Analytics

News & Commentary
6 Ways Mature DevOps Teams Are Killing It in Security
Ericka Chickowski, Contributing Writer, Dark Reading
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
New Europol Protocol Addresses Cross-Border Cyberattacks
Dark Reading Staff, Quick Hits
The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.
By Dark Reading Staff , 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
Dragos Buys ICS Firm with US Dept. of Energy Roots
Dark Reading Staff, Quick Hits
NexDefense ICS security tool will be offered for free by Dragos.
By Dark Reading Staff , 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
4 Reasons to Take an 'Inside Out' View of Security
Earl D. Matthews, Senior Vice President and Chief Strategy Officer at VerodinCommentary
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Think Small to Earn Big
Dark Reading Staff, Quick Hits
As the number of breaches increased 424% in 2018, the average breach size shrunk 4.7 times as attackers aimed for smaller, more vulnerable targets.
By Dark Reading Staff , 3/12/2019
Comment1 Comment  |  Read  |  Post a Comment
How China & Russia Use Social Media to Sway the West
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers break down the differences in how China and Russia use social media to manipulate American audiences.
By Kelly Sheridan Staff Editor, Dark Reading, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
Care and Feeding of Your SIEM
Shane MacDougall, Senior Security Engineer at Mosaic451Commentary
Six simple steps to mitigate the grunt work and keep your organization safe.
By Shane MacDougall Senior Security Engineer at Mosaic451, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Incident Response: Having a Plan Isn't Enough
Kelly Sheridan, Staff Editor, Dark ReadingNews
Data shows organizations neglect to review and update breach response plans as employees and processes change, putting data at risk.
By Kelly Sheridan Staff Editor, Dark Reading, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Chronicle Releases Chapter One: Backstory
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Google spin-off Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/4/2019
Comment0 comments  |  Read  |  Post a Comment
Fixing Fragmentation Can Yield Tangible Benefits
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Consolidating technology and breaking down functional silos can bring solid financial results, a new study finds.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/4/2019
Comment0 comments  |  Read  |  Post a Comment
Here's What Happened When a SOC Embraced Automation
Heather Hixon,  Senior Solutions Architect, DFLabsCommentary
Despite initial apprehension, security engineers and analysts immediately began to notice a variety of benefits.
By Heather Hixon Senior Solutions Architect, DFLabs, 3/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service
Kelly Sheridan, Staff Editor, Dark ReadingNews
New services, which are both available in preview, arrive at a time when two major trends are converging on security.
By Kelly Sheridan Staff Editor, Dark Reading, 2/28/2019
Comment0 comments  |  Read  |  Post a Comment
Bots Plague Ticketing Industry
Steve Zurier, Freelance WriterNews
Bots now account for 39.9% of all ticketing traffic, mostly originating in North America.
By Steve Zurier Freelance Writer, 2/28/2019
Comment3 comments  |  Read  |  Post a Comment
Intel Focuses on Data Center, Firmware Security Ahead of RSAC
Kelly Sheridan, Staff Editor, Dark ReadingNews
The new Intel SGX Card is intended to extend application memory security using Intel SGX in existing data center infrastructure.
By Kelly Sheridan Staff Editor, Dark Reading, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
Security Firm to Offer Free Hacking Toolkit
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
CQTools suite includes both exploit kits and information-extraction functions, its developers say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
Your Employees Want to Learn. How Should You Teach Them?
Kelly Sheridan, Staff Editor, Dark Reading
Security practitioners are most likely to stay at organizations that offer career development. Here are eight tips to consider as you plan your course of action.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2019
Comment0 comments  |  Read  |  Post a Comment
Human Negligence to Blame for the Majority of Insider Threats
Steve Zurier, Freelance WriterNews
In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web a 20% jump from 2018.
By Steve Zurier Freelance Writer, 2/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Analysts Are Only Human
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 2/21/2019
Comment15 comments  |  Read  |  Post a Comment
'Formjacking' Compromises 4,800 Sites Per Month. Could Yours Be One?
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals see formjacking as a simple opportunity to take advantage of online retailers and all they need is a small piece of JavaScript.
By Kelly Sheridan Staff Editor, Dark Reading, 2/20/2019
Comment0 comments  |  Read  |  Post a Comment
Google Research: No Simple Fix For Spectre-Class Vulnerabilities
Robert Lemos, Technology Journalist/Data ResearcherNews
Chip makers focus on performance has left microprocessors open to numerous side-channel attacks that cannot be fixed by software updates - only by hard choices.
By Robert Lemos , 2/19/2019
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Belicose
Current Conversations Yahoo no rayne
In reply to: Re: Spring Fever
Post Your Own Reply
More Conversations
PR Newswire
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
New Mirai Version Targets Business IoT Devices
Dark Reading Staff 3/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Reading Schneier's Friday Squid Blog again?
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.