Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

News & Commentary
Researchers Find New Approach to Attacking Cloud Infrastructure
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
By Kelly Sheridan Staff Editor, Dark Reading, 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
Joker's Stash Puts $130M Price Tag on Credit Card Database
Dark Reading Staff, Quick Hits
A new analysis advises security teams on what they should know about the underground payment card seller.
By Dark Reading Staff , 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
TA542 Brings Back Emotet with Late September Spike
Kelly Sheridan, Staff Editor, Dark ReadingNews
Overall volumes of banking Trojans and RATs increased during the third quarter, when Emotet was suspiciously absent until mid-September.
By Kelly Sheridan Staff Editor, Dark Reading, 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
PayPal Upsets Microsoft as Phishers' Favorite Brand
Dark Reading Staff, Quick Hits
Several factors edged the world's most popular payment service into the top spot.
By Dark Reading Staff , 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike Adds New Products & Web Store Apps
Dark Reading Staff, Quick Hits
Company introduces Falcon for AWS, Falcon Firewall Management, and third-party applications.
By Dark Reading Staff , 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Google Launches OpenTitan Project to Open Source Chip Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
OpenTitan is an open source collaboration among Google and technology companies to strengthen root-of-trust chip design.
By Kelly Sheridan Staff Editor, Dark Reading, 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Proofpoint Acquires ObserveIT to Bolster DLP Capabilities
Dark Reading Staff, Quick Hits
The $225 million acquisition will help Proofpoint expand its data loss prevention capabilities with email, CASB, and data at rest.
By Dark Reading Staff , 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tools Focus on Insider Risk, Data Protection at Ignite 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
New tools and updates aimed at addressing ongoing challenges with insider threats and sensitive data classification.
By Kelly Sheridan Staff Editor, Dark Reading, 11/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Sumo Logic Buys JASK Labs to Tackle SOC Challenges
Dark Reading Staff, Quick Hits
Sumo Logic plans to integrate JASK's autonomous security operations center software into a new intelligence tool.
By Dark Reading Staff , 11/4/2019
Comment0 comments  |  Read  |  Post a Comment
Details of Attack on Electric Utility Emerge
Dark Reading Staff, Quick Hits
The March 5 DDoS attack interrupted communications between generating facilities and the electrical grid in three western states.
By Dark Reading Staff , 11/1/2019
Comment0 comments  |  Read  |  Post a Comment
32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.
By Kelly Sheridan Staff Editor, Dark Reading, 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
New Office 365 Phishing Scam Leaves A Voicemail
Dark Reading Staff, Quick Hits
A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials.
By Dark Reading Staff , 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
As Phishing Kits Evolve, Their Lifespans Shorten
Kelly Sheridan, Staff Editor, Dark ReadingNews
Most phishing kits last less than 20 days, a sign defenders are keeping up in the race against cybercrime.
By Kelly Sheridan Staff Editor, Dark Reading, 10/30/2019
Comment0 comments  |  Read  |  Post a Comment
Security Pros Fear Insider Attacks Stem from Cloud Apps
Dark Reading Staff, Quick Hits
More than half of security practitioners surveyed say insider attack detection has grown more difficult since migrating to cloud.
By Dark Reading Staff , 10/30/2019
Comment0 comments  |  Read  |  Post a Comment
Old RAT, New Moves: Adwind Hides in Java Commands to Target Windows
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Adwind remote access Trojan conceals malicious activity in Java commands to slip past threat intelligence tools and steal user data.
By Kelly Sheridan Staff Editor, Dark Reading, 10/29/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Adds New Security Management Tools to G Suite
Dark Reading Staff, Quick Hits
Desktop devices that log into G Suite will have device management enabled by default, streamlining processes for IT admins.
By Dark Reading Staff , 10/29/2019
Comment0 comments  |  Read  |  Post a Comment
Pwn2Own Adds Industrial Control Systems to Hacking Contest
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Zero Day Initiative will bring its first ICS Pwn2Own competition to the S4x20 conference in January.
By Kelly Sheridan Staff Editor, Dark Reading, 10/28/2019
Comment0 comments  |  Read  |  Post a Comment
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Eddie Habibi & Jason Haward-Grau, Founder & CEO and Chief Information Security Officer at PASCommentary
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
By Eddie Habibi & Jason Haward-Grau Founder & CEO and Chief Information Security Officer at PAS, 10/28/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office Bug Remains Top Malware Delivery Vector
Kelly Sheridan, Staff Editor, Dark ReadingNews
CVE-2017-11882 has been attackers' favorite malware delivery mechanism throughout the second and third quarters of 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 10/25/2019
Comment1 Comment  |  Read  |  Post a Comment
Second Ransomware Attack Strikes Johannesburg
Dark Reading Staff, Quick Hits
Attackers who broke into the city's network demand four Bitcoins in ransom or threaten to share stolen personal and financial data.
By Dark Reading Staff , 10/25/2019
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.