2018 Pwnie Awards: Who Pwned, Who Got Pwned
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
6 Eye-Raising Third-Party Breaches
10 Threats Lurking on the Dark Web
Breaking Down the PROPagate Code Injection Attack
News & Commentary
Researchers Find New Fast-Acting Side-Channel Vulnerability
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Malicious Cryptomining & Other Shifting Threats
Dark Reading Staff, CommentaryVideo
Skybox Security CMO Michelle Johnson Cobb discloses research results that include a spike in malicious cryptomining during Bitcoins peak, a shift to outside-the-perimeter mobile threats, and more.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
The Economics of AI-Enabled Security
Dark Reading Staff, CommentaryVideo
While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Using Threat Deception on Malicious Insiders
Dark Reading Staff, CommentaryVideo
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Filtering the Threat Intelligence Tsunami
Dark Reading Staff, CommentaryVideo
Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Ensuring Web Applications Are Hardened, Secure
Dark Reading Staff, CommentaryVideo
Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Marap Malware Appears, Targeting Financial Sector
Dark Reading Staff, Quick Hits
A new form of modular downloader packs the ability to download other modules and payloads.
By Dark Reading Staff , 8/17/2018
Comment1 Comment  |  Read  |  Post a Comment
Building Security into the DevOps Pipeline
Dark Reading Staff, CommentaryVideo
As companies pump more code into production at a faster pace, CA Veracode VP of Security Research Chris Eng stresses the importance of avoiding vulnerabilities by building security directly into the DevOps pipeline.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Supplementing the SOC with Cyber-as-a-Service
Dark Reading Staff, CommentaryVideo
Raytheon Cyber Protection Solutions CTO Mark Orlando suggests under-resourced SOCs enhance their effectiveness at-scale by tapping the advanced cyber defense automation his company has developed.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Exploring, Exploiting Active Directory Admin Flaws
Kelly Sheridan, Staff Editor, Dark ReadingNews
Common methods AD administrators use to protect their environments can easily be exploited. Here's how.
By Kelly Sheridan Staff Editor, Dark Reading, 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Assessing & Mitigating Increased Exposure to Third-Party Risk
Dark Reading Staff, CommentaryVideo
As we increasingly connect with each other digitally, CyberGRX CRO Scott Schneider believes we need to be much more diligent about sharing validated insight into the infosec maturity of our organizations.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Australian Teen Hacked Apple Network
Dark Reading Staff, Quick Hits
Leveraging the Power of your End-Users Human Cognition
Dark Reading Staff, CommentaryVideo
Cofense CEO Rohyt Belani makes a case for more aggressively leveraging the unique ability of your most perceptive and well-trained end-users to help you more quickly spot and stop email threats.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
How Orchestration, Automation Help SOCs Do More With Less
Dark Reading Staff, CommentaryVideo
Splunks Haiyan Song and Oliver Friedrichs - co-founder of recently acquired Phantom - explain how security orchestration, automation, and response (SOAR) can empower SOCs to do more with less.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Crowd-sourcing Threat Intelligence & Response Guidance
Dark Reading Staff, CommentaryVideo
AlienVault SVP Russ Spitler encourages participation in the large-scale crowdsourced OTX threat intelligence community as well as the rich expertise of crowd-curated response guidance.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Simplifying Endpoint Hardening, Defense & Response
Dark Reading Staff, CommentaryVideo
Ziften CEO Mike Hamilton advocates taking complexity, time, and cost out of multi-faceted endpoint protection, with a single-agent solution for laptops, desktops, servers, and cloud VMs.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
The 5 Challenges of Detecting Fileless Malware Attacks
Travis Rosiek, Chief Technology and Strategy Officer, BluVector Commentary
Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.
By Travis Rosiek Chief Technology and Strategy Officer, BluVector , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Simplifying Defense Across the MITRE ATT&CK Matrix
Dark Reading Staff, CommentaryVideo
Endgames Mark Dufresne says SOCs can achieve better results within their existing staff and budget constraints with AI- and visualization-empowered, unified defense across the MITRE ATT&CK matrix.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
The Rise of Bespoke Ransomware
Dark Reading Staff, CommentaryVideo
Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Necurs Botnet Goes Phishing for Banks
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new Necurs botnet campaign targets thousands of banks with a malicious file dropping the FlawedAmmyy remote-access Trojan.
By Kelly Sheridan Staff Editor, Dark Reading, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise securitythe IT team members tasked with protecting critical data from cyber threatsand will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
Flash Poll
Video
Slideshows
Twitter Feed