Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
2019 Attacker Playbook
Name That Toon: I Spy
6 CISO Resolutions for 2019
7 Common Breach Disclosure Mistakes
News & Commentary
US Petroleum Employee Charged with Stealing Trade Secrets for Chinese Firm
Dark Reading Staff, Quick Hits
Longtime US resident allegedly stole information for petroleum firm in China that had offered him a position.
By Dark Reading Staff , 12/28/2018
Comment1 Comment  |  Read  |  Post a Comment
Start Preparing Now for the Post-Quantum Future
Tim Hollobeek, Industry and Standards Technical Strategist at DigiCertCommentary
Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.
By Tim Hollobeek Industry and Standards Technical Strategist at DigiCert, 12/28/2018
Comment2 comments  |  Read  |  Post a Comment
The Coolest Hacks of 2018
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
In-flight airplanes, social engineers, and robotic vacuums were among the targets of resourceful white-hat hackers this year.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/28/2018
Comment1 Comment  |  Read  |  Post a Comment
IoT Bug Grants Access to Home Video Surveillance
Dark Reading Staff, Quick Hits
Due to a shared Amazon S3 credential, all users of a certain model of the Guardzilla All-In-One Video Security System can view each other's videos.
By Dark Reading Staff , 12/27/2018
Comment1 Comment  |  Read  |  Post a Comment
Toxic Data: How 'Deepfakes' Threaten Cybersecurity
Dirk Kanngiesser, Co-founder & CEO, CryptowerkCommentary
The joining of 'deep learning' and 'fake news' makes it possible to create audio and video of real people saying words they never spoke or things they never did.
By Dirk Kanngiesser Co-founder & CEO, Cryptowerk, 12/27/2018
Comment0 comments  |  Read  |  Post a Comment
2018: The Year Machine Intelligence Arrived in Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Machine intelligence, in its many forms, began having a significant impact on cybersecurity this year � setting the stage for growing intelligence in security automation for 2019.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/27/2018
Comment8 comments  |  Read  |  Post a Comment
Attackers Use Google Cloud to Target US, UK Banks
Dark Reading Staff, Quick Hits
Employees at financial services firms hit with an email attack campaign abusing a Google Cloud storage service.
By Dark Reading Staff , 12/26/2018
Comment0 comments  |  Read  |  Post a Comment
Spending Spree: What's on Security Investors' Minds for 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 12/26/2018
Comment0 comments  |  Read  |  Post a Comment
3 Steps for Cybersecurity Leaders to Bridge the Gender Equality Gap
Renee Tarun, Vice President of Information Security at Fortinet Inc.Commentary
By encouraging female participation through education and retaining this interest through an inclusive culture and visible role models, we can begin to close the skill and gender gap in cybersecurity.
By Renee Tarun Vice President of Information Security at Fortinet Inc., 12/26/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways to Anger Attackers on Your Network
Kelly Sheridan, Staff Editor, Dark Reading
Because you can't hack back without breaking the law, these tactics will frustrate, deceive, and annoy intruders instead.
By Kelly Sheridan Staff Editor, Dark Reading, 12/26/2018
Comment8 comments  |  Read  |  Post a Comment
7 Business Metrics Security Pros Need to Know
Curtis Franklin Jr., Senior Editor at Dark Reading
These days, security has to speak the language of business. These KPIs will get you started.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/21/2018
Comment2 comments  |  Read  |  Post a Comment
Unpatched Kernel-Level Vuln in IBM Security Tool for Apple MacOS Revealed
Dark Reading Staff, Quick Hits
Researchers disclose signedness bug in driver used by IBM Trusteer Rapport endpoint security tool after IBM fails to deliver timely patch.
By Dark Reading Staff , 12/21/2018
Comment0 comments  |  Read  |  Post a Comment
Amazon Slip-Up Shows How Much Alexa Really Knows
Dark Reading Staff, Quick Hits
Amazon mistakenly sent one user's Alexa recordings to a stranger but neglected to disclose the error.
By Dark Reading Staff , 12/21/2018
Comment0 comments  |  Read  |  Post a Comment
I Spy: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
No shortage of political humor and inside security jokes in this batch of cartoon caption contenders. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 12/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Criminals Move Markets to Remain in the Shadows
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
While malware families and targets continue to evolve, the most important shift might be happening in the background.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/21/2018
Comment0 comments  |  Read  |  Post a Comment
APT10 Indictments Show Expansion of MSP Targeting, Cloud Hopper Campaign
Jai Vijayan, Freelance writerNews
US brings more indictments against the APT10 cyber espionage group operating in China for its Operation Cloud Hopper campaign against managed service providers, but what will those indictments accomplish?
By Jai Vijayan Freelance writer, 12/21/2018
Comment0 comments  |  Read  |  Post a Comment
3 Reasons to Train Security Pros to Code
Ericka Chickowski, Contributing Writer, Dark ReadingNews
United Health chief security strategist explains the benefits the organization reaped when it made basic coding training a requirement for security staff.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/20/2018
Comment8 comments  |  Read  |  Post a Comment
Security 101: How Businesses and Schools Bridge the Talent Gap
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.
By Kelly Sheridan Staff Editor, Dark Reading, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
Attackers Use Scripting Flaw in Internet Explorer, Forcing Microsoft Patch
Robert Lemos, Technology Journalist/Data ResearcherNews
Microsoft issues an emergency update to its IE browser after researchers notified the company that a scripting engine flaw is being used to compromised systems.
By Robert Lemos Technology Journalist/Data Researcher, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
How to Optimize Security Spending While Reducing Risk
Bryan Sartin, Executive Director, Global Security Services, at VerizonCommentary
Risk scoring is a way of getting everyone on the same page with a consistent, reliable method of gathering and analyzing security data.
By Bryan Sartin Executive Director, Global Security Services, at Verizon, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Criminal Charges Filed in Los Angeles and Alaska in Conjunction with Seizures Of 15 Websites Offering DDoS-For-Hire Services
Harris Poll Reveals American Attitudes Towards Cybersecurity and Privacy
Don Cardinal Named Head of Financial Data Exchange
Avanan Raises $25 Million
CrowdStrike Part of MITRE ATT&CK Product Evaluation
Vodafone Announces 2019 Global Trends Report, Enterprise Brand Refresh
Trend Micro Research Uncovers Major Flaws in Leading IoT Protocols 12/4/18 7:00 am CST
Application Security for AWS Lambda Customers
More Products & Releases
PR Newswire
6 Ways to Anger Attackers on Your Network
Kelly Sheridan, Staff Editor, Dark Reading,  12/26/2018
2018: The Year Machine Intelligence Arrived in Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/27/2018
Start Preparing Now for the Post-Quantum Future
Tim Hollobeek, Industry and Standards Technical Strategist at DigiCert,  12/28/2018
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6331
PUBLISHED: 2018-12-31
Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.
CVE-2018-6333
PUBLISHED: 2018-12-31
The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue ...
CVE-2018-6337
PUBLISHED: 2018-12-31
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.
CVE-2018-6340
PUBLISHED: 2018-12-31
The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below).
CVE-2018-6341
PUBLISHED: 2018-12-31
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed...
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Flash Poll
Video
Slideshows
Twitter Feed