Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

6 Small-Business Password Managers
10 Tips for Building Compliance by Design into Cloud Architecture
8 Holiday Security Tips for Retailers
4 Ways to Soothe a Stressed-Out Incident Response Team
8 Tips for More Secure Mobile Computing
News & Commentary
Symantec, McAfee Patch Privilege Escalation Bugs
Jai Vijayan, Contributing WriterNews
All versions of endpoint protection software from both vendors were susceptible to near identical issue, SafeBreach says.
By Jai Vijayan Contributing Writer, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
BSIMM10 Shows Industry Vertical Maturity
Sammy Migues, BSIMM Co-Author and Principal Scientist at SynopsysCommentary
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
By Sammy Migues BSIMM Co-Author and Principal Scientist at Synopsys, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Capture the Flag Planned to Find Missing Persons Information
Dark Reading Staff, Quick Hits
The competition, launched by SANS and Trace Labs, will put to use open source information in search of new clues.
By Dark Reading Staff , 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Attacks on Healthcare Jump 60% in 2019 - So Far
Robert Lemos, Contributing WriterNews
Well-known Trojans Emotet and Trickbot are cybercriminals' favorite weapons in their campaigns.
By Robert Lemos Contributing Writer, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
5 Cybersecurity CISO Priorities for the Future
Paul Shomo, Cybersecurity AnalystCommentary
Seven chief information security officers share their pain points and two-year spending plans.
By Paul Shomo Cybersecurity Analyst, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Dark Reading Staff, Quick Hits
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
By Dark Reading Staff , 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
8 Backup & Recovery Questions to Ask Yourself
Sara Peters, Senior Editor at Dark Reading
Don't wait until after a disaster, DDoS, or ransomware attack to learn just how good your backups really are.
By Sara Peters Senior Editor at Dark Reading, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
How Does Your Cyber Resilience Measure Up?
Troy Mattern, Vice President for Product and Services Cybersecurity at Motorola SolutionsCommentary
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
By Troy Mattern Vice President for Product and Services Cybersecurity at Motorola Solutions, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites
Jai Vijayan, Contributing WriterNews
'Pipka' JavaScript skimmer has infected at least 16 e-commerce websites so far, according to Visa's Payment Fraud Disruption Group.
By Jai Vijayan Contributing Writer, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Well, Hello, Dolly!
Beyond the Edge, Dark Reading
Eight hours is certainly a start.
By Beyond the Edge Dark Reading, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity: An Organizationwide Responsibility
Guy Bunker, CTO of ClearswiftCommentary
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
By Guy Bunker CTO of Clearswift, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
The Ripple Effect of Data Breaches: How Damage Spreads
Kelly Sheridan, Staff Editor, Dark ReadingNews
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.
By Kelly Sheridan Staff Editor, Dark Reading, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
2019 Trending as Worst Year on Record for Data Breaches
Dark Reading Staff, Quick Hits
New Risk Based Security report shows data breaches up 33.3% over last year so far.
By Dark Reading Staff , 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, GuardicoreCommentary
Avoid sinking security with principles of shipbuilding known since the 15th century.
By Ariel Zeitlin Chief Technology Officer & Co-Founder, Guardicore, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Cardplanet Operator Extradited for Facilitating Credit Card Fraud
Dark Reading Staff, Quick Hits
Russian national Aleksei Burkov is charged with wire fraud, access device fraud, and conspiracy to commit identity theft, among other crimes.
By Dark Reading Staff , 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLensCommentary
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
By Jack Freund Director, Risk Science at RiskLens, 11/13/2019
Comment1 Comment  |  Read  |  Post a Comment
While CISOs Fret, Business Leaders Tout Security Robustness
Jai Vijayan, Contributing WriterNews
A new Nominet survey shows a familiar disconnect between business and security teams on the matter of cyber preparedness.
By Jai Vijayan Contributing Writer, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
Companies Increasingly Fail Interim Security Test, But Gap Narrows
Robert Lemos, Contributing WriterNews
Stability of PCI DSS helps companies cope and create more mature security programs, but some parts of the Payment Card Industry's Data Secure Standard continue to cause headaches.
By Robert Lemos Contributing Writer, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches IE Zero-Day Among 74 Vulnerabilities
Kelly Sheridan, Staff Editor, Dark ReadingNews
The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer.
By Kelly Sheridan Staff Editor, Dark Reading, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
New DDoS Attacks Leverage TCP Amplification
Jai Vijayan, Contributing WriterNews
Attackers over the past month have been using a rarely seen approach to disrupt services at large organizations in several countries.
By Jai Vijayan Contributing Writer, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by TerryWilliams
Current Conversations very useful information
In reply to: thanks
Post Your Own Reply
More Conversations
PR Newswire
edge
edge
Here are some important points to factor into your vulnerability disclosure policy.
Don't wait until after a disaster, DDoS, or ransomware attack to learn just how good your backups really are.
It can't be overstated: Web attacks and credential stuffing are real, long-term threats. This white paper, sponsored by Akamai, focuses on how they are impacting the high-tech, video media, and entertainment sectors.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18986
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
CVE-2019-18981
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVE-2019-18982
PUBLISHED: 2019-11-15
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
CVE-2019-18985
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
CVE-2019-18928
PUBLISHED: 2019-11-15
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Flash Poll
Video
Slideshows
Twitter Feed