Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

News & Commentary
5 Cybersecurity CISO Priorities for the Future
Paul Shomo, Cybersecurity AnalystCommentary
Seven chief information security officers share their pain points and two-year spending plans.
By Paul Shomo Cybersecurity Analyst, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Dark Reading Staff, Quick Hits
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
By Dark Reading Staff , 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
The Ripple Effect of Data Breaches: How Damage Spreads
Kelly Sheridan, Staff Editor, Dark ReadingNews
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.
By Kelly Sheridan Staff Editor, Dark Reading, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches IE Zero-Day Among 74 Vulnerabilities
Kelly Sheridan, Staff Editor, Dark ReadingNews
The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer.
By Kelly Sheridan Staff Editor, Dark Reading, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Find New Approach to Attacking Cloud Infrastructure
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
By Kelly Sheridan Staff Editor, Dark Reading, 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
Joker's Stash Puts $130M Price Tag on Credit Card Database
Dark Reading Staff, Quick Hits
A new analysis advises security teams on what they should know about the underground payment card seller.
By Dark Reading Staff , 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
TA542 Brings Back Emotet with Late September Spike
Kelly Sheridan, Staff Editor, Dark ReadingNews
Overall volumes of banking Trojans and RATs increased during the third quarter, when Emotet was suspiciously absent until mid-September.
By Kelly Sheridan Staff Editor, Dark Reading, 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
PayPal Upsets Microsoft as Phishers' Favorite Brand
Dark Reading Staff, Quick Hits
Several factors edged the world's most popular payment service into the top spot.
By Dark Reading Staff , 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike Adds New Products & Web Store Apps
Dark Reading Staff, Quick Hits
Company introduces Falcon for AWS, Falcon Firewall Management, and third-party applications.
By Dark Reading Staff , 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Google Launches OpenTitan Project to Open Source Chip Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
OpenTitan is an open source collaboration among Google and technology companies to strengthen root-of-trust chip design.
By Kelly Sheridan Staff Editor, Dark Reading, 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Proofpoint Acquires ObserveIT to Bolster DLP Capabilities
Dark Reading Staff, Quick Hits
The $225 million acquisition will help Proofpoint expand its data loss prevention capabilities with email, CASB, and data at rest.
By Dark Reading Staff , 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tools Focus on Insider Risk, Data Protection at Ignite 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
New tools and updates aimed at addressing ongoing challenges with insider threats and sensitive data classification.
By Kelly Sheridan Staff Editor, Dark Reading, 11/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Sumo Logic Buys JASK Labs to Tackle SOC Challenges
Dark Reading Staff, Quick Hits
Sumo Logic plans to integrate JASK's autonomous security operations center software into a new intelligence tool.
By Dark Reading Staff , 11/4/2019
Comment0 comments  |  Read  |  Post a Comment
Details of Attack on Electric Utility Emerge
Dark Reading Staff, Quick Hits
The March 5 DDoS attack interrupted communications between generating facilities and the electrical grid in three western states.
By Dark Reading Staff , 11/1/2019
Comment0 comments  |  Read  |  Post a Comment
32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.
By Kelly Sheridan Staff Editor, Dark Reading, 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
New Office 365 Phishing Scam Leaves A Voicemail
Dark Reading Staff, Quick Hits
A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials.
By Dark Reading Staff , 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
As Phishing Kits Evolve, Their Lifespans Shorten
Kelly Sheridan, Staff Editor, Dark ReadingNews
Most phishing kits last less than 20 days, a sign defenders are keeping up in the race against cybercrime.
By Kelly Sheridan Staff Editor, Dark Reading, 10/30/2019
Comment0 comments  |  Read  |  Post a Comment
Security Pros Fear Insider Attacks Stem from Cloud Apps
Dark Reading Staff, Quick Hits
More than half of security practitioners surveyed say insider attack detection has grown more difficult since migrating to cloud.
By Dark Reading Staff , 10/30/2019
Comment0 comments  |  Read  |  Post a Comment
Old RAT, New Moves: Adwind Hides in Java Commands to Target Windows
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Adwind remote access Trojan conceals malicious activity in Java commands to slip past threat intelligence tools and steal user data.
By Kelly Sheridan Staff Editor, Dark Reading, 10/29/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Adds New Security Management Tools to G Suite
Dark Reading Staff, Quick Hits
Desktop devices that log into G Suite will have device management enabled by default, streamlining processes for IT admins.
By Dark Reading Staff , 10/29/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19040
PUBLISHED: 2019-11-17
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
CVE-2019-19041
PUBLISHED: 2019-11-17
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.