Risk

News & Commentary
Hacker Unlocks 'God Mode' and Shares the 'Key'
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Social Engineers Show Off Their Tricks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
NSA Brings Nation-State Details to DEF CON
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
Oh, No, Not Another Security Product
Paul Stokes, Founder & CEO of Prevalent AICommentary
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
By Paul Stokes Founder & CEO of Prevalent AI, 8/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018
Comment6 comments  |  Read  |  Post a Comment
Manufacturing Industry Experiencing Higher Incidence of Cyberattacks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
Expect API Breaches to Accelerate
Ericka Chickowski, Contributing Writer, Dark ReadingNews
APIs provide the digital glue that binds apps, cloud resources, app services and data all together and they're increasingly an appsec security threat.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/7/2018
Comment0 comments  |  Read  |  Post a Comment
Shadow IT: Every Company's 3 Hidden Security Risks
Adam Marre,  Information Security Operations Leader, QualtricsCommentary
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
By Adam Marre Information Security Operations Leader, Qualtrics, 8/7/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Details Tech Built into Shielded VMs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Specialized virtual machines, recently released in beta mode, ensure cloud workloads haven't been compromised.
By Kelly Sheridan Staff Editor, Dark Reading, 8/6/2018
Comment0 comments  |  Read  |  Post a Comment
Mastering MITRE's ATT&CK Matrix
Curtis Franklin Jr., Senior Editor at Dark Reading
This breakdown of Mitre's model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/6/2018
Comment3 comments  |  Read  |  Post a Comment
FBI Offers New IoT Security Tips
Dark Reading Staff, Quick Hits
A new article from the FBI offers insight into IoT risks and ways to reduce them.
By Dark Reading Staff , 8/3/2018
Comment0 comments  |  Read  |  Post a Comment
Multifactor Acquisition: Cisco Plans to Buy Duo for $2.35B
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cisco intends to use Duo's authentication technology to ramp up security across hybrid and multicloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways DevOps Can Supercharge Security
Ericka Chickowski, Contributing Writer, Dark Reading
Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
How GDPR Could Turn Privileged Insiders into Bribery Targets
Mark Coates, VP, EMEA, Dtex SystemsCommentary
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
By Mark Coates VP, EMEA, Dtex Systems, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
New Chrome Extension Alerts Users to Hacked Sites
Kelly Sheridan, Staff Editor, Dark ReadingNews
HackNotice leverages a database of 20,000 hacks to alert users when a site they visit has been compromised.
By Kelly Sheridan Staff Editor, Dark Reading, 8/1/2018
Comment1 Comment  |  Read  |  Post a Comment
48% of Customers Avoid Services Post-Data Breach
Dark Reading Staff, Quick Hits
Nearly all organizations hit with a security incident report a long-term negative impact on both revenue and consumer trust.
By Dark Reading Staff , 8/1/2018
Comment0 comments  |  Read  |  Post a Comment
Accidental Cryptojackers: A Tale of Two Sites
Patrick Ciavolella, Digital Security & Operations Director, The Media TrustCommentary
Why website operators need to know with whom they are doing business and how to close the loop on third-party vulnerabilities.
By Patrick Ciavolella Digital Security & Operations Director, The Media Trust, 7/31/2018
Comment0 comments  |  Read  |  Post a Comment
Every Week Is Shark Week in Cyberspace
Robert Block, SVP, Product Strategy, SecureAuth + Core SecurityCommentary
Your data, identities, and credentials are cyber chum. Here's how to protect yourself from the feeding frenzy.
By Robert Block SVP, Product Strategy, SecureAuth + Core Security, 7/27/2018
Comment7 comments  |  Read  |  Post a Comment
8 Steps Toward Safer Elections
Steve Zurier, Freelance Writer
Heres some advice from leading authorities on how state and local governments can adapt to an environment where election systems will inevitably be hacked.
By Steve Zurier Freelance Writer, 7/26/2018
Comment4 comments  |  Read  |  Post a Comment
LifeLock Learns Lesson from Leaky Links
Dark Reading Staff, Quick Hits
A Web programming problem could have exposed millions of customer email addresses.
By Dark Reading Staff , 7/26/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now about that mortgage refinance offer from Wells Fargo .....
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6970
PUBLISHED: 2018-08-13
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privil...
CVE-2018-14781
PUBLISHED: 2018-08-13
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolu...
CVE-2018-15123
PUBLISHED: 2018-08-13
Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.
CVE-2018-15124
PUBLISHED: 2018-08-13
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.
CVE-2018-15125
PUBLISHED: 2018-08-13
Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface.