Network Computing Dark Reading

Advertise

Analytics //

Security Monitoring

News & Commentary

Russia Regularly Spoofs Regional GPS

Robert Lemos, Technology Journalist/Data Researcher

News

The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.

By Robert Lemos Technology Journalist/Data Researcher, 3/26/2019

6 comments | Read | Post a Comment

Latest Comment: REISEN1955, Spot on - and it was a $0.75 accounting error. The story of his research...

Dragos Buys ICS Firm with US Dept. of Energy Roots

Quick Hits

NexDefense ICS security tool will be offered for free by Dragos.

By Dark Reading Staff , 3/18/2019

0 comments | Read | Post a Comment

4 Reasons to Take an 'Inside Out' View of Security

Earl D. Matthews, Senior Vice President and Chief Strategy Officer at Verodin

Commentary

When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.

By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019

0 comments | Read | Post a Comment

Startup Armor Scientific Launches Multifactor Identity System

News

Company aims to replace usernames and passwords by combining GPS location, biometrics, and keys issued through a blockchain-based network.

By Robert Lemos Technology Journalist/Data Researcher, 3/4/2019

0 comments | Read | Post a Comment

Here's What Happened When a SOC Embraced Automation

Heather Hixon, Senior Solutions Architect, DFLabs

Commentary

Despite initial apprehension, security engineers and analysts immediately began to notice a variety of benefits.

By Heather Hixon Senior Solutions Architect, DFLabs, 3/4/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, A number of them were on the unemployment line.

Human Negligence to Blame for the Majority of Insider Threats

News

In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web – a 20% jump from 2018.

By Steve Zurier Freelance Writer, 2/21/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, This should come as a surprise to nobody. 'Gee, that email looked real...

The Evolution of SIEM

Chetan Mundhada, Vice President of Sales at NETMONASTERY

Commentary

Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.

By Chetan Mundhada Vice President of Sales at NETMONASTERY, 1/23/2019

0 comments | Read | Post a Comment

How Well Is Your Organization Investing Its Cybersecurity Dollars?

Commentary

The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.

By Jack Jones Chairman, FAIR Institute, 12/11/2018

3 comments | Read | Post a Comment

Latest Comment: StephenGiderson, I think you will only know if you've invested your cyber security money properly...

Cyber Crooks Diversify Business with Multi-Intent Malware

Commentary

The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.

By Avi Chesla CEO and Founder, empow, 11/15/2018

2 comments | Read | Post a Comment

Latest Comment: sharmapriya, I really like your work...

Energy Sector's IT Networks in the Bulls-Eye

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Attackers are actively infiltrating energy organizations and utilities for reconnaissance purposes.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/5/2018

0 comments | Read | Post a Comment

7 Non-Computer Hacks That Should Never Happen

From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.

By Steve Zurier Freelance Writer, 11/5/2018

3 comments | Read | Post a Comment

Latest Comment: Big Ralfie, Worse yet, when I try to print the article, no matter which page I try to print,...

Security Researchers Struggle with Bot Management Programs

Kaan Onarlioglu, Security Architect, Akamai

Commentary

Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.

By Kaan Onarlioglu Security Architect, Akamai, 10/10/2018

0 comments | Read | Post a Comment

Turn the NIST Cybersecurity Framework into Reality: 5 Steps

Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems

Commentary

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018

6 comments | Read | Post a Comment

Latest Comment: ElizaPt, Your way of telling the whole thing in this post is genuinely fastidious, all...

The Top 5 Security Threats & Mitigations for Industrial Networks

Commentary

While vastly different than their IT counterparts, operational technology environments share common risks and best practices.

By Barak Perelman CEO, Indegy, 9/18/2018

0 comments | Read | Post a Comment

The Economics of AI-Enabled Security

Commentary Video

While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Filtering the Threat Intelligence Tsunami

Commentary Video

Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Ensuring Web Applications Are Hardened, Secure

Commentary Video

Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Improving the Adoption of Security Automation

Dan Koloski, Vice President, Oracle's Systems Management and Security products group

Commentary

Four barriers to automation and how to overcome them.

By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018

1 Comment | Read | Post a Comment

Latest Comment: nathanluise92, You mention only 4 barriers, but what if it is more than 4? Also it depends...

Panorays Debuts With $5 Million Investment

Quick Hits

Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.

By Dark Reading Staff , 6/5/2018

1 Comment | Read | Post a Comment

Latest Comment: [email protected], Graet team, smart solution that provides a smart, non-intrussive risk-scoring...

