competition

Quick Hits

The cloud security posture management startup was acquired for a reported $70 million.

By Dark Reading Staff , 10/21/2019

0 comments | Read | Post a Comment

SOC Operations: 6 Vital Lessons & Pitfalls

Todd Thiemann, Director, Arctic Wolf Networks

Commentary

There is no one road to security operations success, but these guidelines will smooth your path.

By Todd Thiemann Director, Arctic Wolf Networks, 10/21/2019

0 comments | Read | Post a Comment

Surviving Security Alert Fatigue: 7 Tools and Techniques

Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load.

By Kelly Sheridan Staff Editor, Dark Reading, 10/21/2019

0 comments | Read | Post a Comment

Turning Vision to Reality: A New Road Map for Security Leadership

Among the takeaways from a Gartner Symposium/Xpo session: who should be accountable for data security, why security groups should stop thinking of themselves as protectors, and the consequence of locking down 'dumb' users.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/21/2019

0 comments | Read | Post a Comment

Tor Weaponized to Steal Bitcoin

Quick Hits

A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.

By Dark Reading Staff , 10/18/2019

3 comments | Read | Post a Comment

Latest Comment: Dr.T, "According to the researchers, the bitcoin-stealing campaign has been active...

In a Crowded Endpoint Security Market, Consolidation Is Underway

News

Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.

By Kelly Sheridan Staff Editor, Dark Reading, 10/18/2019

0 comments | Read | Post a Comment

CenturyLink Customer Data Exposed

Quick Hits

Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.

By Dark Reading Staff , 10/18/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by Dr.T

"According to the researchers, the bitcoin-stealing campaign has been active and unnoticed for years. " This has been covered very well up to this point obviously, I wonder how did Researches noticed it. ...

In reply to: bitcoin
Post Your Own Reply

Posted by Dr.T

"The campaign, aimed at a Russian-speaking audience, uses a number of steps to convince users to install a weaponized version of Tor masquerading as the official Russian-language version of the browser. " It is really interesting...

In reply to: campaign
Post Your Own Reply

Posted by stemarsh

I think the key point about the questionnaires is not the questionnaires themselves but is instead the following bullet that advises on use of technology to check and enforce that things are happening as they should. This...

In reply to: Re: Assessing Third Party Risk
Post Your Own Reply

Posted by FLYING J3

If your a contractor with the DOD they are going to be requiring you to have a Cybersecurity Maturity Model Certification sometime in 2020. Because they are forcing this, Cybersecurity is going to be an alowable cost on...

In reply to: Re: cyber risk change hits small biz
Post Your Own Reply

Posted by blackjack0021

As long as Security expense is optional then most SMB can't afford to add it. The market doesn't let them charge more if they do, and competitors will always run the risk or cut corners and costs. As Bruce Schneir points...

In reply to: cyber risk change hits small biz
Post Your Own Reply

Posted by jeenajohn

Took me time to understand all of the comments, but I seriously enjoyed the write-up. It proved being really helpful to me and Im positive to all of the commenters right here! Its constantly nice when you can not only be...

In reply to: games birthday party kids
Post Your Own Reply

Posted by slotnetwork

very nice blog

In reply to: Slots Network
Post Your Own Reply

Posted by DavidCarrillo

Data plays an important role in the progress of any business. Sometimes some data are needed to keep private for the proper functioning of the process and the work. There re many problems associated with the processing of...

In reply to: Re: Also schools
Post Your Own Reply

Posted by Marilyn Cohodas

Check outthe latest from Dark Reading cartoonist John Klossner!

In reply to: Funny cartoon!
Post Your Own Reply

Posted by WarnR

Sadly, it's not just companies that need to change their focus to protect children but also schools. Schools will bypass getting parents consent by allowing companies, like Google (Google Classroom) or DoJo, to be "School...

In reply to: Also schools
Post Your Own Reply

Posted by Crypt0L0cker

Kind of surprised, I was pretty sure that this is Chinese hacker group... What are the names of those underground forums, which are talked about in the article?

In reply to: Sodinokibi Ransomware: Where Attackers' Money Goes">RE:Sodinokibi Ransomware: Where Attackers' Money Goes
Post Your Own Reply

Posted by jevans1230

The old using of sock puppets for Shoulder Surfing technique.

In reply to: Shoulder Surfing
Post Your Own Reply

More Conversations

Products & Releases

Splunk Mission Control Takes Off

Claroty Appoints Thorsten Freitag as Chief Executive Officer

Resecurity Forms Team to Deliver In-Depth Analysis of Data Inside Context™ Platform

Akamai Edge Platform Increases Security Protections For Content, Sites, Apps

ThreatConnect Wins SOAR Platform of the Year Award in 2019 CyberSecurity Breakthrough Awards

Forcepoint Delivers Global Security Cloud Offering

Forescout Delivers Impact-Based Security Risk Assessment Tool for Industrial Control System and Operational Technology Networks

Deloitte Consumer Privacy in Retail Survey: The Next Regulatory and Competitive Frontier

More Products & Releases

PR Newswire

Surviving Security Alert Fatigue: 7 Tools and Techniques

Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load.

Turning Vision to Reality: A New Road Map for Security Leadership

How to Build a Rock-Solid Cybersecurity Culture

In part one of this two-part series, we start with the basics -- getting everyone to understand what's at stake -- and then look at lessons from the trenches.

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

More Informa Tech Live Events

Cartoon

Latest Comment: Check outthe latest from Dark Reading cartoonist John Klossner!

Cartoon Archive

White Papers

The 2019 Security Buyer's Guide

IDC Workbook: Cloud Security Roadmap

9 Ways Cybercriminals Disrupt Business Operations

7 Experts Discuss Evaluating MSSPs

Threat Intelligence Platforms: Everything You Want to Know, But Didn't Know to Ask

More White Papers

Current Issue

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2015-9501
PUBLISHED: 2019-10-22

The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.

CVE-2019-16971
PUBLISHED: 2019-10-22

In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.

CVE-2019-16972
PUBLISHED: 2019-10-22

In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.

CVE-2019-16973
PUBLISHED: 2019-10-22

In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.

CVE-2015-9496
PUBLISHED: 2019-10-22

The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.

Reports

2019 Online Malware and Threats

As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?

Download Now!

The State of IT Operations and Cybersecurity Operations

0 comments

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

More Reports

Flash Poll

All Polls

Video