News & Commentary

Latest Content tagged with Operations
Page 1 / 2   >   >>
Messenger Apps Top Risk Hit Parade
Quick Hits  |  7/18/2018  | 
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
New Subscription Service Takes on Ransomware Protection
News  |  7/18/2018  | 
Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Commentary  |  7/17/2018  | 
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
10 Ways to Protect Protocols That Aren't DNS
Slideshows  |  7/16/2018  | 
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
Congressional Report Cites States Most Vulnerable to Election Hacking
Quick Hits  |  7/13/2018  | 
A new report details issues with 18 states along with suggestions on what can be done.
SOCs Use Automation to Compensate for Training, Technology Issues
News  |  7/13/2018  | 
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.
Lessons from My Strange Journey into InfoSec
Commentary  |  7/12/2018  | 
Establishing an entre into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.
Getting Safe, Smart & Secure on S3
Commentary  |  7/11/2018  | 
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
New Cyber Center Opens at Augusta University in Georgia
Quick Hits  |  7/11/2018  | 
University partners with state on $100 million Georgia Cyber Center for cybersecurity education and research.
Apple Releases Wave of Security Updates
News  |  7/11/2018  | 
Apple updates software for nearly every hardware platform, though one new feature almost steals the security show.
Bomgar Acquires Avecto
Quick Hits  |  7/10/2018  | 
Purchase adds layers to privileged access management system.
Businesses Struggle to Build 'Security-First' Culture
News  |  7/10/2018  | 
New Accenture study finds half of businesses provide cybersecurity training for new hires and only 40% of CISOs prioritize building or expanding insider threat programs.
7 Ways to Keep DNS Safe
Slideshows  |  7/10/2018  | 
A DNS attack can have an outsize impact on the targeted organization or organizations. Here's how to make hackers' lives much more difficult.
6 M&A Security Tips
Slideshows  |  7/9/2018  | 
Companies are realizing that the security posture of an acquired organization should be considered as part of their due diligence process.
Claranet Buys NotSoSecure
Quick Hits  |  7/9/2018  | 
Acquisition continues the MSP's push into security services.
Reactive or Proactive? Making the Case for New Kill Chains
Commentary  |  7/6/2018  | 
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
WEF: 217 More Years Until Women and Men Reach Economic Equality
News  |  7/5/2018  | 
Progress toward economic parity is in reverse for the first time since 2006, but cybersecurity can help change the game.
Bigger, Faster, Stronger: 2 Reports Detail the Evolving State of DDoS
News  |  7/3/2018  | 
DDoS attacks continue to plague the Internet, getting bigger and more dangerous. And now, the kids are involved.
Consumers Rank Security High in Payment Decisions
Quick Hits  |  7/3/2018  | 
Security is a top priority when it comes to making decisions on payment methods and technologies.
6 Drivers of Mental and Emotional Stress in Infosec
Slideshows  |  7/2/2018  | 
Pressure comes in many forms but often with the same end result: stress and burnout within the security community.
Botnets Evolving to Mobile Devices
News  |  6/28/2018  | 
Millions of mobile devices are now making requests in what's described as "an attack on the economy."
There's No Automating Your Way Out of Security Hiring Woes
News  |  6/28/2018  | 
Call it the paradox of cybersecurity automation: It makes your staff more productive but takes more quality experts to make it work.
Newly Revealed Exactis Data Leak Bigger Than Equifax's
Quick Hits  |  6/28/2018  | 
Marketing data firm left its massive database open to the Internet.
Redefining Security with Blockchain
Commentary  |  6/28/2018  | 
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
10 Tips for More Secure Mobile Devices
Slideshows  |  6/27/2018  | 
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
The 3 R's for Surviving the Security Skills Shortage
News  |  6/27/2018  | 
How to recruit, retrain, and retain with creativity and discipline.
Fairhair Alliance Building IoT Security Architecture
Quick Hits  |  6/26/2018  | 
A group of companies in the building automation and IoT space is working for a coherent security architecture that incorporates multiple standards.
Secure by Default Is Not What You Think
Commentary  |  6/26/2018  | 
The traditional view of secure by default which has largely been secure out of the box is too narrow. To broaden your view, consider these three parameters.
WPA3 Brings New Authentication and Encryption to Wi-Fi
News  |  6/26/2018  | 
The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks.
Secure Code: You Are the Solution to Open Sources Biggest Problem
Commentary  |  6/25/2018  | 
Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.
New Drupal Exploit Mines Monero for Attackers
Quick Hits  |  6/22/2018  | 
A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.
Cracking Cortana: The Dangers of Flawed Voice Assistants
News  |  6/22/2018  | 
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
White House Email Security Faux Pas?
Commentary  |  6/22/2018  | 
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
Artificial Intelligence & the Security Market
News  |  6/21/2018  | 
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
7 Places Where Privacy and Security Collide
Slideshows  |  6/21/2018  | 
Privacy and security can experience tension at a number of points in the enterprise. Here are seven plus some possibilities for easing the strain.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Commentary  |  6/21/2018  | 
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
AppSec in the World of 'Serverless'
Commentary  |  6/21/2018  | 
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
Inside a SamSam Ransomware Attack
Commentary  |  6/20/2018  | 
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
Intel VP Talks Data Security Focus Amid Rise of Blockchain, AI
News  |  6/20/2018  | 
Intel vice president Rick Echevarria discusses the challenges of balancing data security with new technologies like blockchain and artificial intelligence.
Alphabet Launches VirusTotal Monitor to Stop False Positives
Quick Hits  |  6/20/2018  | 
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
Improving the Adoption of Security Automation
Commentary  |  6/20/2018  | 
Four barriers to automation and how to overcome them.
The Best and Worst Tasks for Security Automation
Slideshows  |  6/20/2018  | 
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
Mylobot Malware Brings New Sophistication to Botnets
News  |  6/20/2018  | 
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
Tesla Employee Steals, Sabotages Company Data
News  |  6/19/2018  | 
The electric carmaker is the victim of an "extensive and damaging" insider attack, says CEO Elon Musk.
CrowdStrike Secures $200M Funding Round
Quick Hits  |  6/19/2018  | 
The new funding round brings the company's valuation to more than $3 billion.
Cisco CPO: Privacy Is Not About Secrecy or Compliance
News  |  6/19/2018  | 
Michelle Dennedy sat down with Dark Reading at the recent Cisco Live event to set the record straight about privacy, regulation, encryption, and more.
Security Analytics Startup Uptycs Raises $10M in Series A
Quick Hits  |  6/19/2018  | 
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
'Wallchart' Phishing Campaign Exploits World Cup Watchers
News  |  6/18/2018  | 
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
Mass. Man Pleads Guilty in ATM Jackpotting Operation
Quick Hits  |  6/18/2018  | 
Citizens Bank ATM and others targeted in the scheme.
F-Secure Buys MWR InfoSecurity
Quick Hits  |  6/18/2018  | 
Finnish endpoint security company buys British security service provider in cash deal.
Page 1 / 2   >   >>


White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESET,  7/12/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14339
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
CVE-2018-14340
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
CVE-2018-14341
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
CVE-2018-14342
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
CVE-2018-14343
PUBLISHED: 2018-07-19
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.