Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Tips to Improve Your Employees' Mobile Security
Keys to Hiring Cybersecurity Pros When Certification Can't Help
Cartoon: Cyber Hiring Challenges
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises are Attacking the Cybersecurity Problem
News & Commentary
Russia-Based Turla APT Group's Infrastructure, Activity Traceable
Jai Vijayan, Contributing WriterNews
Threat actor's practice of using known malware and tactics gives an opening for defenders, says Recorded Future.
By Jai Vijayan Contributing Writer, 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
New Report Shows Breach Costs Continuing to Grow
Dark Reading Staff, Quick Hits
The costs associated with data breaches climb alongside the amount of data managed by the enterprise according to the latest Global Protection Index Snapshot.
By Dark Reading Staff , 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
New Android Malware Strain Sneaks Cookies from Facebook
Kelly Sheridan, Staff Editor, Dark ReadingNews
Two malware modifications, when combined, can snatch cookies collected by browsers and social networking apps.
By Kelly Sheridan Staff Editor, Dark Reading, 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
CASB 101: Why a Cloud Access Security Broker Matters
Curtis Franklin Jr., Senior Editor at Dark Reading
A CASB isn't a WAF, isn't an NGF, and isn't an SWG. So what is it, precisely, and why do you need one to go along with all the other letters? Read on for the answer.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
Working from Home? These Tips Can Help You Adapt
Andy Ellis, Chief Security Officer, AkamaiCommentary
COVID-19 means many people are doing their jobs from outside the confines of the office. That may not be as easy as it sounds.
By Andy Ellis Chief Security Officer, Akamai, 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Leaked Remote Code Execution Flaw
Dark Reading Staff, Quick Hits
A vulnerability in Microsoft's Server Message Block protocol prompted concerns of wormable exploits when it was disclosed this week.
By Dark Reading Staff , 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
Back to the Future: A Threat Intelligence Journey
Michelle Alvarez, Manager, Threat Intelligence Production Team, IBM X-Force IRISCommentary
Threat intelligence needs the problem solvers, the curious ones, the mission seekers, the analytical minds, the defenders, and the fierce -- whatever their gender.
By Michelle Alvarez Manager, Threat Intelligence Production Team, IBM X-Force IRIS, 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Dark Reading Staff, Quick Hits
The federal commission outlined more than 60 recommendations to remedy major security problems.
By Dark Reading Staff , 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Increasingly Targeting Small Governments
Robert Lemos, Contributing WriterNews
To get back up and running quickly, and because it's cheaper, city and county governments often pay the ransom, especially if insurance companies are footing the bill. The result: More ransomware.
By Robert Lemos Contributing Writer, 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Discloses New Remote Execution Flaw in SMBv3
Jai Vijayan, Contributing WriterNews
A patch for the flaw is not yet available, but there are no known exploits -- so far.
By Jai Vijayan Contributing Writer, 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.
By Kelly Sheridan Staff Editor, Dark Reading, 3/11/2020
Comment1 Comment  |  Read  |  Post a Comment
I Want to Work in Industrial IoT Security. What Lingo Do I Need to Know?
Edge Editors, Dark Reading
Should you happen to be in a meeting with an ICS vendor, here are some terms you will need to know so as to not be laughed out of the room.
By Edge Editors Dark Reading, 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
How the Rise of IoT Is Changing the CISO Role
Phil Neray, VP of IoT & Industrial Cybersecurity at CyberXCommentary
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
By Phil Neray VP of IoT & Industrial Cybersecurity at CyberX, 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
Gender Equality in Cybersecurity Could Drive Economic Boost
Dark Reading Staff, Quick Hits
If the number of women in cybersecurity equaled the number of men, the US would see an economic gain up to $30.4 billion, research shows.
By Dark Reading Staff , 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
Blacklists Miss 21% of Phishing Attacks, Internet Traffic Reveals
Robert Lemos, Contributing WriterNews
Visibility into phishing attacks by content delivery networks and security firms shows many domains fail to be classified as malicious.
By Robert Lemos Contributing Writer, 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
Why CSP Isn't Enough to Stop Magecart-Like Attacks
Hadar Blutrich, CTO & Co-founder, Source DefenseCommentary
As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.
By Hadar Blutrich CTO & Co-founder, Source Defense, 3/11/2020
Comment1 Comment  |  Read  |  Post a Comment
Researchers Develop New Side-Channel Attacks on Intel CPUs
Jai Vijayan, Contributing WriterNews
Load Value Injection (LVI) takes advantage of speculative execution processes just like Meltdown and Spectre, say security researchers from Bitdefender and several universities.
By Jai Vijayan Contributing Writer, 3/10/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Over 100 Vulnerabilities
Dark Reading Staff, Quick Hits
Patch Tuesday features several remote code execution flaws in Microsoft Word.
By Dark Reading Staff , 3/10/2020
Comment0 comments  |  Read  |  Post a Comment
Bitsight and Microsoft Disrupt Necurs Botnet
Dark Reading Staff, Quick Hits
But roughly 2 million infected systems remain in the wild, and infected systems could be reactivated at any time.
By Dark Reading Staff , 3/10/2020
Comment0 comments  |  Read  |  Post a Comment
3 Tips to Stay Secure When You Lose an Employee
Bil Harmer​, CISO & Chief Evangelist at SecureAuthCommentary
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.
By Bil Harmer​ CISO & Chief Evangelist at SecureAuth, 3/10/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
cPacket Networks Secures $15 Million Investment from Morgan Stanley Expansion Capital
SailPoint Extends SailPoint Predictive Identity Platform with New Cloud Governance Solutions
Clumio SaaS Continues Contributions to $10 Billion Backup Market With Services for the All Cloud Enterprise
DisruptOps Raises $9M Series A to Scale Cloud Security Operations
New Osterman Survey on the Phishing Prevention Perception Gap Reveals Disconnect Between C-Suite and Cybersecurity Professionals
Cobalt.io Launches Enhancements to Pentest as a Service Platform
Axonius Expands Cybersecurity Asset Management Platform with Cloud Compliance
BlackBerry Enhances CylancePROTECT and CylanceOPTICS with EPP and EDR Capabilities
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
CASB 101: Why a Cloud Access Security Broker Matters
A CASB isn't a WAF, isn't an NGF, and isn't an SWG. So what is it, precisely, and why do you need one to go along with all the other letters? Read on for the answer.
I Want to Work in Industrial IoT Security. What Lingo Do I Need to Know?
Should you happen to be in a meeting with an ICS vendor, here are some terms you will need to know so as to not be laughed out of the room.
Keys to Hiring Cybersecurity Pros When Certification Can't Help
There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-0530
PUBLISHED: 2020-03-12
Improper buffer restrictions in firmware for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html
CVE-2020-0546
PUBLISHED: 2020-03-12
Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.
CVE-2020-0556
PUBLISHED: 2020-03-12
Improper access control in subsystem for BlueZ before version 5.53 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access.
CVE-2020-0565
PUBLISHED: 2020-03-12
Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0567
PUBLISHED: 2020-03-12
Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access.
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Flash Poll
Video
Slideshows
Twitter Feed