Operations

News & Commentary
Security Lessons from My Game Closet
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 3/22/2019
Comment0 comments  |  Read  |  Post a Comment
The Insider Threat: It's More Common Than You Think
Raj Ananthanpillai, Chairman & CEO, EnderaCommentary
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
TLS 1.3: A Good News/Bad News Scenario
Paula Musich, Research Director, Enterprise Management AssociatesCommentary
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
Norsk Hydro Shuts Plants Amid Ransomware Attack
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Technology Journalist/Data ResearcherNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Autism, Cybercrime, and Security's Skill Struggle
Kelly Sheridan, Staff Editor, Dark ReadingNews
People on the autism spectrum often possess traits that could help them succeed in cybersecurity providing they don't fall into cybercrime first.
By Kelly Sheridan Staff Editor, Dark Reading, 3/13/2019
Comment0 comments  |  Read  |  Post a Comment
The 12 Worst Serverless Security Risks
Ory Segal, CTO, PureSecCommentary
A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts.
By Ory Segal CTO, PureSec, 3/12/2019
Comment0 comments  |  Read  |  Post a Comment
NSA, DHS Call for Info Sharing Across Public and Private Sectors
Kelly Sheridan, Staff Editor, Dark ReadingNews
Industry leaders debate how government and businesses can work together on key cybersecurity issues.
By Kelly Sheridan Staff Editor, Dark Reading, 3/11/2019
Comment0 comments  |  Read  |  Post a Comment
Shifting Attacks Put Increasing ID Fraud Burden on Consumers
Robert Lemos, Technology Journalist/Data ResearcherNews
Card-present fraud is down, but attackers continue to find new strategies, and consumers are paying the price.
By Robert Lemos , 3/8/2019
Comment0 comments  |  Read  |  Post a Comment
Twitter, Facebook, NSA Discuss Fight Against Misinformation
Sara Peters, Senior Editor at Dark ReadingNews
RSA panelists address the delicate technical challenges of combating information warfare online without causing First Amendment freedoms to take collateral damage.
By Sara Peters Senior Editor at Dark Reading, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
Debunking 5 Myths About Zero Trust Security
Torsten George, Cybersecurity Evangelist at CentrifyCommentary
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
By Torsten George Cybersecurity Evangelist at Centrify, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
4 Ways At-Work Apps Are Vulnerable to Attack
Yoram Salinger, CEO of Perception PointCommentary
Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.
By Yoram Salinger CEO of Perception Point, 3/7/2019
Comment3 comments  |  Read  |  Post a Comment
Fighting Alert Fatigue with Actionable Intelligence
Curtis Brazzell, Managing Security Consultant, PonduranceCommentary
By fine-tuning security system algorithms, analysts can make alerts intelligent and useful, not merely generators of noise.
By Curtis Brazzell Managing Security Consultant, Pondurance, 3/6/2019
Comment0 comments  |  Read  |  Post a Comment
Lazarus Research Highlights Threat from North Korea
Robert Lemos, Technology Journalist/Data ResearcherNews
A widespread attack against companies and government agencies have been linked to the North Korean Lazarus group, underscoring that the countries hackers are becoming more brazen.
By Robert Lemos Technology Journalist/Data Researcher, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Fixing Fragmentation Can Yield Tangible Benefits
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Consolidating technology and breaking down functional silos can bring solid financial results, a new study finds.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/4/2019
Comment0 comments  |  Read  |  Post a Comment
Startup Armor Scientific Launches Multifactor Identity System
Robert Lemos, Technology Journalist/Data ResearcherNews
Company aims to replace usernames and passwords by combining GPS location, biometrics, and keys issued through a blockchain-based network.
By Robert Lemos Technology Journalist/Data Researcher, 3/4/2019
Comment0 comments  |  Read  |  Post a Comment
Here's What Happened When a SOC Embraced Automation
Heather Hixon,  Senior Solutions Architect, DFLabsCommentary
Despite initial apprehension, security engineers and analysts immediately began to notice a variety of benefits.
By Heather Hixon Senior Solutions Architect, DFLabs, 3/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Solving Security: Repetition or Redundancy?
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 2/28/2019
Comment1 Comment  |  Read  |  Post a Comment
In 2019, Cryptomining Just Might Have an Even Better Year
Alex Artamonov, System Engineer & Cybersecurity Specialist, Infinitely VirtualCommentary
The practice today is so pervasive that cryptojacking scripts are said to be running on an estimated 3% of all sites that users visit.
By Alex Artamonov System Engineer & Cybersecurity Specialist, Infinitely Virtual, 2/28/2019
Comment0 comments  |  Read  |  Post a Comment
Embracing DevSecOps: 5 Processes to Improve DevOps Security
Sam Bocetta, Security AnalystCommentary
In the cyber threat climate of the 21st century, sticking with DevOps is no longer an option.
By Sam Bocetta Security Analyst, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-10743
PUBLISHED: 2019-03-23
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
CVE-2019-9947
PUBLISHED: 2019-03-23
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) follo...
CVE-2019-9948
PUBLISHED: 2019-03-23
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
CVE-2019-9945
PUBLISHED: 2019-03-23
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user...
CVE-2019-9942
PUBLISHED: 2019-03-23
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.