Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Holiday Security Tips for Retailers
2018 Hacker Kids Gift Guide
Cloud, China, Generic Malware Top Security Concerns for 2019
Understanding Evil Twin AP Attacks and How to Prevent Them
Getting to Know Magecart: An Inside Look at 7 Groups
News & Commentary
Mirai Evolves From IoT Devices to Linux Servers
Jai Vijayan, Freelance writerNews
Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers.
By Jai Vijayan Freelance writer, 11/21/2018
Comment0 comments  |  Read  |  Post a Comment
Amazon Low-Key Reveals Breach of Some Customer Data
Dark Reading Staff, Quick Hits
'Technical error' exposed names and email addresses.
By Dark Reading Staff , 11/21/2018
Comment0 comments  |  Read  |  Post a Comment
To Stockpile or Not to Stockpile Zero-Days?
Nir Gaist, CTO and Founder of NyotronCommentary
As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.
By Nir Gaist CTO and Founder of Nyotron, 11/21/2018
Comment0 comments  |  Read  |  Post a Comment
2018 Hacker Kids Gift Guide
Ericka Chickowski, Contributing Writer, Dark Reading
Fun gift choices that foster design thinking and coding skills in kids both young and old.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/21/2018
Comment0 comments  |  Read  |  Post a Comment
Russia Linked Group Resurfaces With Large-Scale Phishing Campaign
Jai Vijayan, Freelance writerNews
APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.
By Jai Vijayan Freelance writer, 11/20/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Enables Account Sign-In via Security Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
Account holders can use a FIDO2-compatible key or Windows Hello to authenticate sans username or password.
By Kelly Sheridan Staff Editor, Dark Reading, 11/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Report: Tens of Thousands of E-Commerce Sites at Heightened Security Risk
Dark Reading Staff, Quick Hits
Report delivered at Payment Card Industry Security Standards Council meeting flags issues in deployments of Magento, a popular e-commerce platform.
By Dark Reading Staff , 11/20/2018
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity at the Core
Troy Mattern, Vice President for Product and Services Cybersecurity at Motorola SolutionsCommentary
For too long, cybersecurity has been looked at as one team's responsibility. If we maintain that mentality, we will fail.
By Troy Mattern Vice President for Product and Services Cybersecurity at Motorola Solutions, 11/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Consumers Are Forgiving After a Data Breach, but Companies Need To Respond Well
Steve Zurier, Freelance WriterNews
A solid response and reputation management program will go a long way in surviving a major breach.
By Steve Zurier Freelance Writer, 11/20/2018
Comment0 comments  |  Read  |  Post a Comment
6,500 Dark Web Sites Offline After Hosting Service Attacked
Dark Reading Staff, Quick Hits
The actor behind the attack on Daniel's Hosting, and their initial point of entry, remain unknown.
By Dark Reading Staff , 11/20/2018
Comment0 comments  |  Read  |  Post a Comment
8 Security Buzzwords That Are Too Good to Be True
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 11/20/2018
Comment0 comments  |  Read  |  Post a Comment
Leaderboard Shows Adoption of DMARC Email Security Protocol
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new tool from the Global Cyber Alliance shows where companies and organizations are adopting Domain-based Message Authentication, Reporting & Conformance.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/20/2018
Comment0 comments  |  Read  |  Post a Comment
Securities Markets at High Risk of Cyberattack
Jai Vijayan, Freelance writerNews
A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.
By Jai Vijayan Freelance writer, 11/19/2018
Comment1 Comment  |  Read  |  Post a Comment
Vulnerabilities Dip 7%, but Researchers Are Cautious
Kelly Sheridan, Staff Editor, Dark ReadingNews
Risk Based Security reports 16,172 bugs disclosed through the end of October, but researchers warn things may change.
By Kelly Sheridan Staff Editor, Dark Reading, 11/19/2018
Comment1 Comment  |  Read  |  Post a Comment
Divide Remains Between Cybersecurity Awareness and Skill
Dark Reading Staff, Quick Hits
Organizations understand the need for critical data protection but may lack the resources to respond.
By Dark Reading Staff , 11/19/2018
Comment0 comments  |  Read  |  Post a Comment
7 Holiday Security Tips for Retailers
Steve Zurier, Freelance Writer
It's the most wonderful time of the year � and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
By Steve Zurier Freelance Writer, 11/19/2018
Comment0 comments  |  Read  |  Post a Comment
Instagram Privacy Tool Exposed Passwords
Dark Reading Staff, Quick Hits
The 'Download Your Data' tool, intended to improve users' privacy, actually became a privacy risk.
By Dark Reading Staff , 11/19/2018
Comment0 comments  |  Read  |  Post a Comment
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The public/private task force takes early steps toward securing the end-to-end supply chain.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff, Quick Hits
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
By Dark Reading Staff , 11/16/2018
Comment3 comments  |  Read  |  Post a Comment
BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance
Kelly Sheridan, Staff Editor, Dark ReadingNews
BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.
By Kelly Sheridan Staff Editor, Dark Reading, 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by jenshadus
Current Conversations You're on candid camera!
In reply to: camera's?
Post Your Own Reply
More Conversations
Products & Releases
King & Union and Farsight Security Announce Strategic Partnership
BSIA to create �UK marketplace� for all IFSEC Global Shows
Dragos Announces $37M in Series B Funding for Industrial Control Systems (ICS) Cybersecurity Threat Detection and Response
Trend Micro and Moxa Announce Letter of Intent for Joint Venture to Tackle Security Needs In Industrial IoT Environments
Global Cooperation And Regulation Key In Addressing Multilayered Threats Posed By New Technology
Eurofins Digital Testing Launches Cyber Security Division
New Research from eSentire Finds Only 30 Percent of Firms are Confident They Can Avoid a Major Security Event in the Next Two Years
Nok Nok Labs Introduces Strong Account Recovery
More Products & Releases
PR Newswire
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff 11/16/2018
Cybersecurity at the Core
Troy Mattern, Vice President for Product and Services Cybersecurity at Motorola Solutions,  11/20/2018
Vulnerabilities Dip 7%, but Researchers Are Cautious
Kelly Sheridan, Staff Editor, Dark Reading,  11/19/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Genius! Only a Big Brother can control another.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19457
PUBLISHED: 2018-11-22
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
CVE-2018-19458
PUBLISHED: 2018-11-22
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
CVE-2018-19459
PUBLISHED: 2018-11-22
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
CVE-2018-19443
PUBLISHED: 2018-11-22
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man...
CVE-2018-19433
PUBLISHED: 2018-11-22
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Flash Poll
Video
Slideshows
Twitter Feed