News & Commentary

Latest Content
Page 1 / 2   >   >>
Insurer Offers GDPR-Specific Coverage for SMBs
News  |  2/20/2019  | 
Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.
As Businesses Move Critical Data to Cloud, Security Risks Abound
News  |  2/20/2019  | 
Companies think their data is safer in the public cloud than in on-prem data centers, but the transition is driving security issues.
Mastercard, GCA Create Small Business Cybersecurity Toolkit
News  |  2/20/2019  | 
A new toolkit developed by the Global Cybersecurity Alliance aims to give small businesses a cookbook for better cybersecurity.
POS Vendor Announces January Data Breach
Quick Hits  |  2/20/2019  | 
More than 120 restaurants were affected by an incident that exposed customer credit card information.
9 Years After: From Operation Aurora to Zero Trust
Commentary  |  2/20/2019  | 
How the first documented nation-state cyberattack is changing security today.
Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks
Quick Hits  |  2/20/2019  | 
A recent wave of cybercrime has targeted organizations with employees in Belgium, France, Germany, Poland, Romania, and Serbia.
The Anatomy of a Lazy Phish
Commentary  |  2/20/2019  | 
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
'Formjacking' Compromises 4,800 Sites Per Month. Could Yours Be One?
News  |  2/20/2019  | 
Cybercriminals see formjacking as a simple opportunity to take advantage of online retailers and all they need is a small piece of JavaScript.
North Korea's Lazarus Group Targets Russian Companies For First Time
News  |  2/19/2019  | 
In an unusual development, the group known for its attacks against companies in countries viewed as geopolitical foes is now going after companies in a country considered an ally, Check Point Software says.
Google Research: No Simple Fix For Spectre-Class Vulnerabilities
News  |  2/19/2019  | 
Chip makers focus on performance has left microprocessors open to numerous side-channel attacks that cannot be fixed by software updates - only by hard choices.
19 Minutes to Escalation: Russian Hackers Move the Fastest
News  |  2/19/2019  | 
New data from CrowdStrike's incident investigations in 2018 uncover just how quickly nation-state hackers from Russia, North Korea, China, and Iran pivot from patient zero in a target organization.
Making the Case for a Cybersecurity Moon Shot
Commentary  |  2/19/2019  | 
There are severe and unsolved problems in our industry that justify a sustained effort and substantial investment. It's worth picking one.
6 Tax Season Tips for Security Pros
Slideshows  |  2/19/2019  | 
Here are some practical ways to keep your company safe as Uncle Sam comes calling.
Breach in Stanford System Exposes Student Records
Quick Hits  |  2/19/2019  | 
A wide variety of data was visible through the vulnerability.
Palo Alto Networks to Buy Demisto for $560M
Quick Hits  |  2/19/2019  | 
This marks Palo Alto Networks' latest acquisition and its first of 2019.
Security Leaders Are Fallible, Too
Commentary  |  2/19/2019  | 
Security leaders set the tone for their organizations, and there are many places where the process can go wrong. Second in a six-part series.
Privacy Ops: The New Nexus for CISOs & DPOs
Commentary  |  2/18/2019  | 
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
Hackers Found Phishing for Facebook Credentials
Quick Hits  |  2/15/2019  | 
A "very realistic-looking" login prompt is designed to capture users' Facebook credentials, researchers report.
Staffing Shortage Makes Vulnerabilities Worse
Quick Hits  |  2/15/2019  | 
Businesses don't have sufficient staff to find vulnerabilities or protect against their exploit, according to a new report by Ponemon Institute.
ICS/SCADA Attackers Up Their Game
News  |  2/15/2019  | 
With attackers operating more aggressively and stealthily, some industrial network operators are working to get a jump on the threats.
Post-Quantum Crypto Standards Arent All About the Math
News  |  2/15/2019  | 
The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Commentary  |  2/15/2019  | 
These programs are now an essential strategy in keeping the digital desperados at bay.
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
News  |  2/14/2019  | 
New initiative offers five principles for greater IoT security.
From 'O.MG' to NSA, What Hardware Implants Mean for Security
News  |  2/14/2019  | 
A wireless device resembling an Apple USB-Lightning cable that can exploit any system via keyboard interface highlights risks associated with hardware Trojans and insecure supply chains.
