Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
What Americans Think About Ransomware
Dark Reading Staff, Quick Hits
New Harris Poll survey says most will weigh candidates' cybersecurity positions.
By Dark Reading Staff , 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
VxWorks TCP/IP Stack Vulnerability Poses Major Manufacturing Risk
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new analysis shows the scale of risk posed by networking vulnerabilities in a popular embedded real-time operating system.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
US Chamber of Commerce, FICO Report National Risk Score of 688
Dark Reading Staff, Quick Hits
While the score was up for large businesses and down for small firms, the report urges all to prioritize third-party risk management.
By Dark Reading Staff , 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Tough Love: Debunking Myths about DevOps & Security
Jeff Williams, CTO, Contrast SecurityCommentary
It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.
By Jeff Williams CTO, Contrast Security, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Modern Technology, Modern Mistakes
Kacy Zurkus, Contributing Writer
As employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk. And that leaves security teams having to defend an ever-expanding attack surface.
By Kacy Zurkus Contributing Writer, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Compliance Training? What Compliance Training?
Beyond the Edge, Dark Reading
Employees can run ... but they can't hide. Or can they?
By Beyond the Edge Dark Reading, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
Google Analyzes Pilfered Password Reuse
Dark Reading Staff, Quick Hits
Password Checkup data shows some users still reuse their exposed passwords.
By Dark Reading Staff , 8/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
By Kelly Sheridan Staff Editor, Dark Reading, 8/16/2019
Comment1 Comment  |  Read  |  Post a Comment
NSA Researchers Talk Development, Release of Ghidra SRE Tool
Kelly Sheridan, Staff Editor, Dark ReadingNews
NSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework.
By Kelly Sheridan Staff Editor, Dark Reading, 8/15/2019
Comment0 comments  |  Read  |  Post a Comment
68% of Companies Say Red Teaming Beats Blue Teaming
Dark Reading Staff, Quick Hits
The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows.
By Dark Reading Staff , 8/15/2019
Comment0 comments  |  Read  |  Post a Comment
5 Things to Know About Cyber Insurance
Joan Goodchild, Contributing Writer
More businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy.
By Joan Goodchild Contributing Writer, 8/15/2019
Comment3 comments  |  Read  |  Post a Comment
Financial Phishing Grows in Volume and Sophistication in First Half of 2019
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Criminals are using the tools intended to protect consumers to attack them through techniques that are becoming more successful with each passing month.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/14/2019
Comment0 comments  |  Read  |  Post a Comment
Stronger Defenses Force Cybercriminals to Rethink Strategy
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers see the rise of new relationships and attack techniques as criminals put companies' resilience to the test.
By Kelly Sheridan Staff Editor, Dark Reading, 8/14/2019
Comment0 comments  |  Read  |  Post a Comment
BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints
Dark Reading Staff, Quick Hits
Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.
By Dark Reading Staff , 8/14/2019
Comment1 Comment  |  Read  |  Post a Comment
Does Personality Make You Vulnerable to Cybercrime?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new study explores the connections between personality traits and susceptibility to different cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark ReadingNews
Similar to the now-patched 'BlueKeep' vulnerability, two flaws fixed today could let malware spread across vulnerable computers.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2019
Comment3 comments  |  Read  |  Post a Comment
700K Guest Records Stolen in Choice Hotels Breach
Dark Reading Staff, Quick Hits
Cybercriminals reportedly stole the information from an exposed MongoDB database on a third-party server.
By Dark Reading Staff , 8/13/2019
Comment2 comments  |  Read  |  Post a Comment
History Doesn't Repeat Itself in Cyberspace
Nick Jovanovic, VP, Federal, for Cloud Protection and Licensing Activity at ThalesCommentary
The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape.
By Nick Jovanovic VP, Federal, for Cloud Protection and Licensing Activity at Thales, 8/13/2019
Comment0 comments  |  Read  |  Post a Comment
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
Jai Vijayan, Contributing Writer
This year's round-up includes awards into two new categories: most under-hyped research and epic achievement.
By Jai Vijayan Contributing Writer, 8/13/2019
Comment0 comments  |  Read  |  Post a Comment
FBI Plans to Monitor Social Media May Spark Privacy Issues
Dark Reading Staff, Quick Hits
A new initiative to pull data from social media platforms may clash with policies prohibiting the use of information for mass surveillance.
By Dark Reading Staff , 8/12/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by PajamaSam
Current Conversations Walk!
In reply to: Name That Toon: Beat the Heat
Post Your Own Reply
More Conversations
PR Newswire
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15237
PUBLISHED: 2019-08-20
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
CVE-2019-15228
PUBLISHED: 2019-08-20
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.
CVE-2019-15229
PUBLISHED: 2019-08-20
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
CVE-2019-15231
PUBLISHED: 2019-08-20
Webmin 1.890, in a default installation, contains a backdoor that allows an unauthenticated attacker to remotely execute commands. This is different from CVE-2019-15107. NOTE: as of 2019-08-19, the vendor reports that "at some point" malicious code was inserted into their build infrastruct...
CVE-2019-15232
PUBLISHED: 2019-08-20
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.