Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

News & Commentary
Malware Linked to Ryuk Targets Financial & Military Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Instagram Bug Put User Account Details, Phone Numbers at Risk
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, now patched, is the latest in a series of bad news for Facebook.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants
Dark Reading Staff, Quick Hits
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.
By Dark Reading Staff , 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Security Leaders Share Tips for Boardroom Chats
Kelly Sheridan, Staff Editor, Dark Reading
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
281 Arrested in International BEC Takedown
Kelly Sheridan, Staff Editor, Dark ReadingNews
Conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, the Department of Justice reports.
By Kelly Sheridan Staff Editor, Dark Reading, 9/11/2019
Comment0 comments  |  Read  |  Post a Comment
Two Zero-Days Fixed in Microsoft Patch Rollout
Kelly Sheridan, Staff Editor, Dark ReadingNews
September's Patch Tuesday addressed 80 vulnerabilities, two of which have already been exploited in the wild.
By Kelly Sheridan Staff Editor, Dark Reading, 9/10/2019
Comment0 comments  |  Read  |  Post a Comment
US Power Grid Cyberattack Due to Unpatched Firewall: NERC
Dark Reading Staff, Quick Hits
A firewall vulnerability enabled attackers to repeatedly reboot the victim entity's firewalls, causing unexpected outages.
By Dark Reading Staff , 9/10/2019
Comment0 comments  |  Read  |  Post a Comment
More Than 99% of Cyberattacks Need Victims' Help
Kelly Sheridan, Staff Editor, Dark ReadingNews
Research highlights how most criminals exploit human curiosity and trust to click, download, install, open, and send money or information.
By Kelly Sheridan Staff Editor, Dark Reading, 9/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Crimeware: How Criminals Built a Business to Target Businesses
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report investigates the evolution of crimeware, how businesses underestimate the threat, and why they should be concerned.
By Kelly Sheridan Staff Editor, Dark Reading, 9/5/2019
Comment1 Comment  |  Read  |  Post a Comment
Phishing Campaign Uses SharePoint to Slip Past Defenses
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals targeting financial institutions in the UK bypassed Symantec email gateway and other perimeter technologies.
By Kelly Sheridan Staff Editor, Dark Reading, 9/4/2019
Comment2 comments  |  Read  |  Post a Comment
Back to School? 'Not So Fast,' Cybercriminals Say
Dark Reading Staff, Quick Hits
A New York State school district was forced to delay the start of its school year when ransomware struck.
By Dark Reading Staff , 9/4/2019
Comment0 comments  |  Read  |  Post a Comment
An Inside Look at How CISOs Prioritize Budgets & Evaluate Vendors
John Brennan, Partner at YL VenturesCommentary
In-depth interviews with four market-leading CISOs reveal how they prioritize budgets, measure ROI on security investments, and evaluate new vendors.
By John Brennan Partner at YL Ventures, 9/4/2019
Comment0 comments  |  Read  |  Post a Comment
Cartoon Contest: Bedtime Stories
John Klossner, Cartoonist
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
By John Klossner Cartoonist, 9/4/2019
Comment10 comments  |  Read  |  Post a Comment
A Tale of Two Buzzwords: 'Automated' and 'Autonomous' Solutions Aren't the Same Thing
Scott Totman, VP of Engineering, DivvyCloudCommentary
Enterprises must learn the difference between the two and the appropriate use cases for each.
By Scott Totman VP of Engineering, DivvyCloud, 9/4/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Impersonate Chief Exec's Voice with AI Software
Dark Reading Staff, Quick Hits
Scammers leveraged artificial intelligence software to mimic the voice of a chief executive and successfully request $243,000.
By Dark Reading Staff , 9/3/2019
Comment0 comments  |  Read  |  Post a Comment
Multicloud Businesses Face Higher Breach Risk
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report finds 52% of multicloud environments have suffered a breach within the past year, compared with 24% of hybrid cloud users.
By Kelly Sheridan Staff Editor, Dark Reading, 9/3/2019
Comment0 comments  |  Read  |  Post a Comment
Google Uncovers Massive iPhone Attack Campaign
Kelly Sheridan, Staff Editor, Dark ReadingNews
A group of hacked websites has been silently compromising fully patched iPhones for at least two years, Project Zero reports.
By Kelly Sheridan Staff Editor, Dark Reading, 8/30/2019
Comment0 comments  |  Read  |  Post a Comment
To Navigate a Sea of Cybersecurity Solutions, Learn How to Fish
Ori Eisen, Founder & CEO at TrusonaCommentary
Three steps for relieving the pressure of picking the right tools.
By Ori Eisen Founder & CEO at Trusona, 8/30/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Releases Beta of Managed Service to Microsoft AD
Dark Reading Staff, Quick Hits
Managed Service for Microsoft Active Directory was built to help admins handle cloud-based workloads.
By Dark Reading Staff , 8/29/2019
Comment0 comments  |  Read  |  Post a Comment
Malware Found in Android App with 100M Users
Dark Reading Staff, Quick Hits
CamScanner, a legitimate app used to scan and manage documents, was found executing payloads on Android devices.
By Dark Reading Staff , 8/28/2019
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by lboettger537
Current Conversations Don't let the (bed) bugs byte.
In reply to: Bugs
Post Your Own Reply
More Conversations
PR Newswire
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16317
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerabi...
CVE-2019-16318
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
CVE-2019-16307
PUBLISHED: 2019-09-14
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKe...
CVE-2019-16294
PUBLISHED: 2019-09-14
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVE-2019-16309
PUBLISHED: 2019-09-14
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.