7 Low-Cost Security Tools
Name That Toon: The Advanced Persistent Threat
Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage
6 Questions to Ask While Buying a Connected Car
Embracing DevSecOps: 5 Processes to Improve DevOps Security
News & Commentary
FIN7 Cybercrime Gang Rises Again
Robert Lemos, Technology Journalist/Data ResearcherNews
The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.
By Robert Lemos Technology Journalist/Data Researcher, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Businesses Manage 9.7PB of Data but Struggle to Protect It
Kelly Sheridan, Staff Editor, Dark ReadingNews
What's more, their attempts to secure it may be putting information at risk, a new report finds.
By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
Dark Reading Staff, Quick Hits
2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.
By Dark Reading Staff , 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Hacker AI vs. Enterprise AI: A New Threat
Satish Abburi, Founder of Elysium AnalyticsCommentary
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.
By Satish Abburi Founder of Elysium Analytics, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Brings Defender Security Tools to Mac
Kelly Sheridan, Staff Editor, Dark ReadingNews
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Police Federation of England and Wales Suffers Apparent Ransomware Attack
Dark Reading Staff, Quick Hits
National Cyber Security Centre and National Crime Agency investigate random attack that locked down the association's data and deleted backups.
By Dark Reading Staff , 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Joram Borenstein & Rebecca Weintraub, General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical SchoolCommentary
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
By Joram Borenstein & Rebecca Weintraub General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Seek Out Ways to Search IPv6 Space
Robert Lemos, Technology Journalist/Data ResearcherNews
Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day?
By Robert Lemos Technology Journalist/Data Researcher, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
BEC Scammer Pleads Guilty
Dark Reading Staff, Quick Hits
Business email compromise (BEC) operation resulted in $100 million in losses to a multinational technology company and a social media firm, according to the US Attorney's Office.
By Dark Reading Staff , 3/20/2019
Comment2 comments  |  Read  |  Post a Comment
Google Photos Bug Let Criminals Query Friends, Location
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.
By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
The Insider Threat: It's More Common Than You Think
Raj Ananthanpillai, Chairman & CEO, EnderaCommentary
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Less Than 3% of Recycled Computing Devices Properly Wiped
Steve Zurier, Freelance WriterNews
Researchers find that companies that refurbish or accept old equipment as donations don't necessarily clean them of data as promised.
By Steve Zurier Freelance Writer, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
'Critical' Denial-of-Service Bug Patched in Facebook Fizz
Dark Reading Staff, Quick Hits
Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.
By Dark Reading Staff , 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
TLS 1.3: A Good News/Bad News Scenario
Paula Musich, Research Director, Enterprise Management AssociatesCommentary
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office Dominates Most Exploited List
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attack Size Drops 85% in Q4 2018
Kelly Sheridan, Staff Editor, Dark ReadingNews
The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
6 Ways Mature DevOps Teams Are Killing It in Security
Ericka Chickowski, Contributing Writer, Dark Reading
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
The Case of the Missing Data
Mike McKee, CEO of ObserveITCommentary
The latest twist in the Equifax breach has serious implications for organizations.
By Mike McKee CEO of ObserveIT, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Norsk Hydro Shuts Plants Amid Ransomware Attack
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20031
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2018-20032
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon t...
CVE-2018-20034
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2019-3855
PUBLISHED: 2019-03-21
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3858
PUBLISHED: 2019-03-21
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Flash Poll
Video
Slideshows
Twitter Feed