White House Cybersecurity Strategy at a Crossroads
10 Ways to Protect Protocols That Aren't DNS
8 Big Processor Vulnerabilities in 2018
What We Talk About When We Talk About Risk
6 M&A Security Tips
News & Commentary
What the Incident Responders Saw
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New report on IR professionals' experiences reveals just how advanced attackers, such as nation-state hackers, dig in even after they're detected.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
US Intel Officials Share Their National Cybersecurity Concerns
Kelly Sheridan, Staff Editor, Dark ReadingNews
Leaders in the security sector discuss the most pressing cyberthreats threatening the United States and what can be done to mitigate them.
By Kelly Sheridan Staff Editor, Dark Reading, 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
Singapore Health Services Data Breach Exposes Info on 1.5 Million People
Jai Vijayan, Freelance writerNews
Attackers, repeatedly and specifically, targeted Singapore Prime Minister Lee Hsien Loong's medication data.
By Jai Vijayan Freelance writer, 7/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsoft: Three Hacking Attempts Made on Midterm Elections
Dark Reading Staff, Quick Hits
Microsoft detected data indicating three congressional candidates were being hit with cyberattacks - the first to target midterm elections.
By Dark Reading Staff , 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
HR Services Firm ComplyRight Suffers Major Data Breach
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
Why Artificial Intelligence Is Not a Silver Bullet for Cybersecurity
Tomas Honzak,  Director, Security and Compliance, GoodDataCommentary
Like any technology, AI and machine learning have limitations. Three are detection, power, and people.
By Tomas Honzak Director, Security and Compliance, GoodData, 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
Why Security Startups Fly And Why They Crash
Kelly Sheridan, Staff Editor, Dark ReadingNews
What makes startups stand out in a market flooded with thousands of vendors? Funding experts and former founders share their thoughts.
By Kelly Sheridan Staff Editor, Dark Reading, 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
70 US Election Jurisdictions Adopt Free Website Security Service
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Hawaii, Idaho, North Carolina, and Rhode Island are among states now using gratis DDoS mitigation, firewall, and user access control service from Cloudflare.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Cyberattacks in Finland Surge During Trump-Putin Summit
Jai Vijayan, Freelance writerNews
Attackers targeted IoT devices like they did during Trump's June meeting with North Korea's Kim Jong-un, but this time China was the top-attacking nation.
By Jai Vijayan Freelance writer, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Robotic Vacuums May Hoover Your Data
Dark Reading Staff, Quick Hits
Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
By Dark Reading Staff , 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Free New Scanner Aims to Protect Home Networks
Dark Reading Staff, Quick Hits
Free software pinpoints vulnerabilities and offers suggestions for remediation.
By Dark Reading Staff , 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure MentemCommentary
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
By Ira Winkler CISSP, President, Secure Mentem, 7/19/2018
Comment3 comments  |  Read  |  Post a Comment
6 Ways to Tell an Insider Has Gone Rogue
Jai Vijayan, Freelance writer
Malicious activity by trusted users can be very hard to catch, so look for these red flags.
By Jai Vijayan Freelance writer, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Beyond Passwords: Why Your Company Should Rethink Authentication
Rajiv Dholakia, VP Products, Nok Nok LabsCommentary
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
By Rajiv Dholakia VP Products, Nok Nok Labs, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Number of Retailers Impacted by Breaches Doubles
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The retail race for digital transformation is being run without the safety of security measures.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/19/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.
By Kelly Sheridan Staff Editor, Dark Reading, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
Messenger Apps Top Risk Hit Parade
Dark Reading Staff, Quick Hits
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
By Dark Reading Staff , 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
Make Security Boring Again
Joel Fulton, Chief Information Security Officer for SplunkCommentary
In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.
By Joel Fulton Chief Information Security Officer for Splunk, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
New Subscription Service Takes on Ransomware Protection
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Moves Up As Phishers' Favorite Target for Brand Spoofing
Dark Reading Staff, Quick Hits
Researchers compiled a list of the most common brands to impersonate by detecting and analyzing new phishing URLs.
By Dark Reading Staff , 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Kolina
Current Conversations I have the same fillings about Google's work on this.. Great written
In reply to: ... HA!">Re: Google teaming with ... HA!
Post Your Own Reply
More Conversations
PR Newswire
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Number of Retailers Impacted by Breaches Doubles
Ericka Chickowski, Contributing Writer, Dark Reading,  7/19/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise securitythe IT team members tasked with protecting critical data from cyber threatsand will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14500
PUBLISHED: 2018-07-22
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.
CVE-2018-14501
PUBLISHED: 2018-07-22
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Flash Poll
Video
Slideshows
Twitter Feed