High Stress Levels Impacting CISOs Physically, Mentally
News  |  2/14/2019  | 
Some have even turned to alcohol and medication to cope with pressure.
Toyota Prepping 'PASTA' for its GitHub Debut
News  |  2/14/2019  | 
Carmaker's open source car-hacking tool platform soon will be available to the research community.
Valentine's Emails Laced with Gandcrab Ransomware
News  |  2/14/2019  | 
In the weeks leading up to Valentine's Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails.
Coffee Meets Bagel Confirms Hack on Valentine's Day
Quick Hits  |  2/14/2019  | 
The dating app says users' account data may have been obtained by an unauthorized party.
New Professional Development Institute Aims to Combat Cybersecurity Skills Shortage
Quick Hits  |  2/14/2019  | 
The (ISC)2 announces a new institute for working cybersecurity professionals to continue their education.
Diversity Is Vital to Advance Security
Commentary  |  2/14/2019  | 
Meet five female security experts who are helping to propel our industry forward.
How to Create a Dream Team for the New Age of Cybersecurity
Commentary  |  2/14/2019  | 
When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.
Security Spills: 9 Problems Causing the Most Stress
Slideshows  |  2/14/2019  | 
Security practitioners reveal what's causing them the most frustration in their roles.
2018 Was Second-Most Active Year for Data Breaches
News  |  2/13/2019  | 
Hacking by external actors caused most breaches, but Web intrusions and exposures compromised more records, according to Risk Based Security.
Windows Executable Masks Mac Malware
News  |  2/13/2019  | 
A new strain of MacOS malware hides inside a Windows executable to avoid detection.
Ex-US Intel Officer Charged with Helping Iran Target Her Former Colleagues
News  |  2/13/2019  | 
Monica Witt, former Air Force and counterintel agent, has been indicted for conspiracy activities with Iranian government, hackers.
Researchers Dig into Microsoft Office Functionality Flaws
News  |  2/13/2019  | 
An ongoing study investigating security bugs in Microsoft Office has so far led to two security patches.
5 Expert Tips for Complying with the New PCI Software Security Framework
Commentary  |  2/13/2019  | 
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
Scammers Fall in Love with Valentine's Day
News  |  2/13/2019  | 
Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.
70% of Consumers Want Biometrics in the Workplace
News  |  2/13/2019  | 
Speed, simplicity, and security underscore their desire, a new study shows.
Lessons Learned from a Hard-Hitting Security Review
Commentary  |  2/13/2019  | 
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
Up to 100,000 Reported Affected in Landmark White Data Breach
News  |  2/12/2019  | 
Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.
Microsoft, Adobe Both Close More Than 70 Security Issues
News  |  2/12/2019  | 
With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
News  |  2/12/2019  | 
All data belonging to US usersincluding backup copieshave been deleted in catastrophe, VMEmail says.
Cybersecurity and the Human Element: We're All Fallible
Commentary  |  2/12/2019  | 
We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.
'Picnic' Passes Test for Protecting IoT From Quantum Hacks
Quick Hits  |  2/12/2019  | 
Researchers from DigiCert, Utimaco, and Microsoft Research gives thumbs-up to a new algorithm for implementing quantum hacking-proof digital certificates.
Symantec Acquires Luminate to Build on Cloud Security
Quick Hits  |  2/12/2019  | 
Luminate Security, which specializes in software-defined perimeter technology, will extend Symantec's integrated defense platform.
Identifying, Understanding & Combating Insider Threats
Commentary  |  2/12/2019  | 
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
2019 Security Spending Outlook
Slideshows  |  2/12/2019  | 
Cybersecurity and IT risk budgets continue to grow. Here's how they'll be spent.
Client-Side DNS Attack Emerges From Academic Research
News  |  2/11/2019  | 
A new DNS cache poisoning attack is developed as part of the research toward a dissertation.
Experian: US Suffers the Most Online Fraud
News  |  2/11/2019  | 
New data from the credit reporting firm shows the sheer scale of online activity in the US also has made businesses and consumers there prime targets.
Page 1 / 2   >   >>


High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3474
PUBLISHED: 2019-02-20
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-3475
PUBLISHED: 2019-02-20
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-10030
PUBLISHED: 2019-02-20
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVE-2019-10030
PUBLISHED: 2019-02-20
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...
CVE-2019-10030
PUBLISHED: 2019-02-20
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.