Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

7 Signs of the Rising Threat of Magecart Attacks in 2019
Effective Pen Tests Follow These 7 Steps
Demystifying the Dark Web: What You Need to Know
How Enterprises Are Developing Secure Applications
Name That Toon: End User Lockdown
News & Commentary
TeamViewer Admits Breach from 2016
Dark Reading Staff, Quick Hits
The company says it stopped the attack launched by a Chinese hacking group.
By Dark Reading Staff , 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
DHS Warns of Data Theft via Chinese-Made Drones
Dark Reading Staff, Quick Hits
The drones are reportedly built with parts that can compromise organizations' data and share it on a server accessible to the Chinese government.
By Dark Reading Staff , 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
New Trickbot Variant Uses URL Redirection to Spread
Jai Vijayan, Contributing WriterNews
Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms.
By Jai Vijayan Contributing Writer, 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
97% of Americans Cant Ace a Basic Security Test
Steve Zurier, Contributing WriterNews
Still, a new Google study uncovers a bit of good news, too.
By Steve Zurier Contributing Writer, 5/20/2019
Comment3 comments  |  Read  |  Post a Comment
Financial Sector Under Siege
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.
By Marc Wilczek Digital Strategist & CIO Advisor, 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
Killer SecOps Skills: Soft Is the New Hard
Edy Almer, VP Product, CyberbitCommentary
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.
By Edy Almer VP Product, Cyberbit, 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
7 Signs of the Rising Threat of Magecart Attacks in 2019
Ericka Chickowski, Contributing Writer
Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.
By Ericka Chickowski Contributing Writer, 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here's what happened.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/20/2019
Comment2 comments  |  Read  |  Post a Comment
Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists
Black Hat Staff,  News
Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why its so important for tech experts to be actively involved in setting public policy.
By Alex Wawro, Special to Dark Reading , 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
Artist Uses Malware in Installation
Dark Reading Staff, Quick Hits
A piece of 'art' currently up for auction features six separate types of malware running on a vulnerable computer.
By Dark Reading Staff , 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter
Jai Vijayan, Contributing WriterNews
Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security.
By Jai Vijayan Contributing Writer, 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
DevOps Repository Firms Establish Shared Analysis Capability
Robert Lemos, Contributing WriterNews
Following an attack on their users, and their shared response, Atlassian, GitHub, and GitLab decide to make the sharing of attack information a permanent facet of their operations.
By Robert Lemos Contributing Writer, 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Exposed Elasticsearch Database Compromises Data on 8M People
Dark Reading Staff, Quick Hits
Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.
By Dark Reading Staff , 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
A Trustworthy Digital Foundation Is Essential to Digital Government
Gus Hunt, Managing Director and Cyber Strategy Lead for Accenture Federal ServicesCommentary
Agencies must take steps to ensure that citizens trust in the security of government's digital channels.
By Gus Hunt Managing Director and Cyber Strategy Lead for Accenture Federal Services, 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
Google to Replace Titan Security Keys Affected by Bluetooth Bug
Kelly Sheridan, Staff Editor, Dark ReadingNews
A misconfiguration in Bluetooth Titan Security Keys' pairing protocols could compromise users under specific circumstances.
By Kelly Sheridan Staff Editor, Dark Reading, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Executive Order Limits Certain Tech Sales, Hits Huawei Hard
Dark Reading Staff, Quick Hits
The executive order signed by President Trump bars the sale or installation of equipment seen to be controlled by hostile foreign governments and a threat to national security.
By Dark Reading Staff , 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
US Charges Members of GozNym Cybercrime Gang
Jai Vijayan, Contributing WriterNews
The FBI and counterparts from other nations say group infected over 41,000 computers with malware that steals banking credentials.
By Jai Vijayan Contributing Writer, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
The Data Problem in Security
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cyber Workforce Exec Order: Right Question, Wrong Answer
Ryan Shaw, Co-Founder, BionicCommentary
Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.
By Ryan Shaw Co-Founder, Bionic, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Why AI Will Create Far More Jobs Than It Replaces
John DiLullo, CEO, Lastline,  5/14/2019
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Talk about vendor lock in...
White Papers
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11816
PUBLISHED: 2019-05-20
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
CVE-2019-10076
PUBLISHED: 2019-05-20
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVE-2019-10077
PUBLISHED: 2019-05-20
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVE-2019-10078
PUBLISHED: 2019-05-20
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
CVE-2019-12239
PUBLISHED: 2019-05-20
The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
Flash Poll
Video
Slideshows
Twitter Feed