Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Malware Linked to Ryuk Targets Financial & Military Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
6 Questions to Ask Once Youve Learned of a Breach
Steve Zurier, Contributing Writer
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
By Steve Zurier Contributing Writer, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Taking a Fresh Look at Security Ops: 10 Tips
Joshua Goldfarb, Independent ConsultantCommentary
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
By Joshua Goldfarb Independent Consultant, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Escaping Email: Unlocking Message Security for SMS, WhatsApp
Curtis Franklin Jr., Senior Editor at Dark Reading
Messaging is growing in importance as dislike for email increases. That means knowing how to protect critical data in the messaging era is a must for IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Instagram Bug Put User Account Details, Phone Numbers at Risk
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, now patched, is the latest in a series of bad news for Facebook.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants
Dark Reading Staff, Quick Hits
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.
By Dark Reading Staff , 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Security Leaders Share Tips for Boardroom Chats
Kelly Sheridan, Staff Editor, Dark Reading
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
A Definitive Guide to Crowdsourced Vulnerability Management
David Baker, CSO & VP of Operations, BugcrowdCommentary
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
By David Baker CSO & VP of Operations, Bugcrowd, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
APIs Get Their Own Top 10 Security List
Robert Lemos, Contributing WriterNews
OWASP's new list of API weaknesses focuses on issues that have caused recent data breaches and pose common security hazards in modern cloud-based applications.
By Robert Lemos Contributing Writer, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
The Fight Against Synthetic Identity Fraud
Kathleen Peters, SVP & Head of Fraud & Identity, ExperianCommentary
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
By Kathleen Peters SVP & Head of Fraud & Identity, Experian, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Proposed Browser Security Guidelines Would Mean More Work for IT Teams
Chris Hickman, Chief Security Officer at KeyfactorCommentary
CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.
By Chris Hickman Chief Security Officer at Keyfactor, 9/11/2019
Comment0 comments  |  Read  |  Post a Comment
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff, Quick Hits
A new set of regulations converts the government ban on using Kaspersky products from a temporary rule to one that's permanent.
By Dark Reading Staff , 9/11/2019
Comment1 Comment  |  Read  |  Post a Comment
281 Arrested in International BEC Takedown
Kelly Sheridan, Staff Editor, Dark ReadingNews
Conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, the Department of Justice reports.
By Kelly Sheridan Staff Editor, Dark Reading, 9/11/2019
Comment0 comments  |  Read  |  Post a Comment
Firmware: A New Attack Vector Requiring Industry Leadership
Tony Surak, CMO, DataTribe & Board Member Attila Security, ReFirm LabsCommentary
It's time for cybersecurity manufacturers and solution providers to step up and show leadership in addressing firmware security. Read why and how.
By Tony Surak CMO, DataTribe & Board Member Attila Security, ReFirm Labs, 9/11/2019
Comment0 comments  |  Read  |  Post a Comment
Two Zero-Days Fixed in Microsoft Patch Rollout
Kelly Sheridan, Staff Editor, Dark ReadingNews
September's Patch Tuesday addressed 80 vulnerabilities, two of which have already been exploited in the wild.
By Kelly Sheridan Staff Editor, Dark Reading, 9/10/2019
Comment0 comments  |  Read  |  Post a Comment
Data Is the New Copper
Shuman Ghosemajumder, CTO, Shape SecurityCommentary
Data breaches fuel a complex cybercriminal ecosystem, similar to copper thefts after the financial crisis.
By Shuman Ghosemajumder CTO, Shape Security, 9/10/2019
Comment0 comments  |  Read  |  Post a Comment
US Power Grid Cyberattack Due to Unpatched Firewall: NERC
Dark Reading Staff, Quick Hits
A firewall vulnerability enabled attackers to repeatedly reboot the victim entity's firewalls, causing unexpected outages.
By Dark Reading Staff , 9/10/2019
Comment0 comments  |  Read  |  Post a Comment
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at ZscalerCommentary
Artificial intelligence is no substitute for common sense, and it works best in combination with conventional cybersecurity technology. Here are the basic requirements and best practices you need to know.
By Howie Xu Vice President of AI and Machine Learning at Zscaler, 9/10/2019
Comment2 comments  |  Read  |  Post a Comment
More Than 99% of Cyberattacks Need Victims' Help
Kelly Sheridan, Staff Editor, Dark ReadingNews
Research highlights how most criminals exploit human curiosity and trust to click, download, install, open, and send money or information.
By Kelly Sheridan Staff Editor, Dark Reading, 9/9/2019
Comment1 Comment  |  Read  |  Post a Comment
New Release Brings BlueKeep to Metasploit
Dark Reading Staff, Quick Hits
All organizations with Windows infrastructures should make sure their systems are patched to current versions, Rapid7 suggests.
By Dark Reading Staff , 9/9/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by kathleenrkeaton
Current Conversations Thank so much
In reply to: thank you somuch
Post Your Own Reply
More Conversations
PR Newswire
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14540
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16332
PUBLISHED: 2019-09-15
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16333
PUBLISHED: 2019-09-15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16334
PUBLISHED: 2019-09-15
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16335
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.