Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

News & Commentary
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2019
Comment2 comments  |  Read  |  Post a Comment
Google to Replace Titan Security Keys Affected by Bluetooth Bug
Kelly Sheridan, Staff Editor, Dark ReadingNews
A misconfiguration in Bluetooth Titan Security Keys' pairing protocols could compromise users under specific circumstances.
By Kelly Sheridan Staff Editor, Dark Reading, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Executive Order Limits Certain Tech Sales, Hits Huawei Hard
Dark Reading Staff, Quick Hits
The executive order signed by President Trump bars the sale or installation of equipment seen to be controlled by hostile foreign governments and a threat to national security.
By Dark Reading Staff , 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cyber Workforce Exec Order: Right Question, Wrong Answer
Ryan Shaw, Co-Founder, BionicCommentary
Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.
By Ryan Shaw Co-Founder, Bionic, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Are Messing with Encryption Traffic to Evade Detection
Robert Lemos, Contributing WriterNews
Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year.
By Robert Lemos Contributing Writer, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Builds on Decentralized Identity Vision
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company elaborates on its plan to balance data control between businesses and consumers by giving more autonomy to individuals.
By Kelly Sheridan Staff Editor, Dark Reading, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Introducing the Digital Transformation Architect
Jordan Blake, VP of Products at BehavioSecCommentary
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
By Jordan Blake VP of Products at BehavioSec, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrustCommentary
The transition to Windows 10 doesn't need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.
By Kevin Alexandra Principal Solutions Engineer at BeyondTrust, 5/15/2019
Comment4 comments  |  Read  |  Post a Comment
Resolution Requires Cybersecurity Training for Members of Congress
Dark Reading Staff, Quick Hits
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
By Dark Reading Staff , 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.
By Kelly Sheridan Staff Editor, Dark Reading, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Missing in Action: Cybersecurity Professionals
Andrea Fumagalli, Vice President of Engineering, DFLabsCommentary
Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.
By Andrea Fumagalli Vice President of Engineering, DFLabs, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Why AI Will Create Far More Jobs Than It Replaces
John DiLullo, CEO, LastlineCommentary
Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats.
By John DiLullo CEO, Lastline, 5/14/2019
Comment2 comments  |  Read  |  Post a Comment
78% of Consumers Say Online Companies Must Protect Their Info
Steve Zurier, Contributing WriterNews
Yet 68% agree they also must do more to protect their own information.
By Steve Zurier Contributing Writer, 5/13/2019
Comment1 Comment  |  Read  |  Post a Comment
How Open Testing Standards Can Improve Security
Timothy Winters, Sr. Manager, UNH InterOperability LaboratoryCommentary
When creating security metrics, it's critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.
By Timothy Winters Sr. Manager, UNH InterOperability Laboratory, 5/13/2019
Comment0 comments  |  Read  |  Post a Comment
Open Security Tests Gain Momentum With More Lab Partners
Robert Lemos, Contributing WriterNews
NetSecOPEN, a group of next-generation firewall vendors, has added the first university-based testing facility in its effort to move toward more open security testing.
By Robert Lemos Contributing Writer, 5/3/2019
Comment0 comments  |  Read  |  Post a Comment
Security Doesn't Trust IT and IT Doesn't Trust Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
How a rocky relationship between IT operations and cybersecurity teams can compound security risks.
By Kelly Sheridan Staff Editor, Dark Reading, 5/2/2019
Comment2 comments  |  Read  |  Post a Comment
Facebook, Instagram Are Phishers' Favorite Social Platforms
Dark Reading Staff, Quick Hits
Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019.
By Dark Reading Staff , 5/2/2019
Comment1 Comment  |  Read  |  Post a Comment
World Password Day or Groundhog Day?
Stephen Cox, VP & CSA, SecureAuthCommentary
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
By Stephen Cox VP & CSA, SecureAuth, 5/2/2019
Comment2 comments  |  Read  |  Post a Comment
Staffing the Software Security Team: Who You Gonna Call?
Steve Lipner, Executive Director, SAFECodeCommentary
Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here's why.
By Steve Lipner Executive Director, SAFECode, 5/1/2019
Comment0 comments  |  Read  |  Post a Comment
Digital Transformation Exposes Operational Technology & Critical Infrastructure
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The convergence of OT and IP-based IT networks makes society more vulnerable, requiring CISOs to rethink defense.
By Marc Wilczek Digital Strategist & CIO Advisor, 5/1/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Artist Uses Malware in Installation
Dark Reading Staff 5/17/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12198
PUBLISHED: 2019-05-20
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
CVE-2019-12185
PUBLISHED: 2019-05-20
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web r...
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.