I, for One, Welcome Our Robotic Security Overlords

Commentary

Automation will come in more subtle ways than C-3PO — and it's transforming cybersecurity.

By Danelle Au VP Strategy, SafeBreach, 6/5/2018

1 Comment | Read | Post a Comment

Latest Comment: Babette, Good post.Thank you for sharing it.It is informative and very useful too

More Stories

Current Conversations

Posted by REISEN1955

Spot on - and it was a $0.75 accounting error. The story of his research and search for the hacker, who turned out in Germany, is a great read but also a security fable of epic size.

In reply to: Re: One more thing to fix in an automated world
Post Your Own Reply

Posted by timwessels

Yes, Clifford Stoll is an astronomer who was working as a systems administrator at Lawrence Berkeley National Laboratory (LBNL) when he noticed a small accounting error on someone's computer account. This intrusion into...

In reply to: Re: One more thing to fix in an automated world
Post Your Own Reply

Posted by REISEN1955

If I remember correctly, the Internet grew out of HTML coding applied to the Darpanet - a connection service between military systems (mainframes) in bases to guard against nuclear attack. Now in the book THE CUCKOOs...

In reply to: Re: One more thing to fix in an automated world
Post Your Own Reply

Posted by timwessels

Well, GPS is now a potential target for shipping, airplanes, and probably driverless cars. The Russians appear to be using it to defend military installations from attack or field testing it for an attack against the west....

In reply to: One more thing to fix in an automated world
Post Your Own Reply

Posted by REISEN1955

In reply to: Re: Lead us not into temptation
Post Your Own Reply

Posted by BrianN060

Thank you Robert, for the fine article. Had not heard several of the GPS spoofing examples you site. As with so many things, we have been persuaded to trust automated systems to our peril. Part of the danger...

In reply to: Lead us not into temptation
Post Your Own Reply

Posted by Luna Tsee

The analogy may not be perfect but it does make a valid point. Largely the issue of security is not one of blame, though there is some. The point is simply the people responsible for security are patching holes in a bad...

In reply to: Who is at fault?
Post Your Own Reply

Posted by REISEN1955

A number of them were on the unemployment line.

In reply to: And in 2 weeks
Post Your Own Reply

Posted by Luna Tsee

In reply to: Who is at fault?
Post Your Own Reply

Posted by REISEN1955

This should come as a surprise to nobody. 'Gee, that email looked real enough?" And that invoice looked nice. Maybe I did get a refund. Users are always the weak link. The weight of infections...

In reply to: No shit Sherlock?
Post Your Own Reply

Posted by aborsi

thansk your posting obat klg

In reply to: Re: Data science
Post Your Own Reply

Posted by sharmapriya

I really like your work...

In reply to: Very Nice
Post Your Own Reply

More Conversations

Products & Releases

Eurofins Digital Testing Launches Cyber Security Division

Arctic Wolf Lands $45 Million in New Funding to Accelerate Company Growth

Endace Launches Petabyte Network Recording Appliance

Belden and Claroty Announce Strategic Partnership

Industrial Cybersecurity Leader Nozomi Networks Raises $30 Million

Corelight Secures $25 Million in Series B Funding Led by General Catalyst

Semmle Launches Globally with $21 Million Series B Investment Led by Accel Partners

A10 Adds Real-Time Security Analytics to A10 Harmony Controller

More Products & Releases

Hot Topics

Editors' Choice

Russia Hacked Clinton's Computers Five Hours After Trump's Call

Robert Lemos, Technology Journalist/Data Researcher, 4/19/2019

Tips for the Aftermath of a Cyberattack

Kelly Sheridan, Staff Editor, Dark Reading, 4/17/2019

Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent

Dark Reading Staff 4/18/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

White Papers

Security in the New World of Containers & Serverless

6 Keys to Faster Phishing Mitigation

Threat Intelligence Report 2018

Defending Against Zero-Hour Social Engineering Threats

Brochure: Ribbon Discover

More White Papers

Cartoon

Latest Comment: Bill just doesn't realize it's more than a 2 dimensional world.

Cartoon Archive

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of Cyber Security Incident Response

Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.

Download Now!

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-11378
PUBLISHED: 2019-04-20

An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.

CVE-2019-11372
PUBLISHED: 2019-04-20

An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.

CVE-2019-11373
PUBLISHED: 2019-04-20

An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.

CVE-2019-11374
PUBLISHED: 2019-04-20

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.

CVE-2019-11375
PUBLISHED: 2019-04-20

Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.

Terms of Service
Privacy Statement
Legal Entities