News & Commentary

Latest Content tagged with Operations
Page 1 / 2   >   >>
8 Tips for Monitoring Cloud Security
Slideshows  |  1/18/2019  | 
Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation
Quick Hits  |  1/17/2019  | 
Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.
Online Fraud: Now a Major Application Layer Security Problem
Commentary  |  1/15/2019  | 
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
US Judge: Police Can't Force Biometric Authentication
Quick Hits  |  1/15/2019  | 
Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.
Former IBM Security Execs Launch Cloud Data Security Startup
News  |  1/15/2019  | 
Sonrai Security, the brainchild of two execs from IBM Security and Q1 Labs, debuts with $18.5 million in Series A funding.
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Commentary  |  1/14/2019  | 
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
Election Security Isn't as Bad as People Think
Commentary  |  1/10/2019  | 
Make no mistake, however: We'll always have to be on guard. And we can take some lessons from the world of industrial cybersecurity.
Container Deployments Bring Security Woes at DevOps Speed
News  |  1/9/2019  | 
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.
Cutting Through the Jargon of AI & ML: 5 Key Issues
Commentary  |  1/9/2019  | 
Ask the tough questions before you invest in artificial intelligence and machine learning technology. The security of your enterprise depends on it.
Humana Breaches Reflect Chronic Credential Theft in Healthcare
News  |  1/8/2019  | 
A series of 2018 cybersecurity incidents shows credential stuffing is a trend to watch among healthcare organizations.
Security Matters When It Comes to Mergers & Acquisitions
Commentary  |  1/8/2019  | 
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.
Stronger DNS Security Stymies Would-Be Criminals
News  |  1/7/2019  | 
2018 saw a reduced number of huge DNS-facilitated DDoS attacks. Vendors and service providers believe that malicious impact will drop with continued technology improvements.
Managing Security in Today's Compliance and Regulatory Environment
Commentary  |  1/4/2019  | 
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
Taming the Digital Wild West
Commentary  |  1/3/2019  | 
Congress must do more to encourage good Samaritan efforts in the cybersecurity community and make it easier for law enforcement to consistently collaborate with them.
25 Years Later: Looking Back at the First Great (Cyber) Bank Heist
Commentary  |  1/2/2019  | 
The Citibank hack in 1994 marked a turning point for banking -- and cybercrime -- as we know it. What can we learn from looking back at the past 25 years?
Start Preparing Now for the Post-Quantum Future
Commentary  |  12/28/2018  | 
Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.
Spending Spree: What's on Security Investors' Minds for 2019
News  |  12/26/2018  | 
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
6 Ways to Anger Attackers on Your Network
Slideshows  |  12/26/2018  | 
Because you can't hack back without breaking the law, these tactics will frustrate, deceive, and annoy intruders instead.
3 Reasons to Train Security Pros to Code
News  |  12/20/2018  | 
United Health chief security strategist explains the benefits the organization reaped when it made basic coding training a requirement for security staff.
Security 101: How Businesses and Schools Bridge the Talent Gap
News  |  12/20/2018  | 
Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.
Automating a DevOps-Friendly Security Policy
Commentary  |  12/20/2018  | 
There can be a clash of missions between security and IT Ops teams, but automation can help.
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
Commentary  |  12/19/2018  | 
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
Commentary  |  12/18/2018  | 
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
Shhhhh! The Secret to Secrets Management
Commentary  |  12/17/2018  | 
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
Who Are You, Really? A Peek at the Future of Identity
News  |  12/14/2018  | 
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
Retailers: Avoid the Hackable Holidaze
Commentary  |  12/14/2018  | 
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
Cybercrime Is World's Biggest Criminal Growth Industry
Quick Hits  |  12/13/2018  | 
The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Commentary  |  12/13/2018  | 
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
The Economics Fueling IoT (In)security
Commentary  |  12/13/2018  | 
Attackers understand the profits that lie in the current lack of security. That must change.
Worst Password Blunders of 2018 Hit Organizations East and West
News  |  12/12/2018  | 
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
Deception: Honey vs. Real Environments
Commentary  |  12/12/2018  | 
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
Arctic Wolf Buys RootSecure
Quick Hits  |  12/12/2018  | 
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.
Forget Shifting Security Left; It's Time to Race Left
Commentary  |  12/12/2018  | 
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
49% of Cloud Databases Left Unencrypted
News  |  12/11/2018  | 
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
The Grinch Bot Before Christmas: A Security Story for the Holidays
Commentary  |  12/11/2018  | 
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Commentary  |  12/11/2018  | 
The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.
Insider Threats & Insider Objections
Commentary  |  12/7/2018  | 
The tyranny of the urgent and three other reasons why its hard for CISOs to establish a robust insider threat prevention program.
Bringing Compliance into the SecDevOps Process
Commentary  |  12/6/2018  | 
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
4 Lessons Die Hard Teaches About Combating Cyber Villains
Commentary  |  12/6/2018  | 
With proper planning, modern approaches, and tools, we can all be heroes in the epic battle against the cyber threat.
55% of Companies Don't Offer Mandatory Security Awareness Training
Quick Hits  |  12/6/2018  | 
Even those that provide employee training do so sparingly, a new study finds.
Boosting SOC IQ Levels with Knowledge Transfer
Commentary  |  12/6/2018  | 
Despite shortages of skills and staff, these six best practices can improve analysts' performance in a security operations center.
Windows 10 Security Questions Prove Easy for Attackers to Exploit
News  |  12/5/2018  | 
New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.
The Case for a Human Security Officer
Commentary  |  12/5/2018  | 
Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.
6 Ways to Strengthen Your GDPR Compliance Efforts
Slideshows  |  12/5/2018  | 
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
Microsoft, Mastercard Aim to Change Identity Management
News  |  12/3/2018  | 
A new partnership wants to improve how people use and manage the virtual identities that govern their lives online.
Filling the Cybersecurity Jobs Gap Now and in the Future
Commentary  |  12/3/2018  | 
Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
Commentary  |  11/30/2018  | 
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
Dunkin' Donuts Serves Up Data Breach Alert
Quick Hits  |  11/29/2018  | 
Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.
The Return of Email Flooding
Commentary  |  11/29/2018  | 
An old attack technique is making its way back into the mainstream with an onslaught of messages that legacy tools and script writing can't easily detect.
The "Typical" Security Engineer: Hiring Myths & Stereotypes
Commentary  |  11/28/2018  | 
In an environment where talent is scarce, it's critical that hiring managers remove artificial barriers to those whose mental operating systems are different.
Page 1 / 2   >   >>


How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.