Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Data Privacy Protections for the Most Vulnerable Children
Dimitri Sirota, Founder & CEO of BigIDCommentary
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
By Dimitri Sirota Founder & CEO of BigID, 10/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Google Cloud Launches Security Health Analytics in Beta
Dark Reading Staff, Quick Hits
The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.
By Dark Reading Staff , 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Federal CIOs Zero In on Zero Trust
William Peteroy, Chief Technology Officer, Security, at GigamonCommentary
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
By William Peteroy Chief Technology Officer, Security, at Gigamon, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
More Breaches, Less Certainty Cause Dark Web Prices to Plateau
Robert Lemos, Contributing WriterNews
New research finds it's now less than $10 for full credit details on a consumer, $100 for a distributed denial-of-service attack, and $50 for access to a US bank account.
By Robert Lemos Contributing Writer, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
By Steve Zurier Contributing Writer, 10/11/2019
Comment1 Comment  |  Read  |  Post a Comment
FBI: Phishing Can Defeat Two-Factor Authentication
Dark Reading Staff, Quick Hits
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
By Dark Reading Staff , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
Close the Gap Between Cyber-Risk and Business Risk
Brian Contos, CISO & VP of Techology Innovation at VerodinCommentary
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
By By Brian Contos, CISO, Verodin , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
USB Drive Security Still Lags
Dark Reading Staff, Quick Hits
While USB drives are frequent pieces of business hardware, a new report says that one-third of US businesses have no policy governing their use.
By Dark Reading Staff , 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
How the Software-Defined Perimeter Is Redefining Access Control
Gilad Steinberg, Founder & CTO at Odo SecurityCommentary
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
By Gilad Steinberg Founder & CTO at Odo Security, 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
Utilities' Operational Networks Continue to Be Vulnerable
Robert Lemos, Contributing WriterNews
More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.
By Robert Lemos Contributing Writer, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
7 Considerations Before Adopting Security Standards
Steve Zurier, Contributing Writer
Here's what to think through as you prepare your organization for standards compliance.
By Steve Zurier Contributing Writer, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
10 Steps to Assess SOC Maturity in SMBs
Andrew Houshian, Associate Director of SOC and Attestation Services at A-LIGNCommentary
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
By Andrew Houshian Associate Director of SOC and Attestation Services at A-LIGN, 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
Complex Environments Cause Schools to Struggle for Passing Security Grade
Robert Lemos, Contributing WriterNews
As ransomware attacks surge against school systems, an analysis of 1,200 K-12 institutions in North America shows complex environments and conflicting security controls.
By Robert Lemos Contributing Writer, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercrime: AI's Growing Threat
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Cyberecurity incidents expected to rise by nearly 70% and cost $5 trillion annually by 2024.
By Marc Wilczek Digital Strategist & CIO Advisor, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
8 Ways Businesses Unknowingly Help Hackers
Kelly Sheridan, Staff Editor, Dark Reading
From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
By Kelly Sheridan Staff Editor, Dark Reading, 10/4/2019
Comment1 Comment  |  Read  |  Post a Comment
American Express Insider Breaches Cardholder Information
Dark Reading Staff, Quick Hits
The ex-employee accessed names, Social Security numbers, card numbers, and more in an attempt to commit fraud.
By Dark Reading Staff , 10/3/2019
Comment2 comments  |  Read  |  Post a Comment
Common Pitfalls of Security Monitoring
Aaron Sierra, Senior Security Architect at AlagenCommentary
We need technology, but we cant forget the importance of humans working methodically to make it effective.
By Aaron Sierra Senior Security Architect at Alagen, 10/3/2019
Comment0 comments  |  Read  |  Post a Comment
How FISMA Requirements Relate to Firmware Security
John Loucaides, Vice President, R&D, EclypsiumCommentary
Federal guidelines can help all organizations pragmatically and meaningfully improve their firmware security.
By John Loucaides Vice President, R&D, Eclypsium, 10/3/2019
Comment0 comments  |  Read  |  Post a Comment
Stalkerware on the Rise Globally
Dark Reading Staff, Quick Hits
Stalkware is being installed on more and more victims' devices, and the trend is only accelerating, according to a new report.
By Dark Reading Staff , 10/2/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16330
PUBLISHED: 2019-10-17
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.
CVE-2019-11253
PUBLISHED: 2019-10-17
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming una...
CVE-2019-14423
PUBLISHED: 2019-10-17
A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request.
CVE-2019-14424
PUBLISHED: 2019-10-17
A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request.
CVE-2019-15849
PUBLISHED: 2019-10-17
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system.