8 Big Processor Vulnerabilities in 2018
What We Talk About When We Talk About Risk
7 Ways to Keep DNS Safe
6 M&A Security Tips
Name That Toon: Mobile Threat
News & Commentary
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Trump administration's initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
One-Third of Businesses Lack a Cybersecurity Expert
Kelly Sheridan, Staff Editor, Dark ReadingNews
Alarming, yes, but it's actually an improvement over past years, a new Gartner survey of more than 3,000 CIOs reveals.
By Kelly Sheridan Staff Editor, Dark Reading, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Gunter Ollmann, CTO, Security, Microsoft Cloud and AI Division   Commentary
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
By Gunter Ollmann CTO, Security, Microsoft Cloud and AI Division , 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Nearly Half of Security Pros Reuse Passwords
Dark Reading Staff, Quick Hits
Survey exposes poor security practices by the people who should know better.
By Dark Reading Staff , 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
SCADA/ICS Dangers & Cybersecurity Strategies
Peter Newton, Senior Director of Product Marketing at FortinetCommentary
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
By Peter Newton Senior Director of Product Marketing at Fortinet, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
7 Nigerians Indicted for Fraud Operation on Dating Sites
Dark Reading Staff, Quick Hits
Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.
By Dark Reading Staff , 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Russian National Vulnerability Database Operation Raises Suspicions
Jai Vijayan, Freelance writerNews
Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.
By Jai Vijayan Freelance writer, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Less Than Half of Cyberattacks Detected via Antivirus: SANS
Kelly Sheridan, Staff Editor, Dark ReadingNews
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Trump Dismisses Russian Interference Indictments in Presser with Putin
Dark Reading Staff, Quick Hits
Russian President Vladamir Putin 'just said it's not Russia,' US President Trump said.
By Dark Reading Staff , 7/16/2018
Comment1 Comment  |  Read  |  Post a Comment
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
India Telecom Regulator: Users Have Primary Data Rights
Dark Reading Staff, Quick Hits
Organizations 'should be restrained from using metadata to identify individual users,' says the Telecom Regulatory Authority of India.
By Dark Reading Staff , 7/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Time to Yank Cybercrime into the Light
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Too many organizations are still operating blindfolded, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
GRU hackers used bitcoin to fund US computer network infrastructure supporting and hiding the operation.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/13/2018
Comment2 comments  |  Read  |  Post a Comment
GandCrab Ransomware Continues to Evolve But Can't Spread Via SMB Shares Yet
Jai Vijayan, Freelance writerNews
Recent fears that this year's most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.
By Jai Vijayan Freelance writer, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
8 Big Processor Vulnerabilities in 2018
Ericka Chickowski, Contributing Writer, Dark Reading
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Congressional Report Cites States Most Vulnerable to Election Hacking
Dark Reading Staff, Quick Hits
A new report details issues with 18 states along with suggestions on what can be done.
By Dark Reading Staff , 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
FBI: Email Account Compromise Losses Reach $12B
Dark Reading Staff, Quick Hits
There were more than 78K business email account (BEC) and email account compromise (EAC) scam incidents worldwide between October 2013 and May 2018.
By Dark Reading Staff , 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Tom Badders, Senior Product Manager, Secure Mobility, at Telos CorporationCommentary
To keep an organization safe, you must think about the entire IT ecosystem.
By Tom Badders Senior Product Manager, Secure Mobility, at Telos Corporation, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
SOCs Use Automation to Compensate for Training, Technology Issues
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
WordPress Sites Targeted in World Cup-Themed Spam Scam
Jai Vijayan, Freelance writerNews
Spammers using a 'spray & pray' approach to post comments on WordPress powered blogs, forums, says Imperva.
By Jai Vijayan Freelance writer, 7/12/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by ydv3622
Current Conversations I like to see your post.
In reply to: Meeting
Post Your Own Reply
More Conversations
PR Newswire
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Major International Airport System Access Sold for $10 on Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  7/11/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago
INsecurity is for the defenders of enterprise securitythe IT team members tasked with protecting critical data from cyber threatsand will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14373
PUBLISHED: 2018-07-17
An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in tif_dirinfo.c, the structure tif is being dereferenced without first checking that the structure is not empty and has the requested fields (tif_foundfield). In the call sequences following from the affected library functions (TIFFVGetFiel...
CVE-2018-14374
PUBLISHED: 2018-07-17
An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur via an empty fmt argument to unixErrorHandler in tif_unix.c, and it can be exploited (at a minimum) via the following high-level library API functions: TIFFClientOpen, TIFFFdOpen, TIFFRawStripSize, TIFFCheckTile, TIFFComputeStrip,...
CVE-2018-14375
PUBLISHED: 2018-07-17
An issue was discovered in LibTIFF 4.0.9. A buffer overflow vulnerability can occur via an invalid or empty tif argument to TIFFRGBAImageOK in tif_getimage.c, and it can be exploited (at a minimum) via the following high-level library API functions: TIFFReadRGBAImage, TIFFRGBAImageOK, and TIFFRGBAIm...
CVE-2018-14378
PUBLISHED: 2018-07-17
An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur via an invalid or empty tif argument to TIFFWriteBufferSetup in tif_write.c, and it can be exploited (at a minimum) via the following high-level library API function: TIFFWriteTile.
CVE-2018-14363
PUBLISHED: 2018-07-17
An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames.
Flash Poll
Video
Slideshows
Twitter Feed