Operations

News & Commentary
8 Tips for Monitoring Cloud Security
Kelly Sheridan, Staff Editor, Dark Reading
Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 1/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.
By Sara Peters Senior Editor at Dark Reading, 1/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Online Fraud: Now a Major Application Layer Security Problem
Ting-Fang Yen, Research Scientist, DataVisor, Inc.Commentary
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
By Ting-Fang Yen Research Scientist, DataVisor, Inc., 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
US Judge: Police Can't Force Biometric Authentication
Dark Reading Staff, Quick Hits
Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.
By Dark Reading Staff , 1/15/2019
Comment3 comments  |  Read  |  Post a Comment
Former IBM Security Execs Launch Cloud Data Security Startup
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sonrai Security, the brainchild of two execs from IBM Security and Q1 Labs, debuts with $18.5 million in Series A funding.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
By Eyal Benishti CEO & Founder of IRONSCALES, 1/14/2019
Comment1 Comment  |  Read  |  Post a Comment
Election Security Isn't as Bad as People Think
Suzanne Spaulding, Former DHS Under Secretary and Nozomi Networks AdviserCommentary
Make no mistake, however: We'll always have to be on guard. And we can take some lessons from the world of industrial cybersecurity.
By Suzanne Spaulding Former DHS Under Secretary and Nozomi Networks Adviser, 1/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Container Deployments Bring Security Woes at DevOps Speed
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
Cutting Through the Jargon of AI & ML: 5 Key Issues
John Omernik, Distinguished Technologist, MapRCommentary
Ask the tough questions before you invest in artificial intelligence and machine learning technology. The security of your enterprise depends on it.
By John Omernik Distinguished Technologist, MapR, 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
Humana Breaches Reflect Chronic Credential Theft in Healthcare
Kelly Sheridan, Staff Editor, Dark ReadingNews
A series of 2018 cybersecurity incidents shows credential stuffing is a trend to watch among healthcare organizations.
By Kelly Sheridan Staff Editor, Dark Reading, 1/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Matters When It Comes to Mergers & Acquisitions
Matt Rose, Global Director Application Security Strategy, at CheckmarxCommentary
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.
By Matt Rose Global Director Application Security Strategy, at Checkmarx, 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Stronger DNS Security Stymies Would-Be Criminals
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
2018 saw a reduced number of huge DNS-facilitated DDoS attacks. Vendors and service providers believe that malicious impact will drop with continued technology improvements.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/7/2019
Comment0 comments  |  Read  |  Post a Comment
Managing Security in Today's Compliance and Regulatory Environment
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 1/4/2019
Comment0 comments  |  Read  |  Post a Comment
Taming the Digital Wild West
Levi Gundert, Vice President of Intelligence and Risk, Recorded FutureCommentary
Congress must do more to encourage good Samaritan efforts in the cybersecurity community and make it easier for law enforcement to consistently collaborate with them.
By Levi Gundert Vice President of Intelligence and Risk, Recorded Future, 1/3/2019
Comment0 comments  |  Read  |  Post a Comment
25 Years Later: Looking Back at the First Great (Cyber) Bank Heist
Zia Hayat, CEO, CallsignCommentary
The Citibank hack in 1994 marked a turning point for banking -- and cybercrime -- as we know it. What can we learn from looking back at the past 25 years?
By Zia Hayat CEO, Callsign, 1/2/2019
Comment1 Comment  |  Read  |  Post a Comment
Start Preparing Now for the Post-Quantum Future
Tim Hollebeek, Industry and Standards Technical Strategist at DigiCertCommentary
Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.
By Tim Hollebeek Industry and Standards Technical Strategist at DigiCert, 12/28/2018
Comment3 comments  |  Read  |  Post a Comment
Spending Spree: What's on Security Investors' Minds for 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 12/26/2018
Comment2 comments  |  Read  |  Post a Comment
6 Ways to Anger Attackers on Your Network
Kelly Sheridan, Staff Editor, Dark Reading
Because you can't hack back without breaking the law, these tactics will frustrate, deceive, and annoy intruders instead.
By Kelly Sheridan Staff Editor, Dark Reading, 12/26/2018
Comment11 comments  |  Read  |  Post a Comment
3 Reasons to Train Security Pros to Code
Ericka Chickowski, Contributing Writer, Dark ReadingNews
United Health chief security strategist explains the benefits the organization reaped when it made basic coding training a requirement for security staff.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/20/2018
Comment8 comments  |  Read  |  Post a Comment
Security 101: How Businesses and Schools Bridge the Talent Gap
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.
By Kelly Sheridan Staff Editor, Dark Reading, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He just showed up at my doorstep one day without a geotag."
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.