News & Commentary

Latest Content
Page 1 / 2   >   >>
Google Traffic Temporarily Rerouted via Russia, China
News  |  11/13/2018  | 
The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.
Netskope Announces Series F Funding Round
Quick Hits  |  11/13/2018  | 
The $168.7 million round will go toward R&D and global expansion, says cloud access security broker provider.
RIP, 'IT Security'
Commentary  |  11/13/2018  | 
Information security is vital, of course. But the concept of "IT security" has never made sense.
Sophisticated Campaign Targets Pakistan's Air Force
News  |  11/13/2018  | 
Espionage campaign uses a variety of new evasion techniques.
2018 On Track to Be One of the Worst Ever for Data Breaches
News  |  11/12/2018  | 
A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone.
Paris Agreement on Cybercrime Falls Short of Unanimous Agreement
Quick Hits  |  11/12/2018  | 
More than 50 nations and 150 global companies agree to join effort to fight cybercrime.
Veterans Find New Roles in Enterprise Cybersecurity
News  |  11/12/2018  | 
Facebook and Synack create programs to educate vets and grow employment opportunities while shrinking the cybersecurity talent gap.
7 Cool New Security Tools to be Revealed at Black Hat Europe
Slideshows  |  11/12/2018  | 
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
Cyberattacks Top Business Risks in North America, Europe, EAP
Quick Hits  |  11/12/2018  | 
The World Economic Forum reports cyberattacks are a top enterprise concern following WannaCry and the rise of e-commerce.
'CARTA': A New Tool in the Breach Prevention Toolbox
Commentary  |  11/12/2018  | 
Gartner's continuous adaptive risk and trust assessment for averting a data breach addresses the shortcomings of static security programs.
Inside CSAW, a Massive Student-Led Cybersecurity Competition
News  |  11/9/2018  | 
Nearly 400 high school, undergraduate, and graduate students advance to the final round of New York University's CSAW games.
Dropbox Teams with Israeli Security Firm Coronet
Quick Hits  |  11/9/2018  | 
The partnership is expected to improve threat detection for Dropbox while growing Coronet's user base.
What You Should Know About Grayware (and What to Do About It)
Slideshows  |  11/9/2018  | 
Grayware is a tricky security problem, but there are steps you can take to defend your organization when you recognize the risk.
Guilty Plea Made in Massive International Cell Phone Fraud Case
Quick Hits  |  11/9/2018  | 
A former West Palm Beach resident is the fifth defendant to plead guilty in a case involving thousands of victims.
The Morris Worm Turns 30
News  |  11/9/2018  | 
How the historic Internet worm attack of 1988 has shaped security or not.
Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
Commentary  |  11/9/2018  | 
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.
Symantec Uncovers North Korean Group's ATM Attack Malware
News  |  11/8/2018  | 
Lazarus Group has been using FastCash Trojan on obsolete AIX servers to empty tens of millions of dollars from ATMs.
Microsoft President: Governments Must Cooperate on Cybersecurity
News  |  11/8/2018  | 
Microsoft's Brad Smith calls on nations and businesses to work toward "digital peace" and acknowledge the effects of cybercrime.
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Commentary  |  11/8/2018  | 
The technology never really took off in IT, but it could be very helpful in the industrial world.
Banking Malware Takes Aim at Brazilians
Quick Hits  |  11/8/2018  | 
Two malware distribution campaigns are sending banking Trojans to customers of financial institutions in Brazil.
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
Commentary  |  11/8/2018  | 
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
New Side-Channel Attacks Target Graphics Processing Units
News  |  11/7/2018  | 
A trio of new attacks bypass CPUs to wring data from vulnerable GPUs.
Finding Gold in the Threat Intelligence Rush
News  |  11/7/2018  | 
Researchers sift through millions of threat intel observations to determine where to best find valuable threat data.
Crytpocurrency Exchange Targeted Via Attack on Web Traffic Analysis Firm
News  |  11/7/2018  | 
"Island-hopping" attackers breached StatCounter so they could get to users of gate.io.
IT-to-OT Solutions That Can Bolster Security in the IIoT
Commentary  |  11/7/2018  | 
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
Checkmarx Acquires Custodela
Quick Hits  |  11/7/2018  | 
The purchase adds DevSecOps capabilities to a software exposure platform.
Why Password Management and Security Strategies Fall Short
News  |  11/7/2018  | 
Researchers say companies need to rethink their password training and take a more holistic approach to security.
