Analytics

News & Commentary
Inside Incident Response: 6 Key Tips to Keep in Mind
Kelly Sheridan, Staff Editor, Dark Reading
Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.
By Kelly Sheridan Staff Editor, Dark Reading, 3/22/2019
Comment0 comments  |  Read  |  Post a Comment
Security Lessons from My Game Closet
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 3/22/2019
Comment0 comments  |  Read  |  Post a Comment
FIN7 Cybercrime Gang Rises Again
Robert Lemos, Technology Journalist/Data ResearcherNews
The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.
By Robert Lemos Technology Journalist/Data Researcher, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Businesses Manage 9.7PB of Data but Struggle to Protect It
Kelly Sheridan, Staff Editor, Dark ReadingNews
What's more, their attempts to secure it may be putting information at risk, a new report finds.
By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Brings Defender Security Tools to Mac
Kelly Sheridan, Staff Editor, Dark ReadingNews
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
6 Ways Mature DevOps Teams Are Killing It in Security
Ericka Chickowski, Contributing Writer, Dark Reading
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
New Europol Protocol Addresses Cross-Border Cyberattacks
Dark Reading Staff, Quick Hits
The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.
By Dark Reading Staff , 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
Dragos Buys ICS Firm with US Dept. of Energy Roots
Dark Reading Staff, Quick Hits
NexDefense ICS security tool will be offered for free by Dragos.
By Dark Reading Staff , 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
4 Reasons to Take an 'Inside Out' View of Security
Earl D. Matthews, Senior Vice President and Chief Strategy Officer at VerodinCommentary
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Think Small to Earn Big
Dark Reading Staff, Quick Hits
As the number of breaches increased 424% in 2018, the average breach size shrunk 4.7 times as attackers aimed for smaller, more vulnerable targets.
By Dark Reading Staff , 3/12/2019
Comment1 Comment  |  Read  |  Post a Comment
How China & Russia Use Social Media to Sway the West
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers break down the differences in how China and Russia use social media to manipulate American audiences.
By Kelly Sheridan Staff Editor, Dark Reading, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
Care and Feeding of Your SIEM
Shane MacDougall, Senior Security Engineer at Mosaic451Commentary
Six simple steps to mitigate the grunt work and keep your organization safe.
By Shane MacDougall Senior Security Engineer at Mosaic451, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Incident Response: Having a Plan Isn't Enough
Kelly Sheridan, Staff Editor, Dark ReadingNews
Data shows organizations neglect to review and update breach response plans as employees and processes change, putting data at risk.
By Kelly Sheridan Staff Editor, Dark Reading, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Chronicle Releases Chapter One: Backstory
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Google spin-off Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/4/2019
Comment0 comments  |  Read  |  Post a Comment
Fixing Fragmentation Can Yield Tangible Benefits
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Consolidating technology and breaking down functional silos can bring solid financial results, a new study finds.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/4/2019
Comment0 comments  |  Read  |  Post a Comment
Here's What Happened When a SOC Embraced Automation
Heather Hixon,  Senior Solutions Architect, DFLabsCommentary
Despite initial apprehension, security engineers and analysts immediately began to notice a variety of benefits.
By Heather Hixon Senior Solutions Architect, DFLabs, 3/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service
Kelly Sheridan, Staff Editor, Dark ReadingNews
New services, which are both available in preview, arrive at a time when two major trends are converging on security.
By Kelly Sheridan Staff Editor, Dark Reading, 2/28/2019
Comment0 comments  |  Read  |  Post a Comment
Bots Plague Ticketing Industry
Steve Zurier, Freelance WriterNews
Bots now account for 39.9% of all ticketing traffic, mostly originating in North America.
By Steve Zurier Freelance Writer, 2/28/2019
Comment3 comments  |  Read  |  Post a Comment
Intel Focuses on Data Center, Firmware Security Ahead of RSAC
Kelly Sheridan, Staff Editor, Dark ReadingNews
The new Intel SGX Card is intended to extend application memory security using Intel SGX in existing data center infrastructure.
By Kelly Sheridan Staff Editor, Dark Reading, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
Security Firm to Offer Free Hacking Toolkit
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
CQTools suite includes both exploit kits and information-extraction functions, its developers say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Belicose
Current Conversations Yahoo no rayne
In reply to: Re: Spring Fever
Post Your Own Reply
More Conversations
PR Newswire
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-10743
PUBLISHED: 2019-03-23
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
CVE-2019-9947
PUBLISHED: 2019-03-23
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) follo...
CVE-2019-9948
PUBLISHED: 2019-03-23
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
CVE-2019-9945
PUBLISHED: 2019-03-23
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user...
CVE-2019-9942
PUBLISHED: 2019-03-23
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.