Calculating Cloud Cost: 8 Factors to Watch
INsecurity Conference Seeks Security Pros to Speak on Best Practices
10 Lessons From an IoT Demo Lab
5 Ways to Better Use Data in Security
Properly Framing the Cost of a Data Breach
News & Commentary
Get Smart About Network Segmentation & Traffic Routing
Jack Hamm, Principal Information Security Engineer, Gigamon
Through a combination of intelligent segmentation and traffic routing to tools, you can gain much better visibility into your network. Here's how.
By Jack Hamm Principal Information Security Engineer, Gigamon, 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, CybereasonCommentary
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
By , 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
Actor Advertises Japanese PII on Chinese Underground
Kelly Sheridan, Staff Editor, Dark ReadingNews
The dataset contains 200 million rows of information stolen from websites across industries, likely via opportunistic access.
By Kelly Sheridan Staff Editor, Dark Reading, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff, Quick Hits
Using DDoS for hire services and possessing firearms as a felon combine to land a New Mexico man 15 years in federal prison.
By Dark Reading Staff , 5/18/2018
Comment2 comments  |  Read  |  Post a Comment
Syrian Electronic Army Members Indicted for Conspiracy
Dark Reading Staff, Quick Hits
Two men have been charged for their involvement in a plot to commit computer hacking as members of the Syrian Electronic Army.
By Dark Reading Staff , 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
How to Hang Up on Fraud
Patrick Cox, Chairman and CEO of TRUSTIDCommentary
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
By Patrick Cox Chairman and CEO of TRUSTID, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
New Research Seeks to Shorten Attack Dwell Time
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
It can take months for an organization to know they've been hacked. A new DARPA-funded project seeks to reduce that time to hours.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
Get Ready for 'WannaCry 2.0'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Another widespread worm attack is "inevitable," but spreading a different more lucrative or destructive payload, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Federal Jury Convicts Operator of Massive Counter-Antivirus Service
Jai Vijayan, Freelance writerNews
Scan4You helped thousands of criminals check if AV products could detect and block their malware tools.
By Jai Vijayan Freelance writer, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
The Risks of Remote Desktop Access Are Far from Remote
Matt Ahrens,  Security Team Leader at CoalitionCommentary
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
By Matt Ahrens Security Team Leader at Coalition, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Tanium's Valuation Reaches $5 Billion With New Investment
Dark Reading Staff, Quick Hits
Tanium has received a $175 million investment from TPG Growth.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
California Teen Arrested for Phishing Teachers to Change Grades
Dark Reading Staff, Quick Hits
The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Boosting Security Effectiveness with 'Adjuvants'
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
7 Tools for Stronger IoT Security, Visibility
Curtis Franklin Jr., Senior Editor at Dark Reading
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Frequency & Costs of DNS-Based Attacks Soar
Jai Vijayan, Freelance writerNews
The average cost of a DNS attack in the US has climbed 57% over the last year to $654,000 in 2018, a survey from EfficientIP shows.
By Jai Vijayan Freelance writer, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Newly Discovered Malware Targets Telegram Desktop
Kelly Sheridan, Staff Editor, Dark ReadingNews
Russian-speaking attacker behind new malware capable of lifting credentials, cookies, desktop cache, and key files.
By Kelly Sheridan Staff Editor, Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
FIDO Alliance Appoints Facebook to Board of Directors
Dark Reading Staff, Quick Hits
Facebook joins Google, Microsoft, Amazon, and Intel, all among major influential tech companies backing FIDO authentication.
By Dark Reading Staff , 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Hackers Stole Funds from Mexican Banks
Dark Reading Staff, Quick Hits
Attack targeted nation's bank payment system with shades of SWIFT heist.
By Dark Reading Staff , 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by lazyjones
Current Conversations "Security through obscurity"
In reply to: Caption
Post Your Own Reply
More Conversations
PR Newswire
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Get Smart About Network Segmentation & Traffic Routing
Through a combination of intelligent segmentation and traffic routing to tools, you can gain much better visibility into your network. Here's how. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
Dark Reading Security Pro Summit at Interop ITX 2018
Produced by the Dark Reading Team - The Security Pro Summit is an opportunity for IT security professionals to take a deeper dive into cyber security defense, learning from experts about advanced methods for detecting and responding to new threats.
Topics that will be discussed:
  • Improving Threat Analysis and Implement Threat Hunting Practices
  • Optimizing Vulnerability Detection & Remediation
  • Getting Better Performance From Your Security Operations Center
  • Plus, much more
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11311
PUBLISHED: 2018-05-20
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVE-2018-11319
PUBLISHED: 2018-05-20
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to ...
CVE-2018-11242
PUBLISHED: 2018-05-20
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-11315
PUBLISHED: 2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a ho...
CVE-2018-11239
PUBLISHED: 2018-05-19
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in ...
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Flash Poll
Video
Slideshows
Twitter Feed