Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Ransomware Strikes 49 School Districts & Colleges in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Dark Reading Staff, Quick Hits
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
By Dark Reading Staff , 9/20/2019
Comment1 Comment  |  Read  |  Post a Comment
A Safer IoT Future Must Be a Joint Effort
Sivan Rauscher, CEO & Co-Founder, SAM Seamless NetworkCommentary
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
By Sivan Rauscher CEO & Co-Founder, SAM Seamless Network, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
Metasploit Creator HD Moore's Latest Hack: IT Assets
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Moore has built a network asset discovery tool that wasn't intended to be a pure security tool, but it addresses a glaring security problem.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
California's IoT Security Law Causing Confusion
Robert Lemos, Contributing WriterNews
The law, which goes into effect January 1, requires manufacturers to equip devices with 'reasonable security feature(s).' What that entails is still an open question.
By Robert Lemos Contributing Writer, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
BSIMM10 Emphasizes DevOps' Role in Software Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Deconstructing an iPhone Spearphishing Attack
Marc Rogers, Executive Director of Cybersecurity, OktaCommentary
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
By Marc Rogers Executive Director of Cybersecurity, Okta, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Ping Identity Prices IPO at $15 per Share
Dark Reading Staff, Quick Hits
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
By Dark Reading Staff , 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
Crowdsourced Security & the Gig Economy
Alex Haynes, Chief Information Security Officer, CDLCommentary
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
By Alex Haynes Chief Information Security Officer, CDL, 9/19/2019
Comment0 comments  |  Read  |  Post a Comment
How Cybercriminals Exploit Simple Human Mistakes
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
DevSecOps: Recreating Cybersecurity Culture
Steve Martino, Senior Vice President, Chief Information Security Officer, CiscoCommentary
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
By Steve Martino Senior Vice President, Chief Information Security Officer, Cisco, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
New Security Startup Emerges from Stealth Mode
Dark Reading Staff, Quick Hits
GK8 creates proprietary platform for securing blockchain transactions, no Internet needed.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
One Arrested in Ecuador's Mega Data Leak
Dark Reading Staff, Quick Hits
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
24.3M Unsecured Health Records Expose Patient Data, Images
Dark Reading Staff, Quick Hits
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Ransomware Criminals Turn Friends into Enemies
Chester Wisniewski, Principal Research Scientist, SophosCommentary
Managed service providers are the latest pawns in ransomware's game of chess.
By Chester Wisniewski Principal Research Scientist, Sophos, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark ReadingNews
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2019
Comment1 Comment  |  Read  |  Post a Comment
15K Private Webcams Could Let Attackers View Homes, Businesses
Dark Reading Staff, Quick Hits
Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.
By Dark Reading Staff , 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Impersonation Fraud Still Effective in Obtaining Code Signatures
Robert Lemos, Contributing WriterNews
Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature.
By Robert Lemos Contributing Writer, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Jim Gordon, GM, Ecosystem Strategy & Business Development, Intel Platform Security DivisionCommentary
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
By Jim Gordon GM, Ecosystem Strategy & Business Development, Intel Platform Security Division, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Oracle Expands Cloud Security Services at OpenWorld 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company broadens its portfolio with new services developed to centralize and automate cloud security.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16669
PUBLISHED: 2019-09-21
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
CVE-2019-16656
PUBLISHED: 2019-09-21
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
CVE-2019-16657
PUBLISHED: 2019-09-21
TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.
CVE-2019-16658
PUBLISHED: 2019-09-21
TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.
CVE-2019-16659
PUBLISHED: 2019-09-21
TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.