Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Page 1 / 3   >   >>
Boosting Security Effectiveness with 'Adjuvants'
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 5/17/2018
Comment4 comments  |  Read  |  Post a Comment
Electroneum Cryptomining Targets Microsoft IIS 6.0 Vulnerability
Andrey Shalnev, F5 Security ResearcherCommentary
New campaign shows that there are still systems exposed to the year-old CVE20177269 vuln on an operating system that was declared end-of-life three years ago.
By Andrey Shalnev F5 Security Researcher, 5/10/2018
Comment0 comments  |  Read  |  Post a Comment
4 Critical Applications and How to Protect Them
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Since critical apps are, well, critical, security teams must take preventive measures to keep attackers from exploiting their vulnerabilities.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
Europe and Asia Take on More DDoS Attacks
Sara Boddy, Principal Threat Research EvangelistCommentary
While North American targets have historically been on the receiving end of the majority of DDoS attacks since their inception, that trend changed in 2017.
By Sara Boddy Principal Threat Research Evangelist, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Researchers Discover Second rTorrent Vulnerability Campaign
Andrey Shalnev, F5 Security ResearcherCommentary
This time attackers appears to have spoofed the Recording Industry Association of America (RIAA) and New York University (NYU) user-agents.
By Andrey Shalnev F5 Security Researcher, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
How Attackers Can Exploit rTorrent with Monero Cryptocurrency Miner
Andrey Shalnev, F5 Security ResearcherCommentary
As cryptomining campaigns become more profitable, cybercriminals are becoming more creative about finding new ways to extend their operations.
By Andrey Shalnev F5 Security Researcher, 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Cryptomining: Fast-Becoming the Web's Most Profitable Attack Method
Travis Kreikemeier, F5 Systems EngineerCommentary
The ROI of 'cryptojacking' has never been higher, making bitcoin and other cryptocurrencies a more attractive target for cybercriminals. Here's why.
By Travis Kreikemeier F5 Systems Engineer, 4/5/2018
Comment0 comments  |  Read  |  Post a Comment
Deconstructing a Business Email Compromise Attack
David Holmes, World-Wide Security Evangelist, F5Commentary
How a tech-savvy New Jersey couple outwitted a German hacker group and saved their home and life savings.
By David Holmes World-Wide Security Evangelist, F5, 3/29/2018
Comment0 comments  |  Read  |  Post a Comment
Applications & Identities Initial Targets in 86% of Breaches: Report
Sara Boddy, Principal Threat Research EvangelistCommentary
The startling numbers of breached data are sobering: 11.8 billion records compromised in 337 of 433 incidents examined by F5 researchers. They include 10.3 billion usernames, passwords, and email accounts.
By Sara Boddy Principal Threat Research Evangelist, 3/22/2018
Comment0 comments  |  Read  |  Post a Comment
Journey to the Cloud: Overcoming Security Risks
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Lessons learned from a global consultancy's 10-year transition from on-premises to 99% cloud-based infrastructure.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 3/1/2018
Comment0 comments  |  Read  |  Post a Comment
Security Liability in an 'Assume Breach' World
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
The Mirai Botnet Is Attacking Again
David Holmes, World-Wide Security Evangelist, F5Commentary
And the spinoff bots and all their command and control hostnames buried in the morass of digital data are hilarious.
By David Holmes World-Wide Security Evangelist, F5, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
BrickerBot: Internet Vigilantism Ends Don't Justify the Means
Justin Shattuck, Principal Threat Research EvangelistCommentary
However noble the intention, obtaining unauthorized access to devices and making them unusable is illegal and undermines the work of ethical researchers.
By Justin Shattuck Principal Threat Research Evangelist, 2/8/2018
Comment1 Comment  |  Read  |  Post a Comment
Ramnit's Holiday Shopping Spree: Retailers & E-commerce
Doron Voolf, Malware Analyst, F5 Security Operations Center (SOC)Commentary
This past season, the authors of a traditional banking Trojan focused on what people do between Thanksgiving and New Year's Day: shop, eat, check their bank account, and entertain.
By Doron Voolf Malware Analyst, F5 Security Operations Center (SOC), 2/1/2018
Comment0 comments  |  Read  |  Post a Comment
Avoiding the Epidemic of Hospital Hacks
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 1/25/2018
Comment0 comments  |  Read  |  Post a Comment
The Startup Challenge: Safe in the Cloud from Day One
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
How a Seattle travel company built a rock-solid mobile app without sacrificing performance or security.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 1/18/2018
Comment0 comments  |  Read  |  Post a Comment
Why Facebook Security Questions Are no Substitute for MFA
Lori MacVittie, Commentary
If identity is established based on one thing you know and one thing you have, the latter should not also be a thing you know because in the sharing economy, we share everything.
By Lori MacVittie , 1/11/2018
Comment1 Comment  |  Read  |  Post a Comment
Be a More Effective CISO by Aligning Security to the Business
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/21/2017
Comment6 comments  |  Read  |  Post a Comment
Is a Good Offense the Best Defense Against Hackers?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
A proposed new law could make it legal for companies to hack back against attacker. But will it work?
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/14/2017
Comment0 comments  |  Read  |  Post a Comment
Why Third-Party Security Is your Security
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Managing third-party risk isn't just a good idea, in many cases, it's the law. This security framework can help you minimize the threat.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
Page 1 / 3   >   >>
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12855
PUBLISHED: 2019-06-16
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.