Utah Hacker Pleads Guilty to DoS Attacks: DoJ
Quick Hits  |  11/7/2018  | 
Online gaming companies, including Sony Online Entertainment, and servers were main targets.
5 Reasons Why Threat Intelligence Doesn't Work
Commentary  |  11/7/2018  | 
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
20 Cybersecurity Firms to Watch
Slideshows  |  11/7/2018  | 
A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year.
'PortSmash' Brings New Side-Channel Attack to Intel Processors
News  |  11/6/2018  | 
New vulnerability exposes encryption keys in the first proof-of-concept code.
Most Businesses to Add More Cloud Security Tools
News  |  11/6/2018  | 
Cloud adoption drives organizations to spend in 2019 as they learn traditional security practices can't keep up.
Why the CISSP Remains Relevant to Cybersecurity After 28 Years
Commentary  |  11/6/2018  | 
The venerable Certified Information Systems Security Professional certification has been around for a very long time -- and for good reason.
Critical Encryption Bypass Flaws in Popular SSDs Compromise Data Security
News  |  11/6/2018  | 
Vulnerabilities in Samsung, Crucial storage devices enable data recovery without a password or decryption key, researchers reveal.
HSBC: Security Breach Exposes Account, Transaction Data
Quick Hits  |  11/6/2018  | 
Unauthorized users accessed HSBC accounts between Oct. 4 and 14, the bank reports in a letter to customers.
Hidden Costs of IoT Vulnerabilities
Commentary  |  11/6/2018  | 
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
'Trump' Tops Election-Spam Subject Lines
Quick Hits  |  11/5/2018  | 
Fake email messages aka spam contain the president's name in 2,811% of median message sampling.
Energy Sector's IT Networks in the Bulls-Eye
News  |  11/5/2018  | 
Attackers are actively infiltrating energy organizations and utilities for reconnaissance purposes.
Thoma Bravo Buys Veracode
News  |  11/5/2018  | 
Broadcom will sell Veracode, acquired last year by CA, for $950M to Thoma Bravo as it broadens its security portfolio.
7 Non-Computer Hacks That Should Never Happen
Slideshows  |  11/5/2018  | 
From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.
Symantec Acquires Appthority And Javelin Networks
Quick Hits  |  11/5/2018  | 
Both buys bolster the cybersecurity company's endpoint security business.
After the Breach: Tracing the 'Smoking Gun'
Commentary  |  11/5/2018  | 
Systems, technology, and threats change, and your response plan should, too. Here are three steps to turn your post-breach assessment into a set of workable best practices.
Worst Malware and Threat Actors of 2018
News  |  11/2/2018  | 
Two reports call out the most serious malware attacks and attackers of the year (so far).
Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million
News  |  11/2/2018  | 
Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.
NITTF Releases New Model for Insider Threat Program
Quick Hits  |  11/2/2018  | 
The Insider Threat Program Maturity Framework is intended to help government agencies strengthen their programs.
Cisco Reports SIP Inspection Vulnerability
Quick Hits  |  11/2/2018  | 
Advisory addresses active exploitation of vuln in the wild, with no clear solution in sight.
Tackling Cybersecurity from the Inside Out
Commentary  |  11/2/2018  | 
New online threats require new solutions.
Speed Up AppSec Improvement With an Adversary-Driven Approach
News  |  11/2/2018  | 
Stop overwhelming developers and start using real-world attack behavior to prioritize application vulnerability fixes.
New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points
News  |  11/1/2018  | 
'BleedingBit' could give attackers control of the wireless network from a remote vantage point.
Microsoft, Amazon Top BEC's Favorite Brands
News  |  11/1/2018  | 
When attackers want to impersonate a brand via email, the majority turn to Microsoft and Amazon because of their ubiquity in enterprise environments.
Page 1 / 2   >   >>


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
Why the CISSP Remains Relevant to Cybersecurity After 28 Years
Steven Paul Romero, SANS Instructor and Sr. SCADA Network Engineer, Chevron,  11/6/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16850
PUBLISHED: 2018-11-13
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
CVE-2018-17187
PUBLISHED: 2018-11-13
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options...
CVE-2018-1792
PUBLISHED: 2018-11-13
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
CVE-2018-1808
PUBLISHED: 2018-11-13
IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.
CVE-2018-15452
PUBLISHED: 2018-11-13
A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the ...