Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Products and Releases

Content posted in October 2020
Lucidum Raises $4M Seed Investment to Automate Asset Discovery & Eliminate Blind Spots Across Cloud, Security & IT Ops
Products and Releases  |  10/30/2020  | 
GGV Capital and Syndicate of Silicon Valley CISOs Invest in two former Splunk Execs Solving the Fundamental Challenge of IT Asset Discovery
Mastercard Launches AI-Powered Solution to Protect the Digital Ecosystem
Products and Releases  |  10/30/2020  | 
Cyber Secure advances first set of integrated cyber capabilities for banks & their businesses.
Claroty Adds Fully Integrated Remote Incident Management To Industry-Leading Ot Security Platform
Products and Releases  |  10/30/2020  | 
Enhanced Secure Remote Access and Continuous Threat Detection enable seamless detection, investigation, and response to OT security incidents across the broadest attack surface area from any location
Contrast Security Launches Platform Delivering Comprehensive Security Observability to Secure Web Apps Across SDLC
Products and Releases  |  10/29/2020  | 
Contrast continuously observes and secures software from IDE to runtime, cutting vulnerability and threat remediation time by up to 17x.
Micron and Tata Communications Accelerate IoT Deployment With Cloud-Based Virtual SIM
Products and Releases  |  10/29/2020  | 
Solution offers flexible global cellular-enabled connectivity, underpinned by trusted edge-to-cloud onboarding.
Theta Lake Raises $12.7 Million In Series A Funding, Led by Lightspeed Venture Partners
Products and Releases  |  10/29/2020  | 
Funding will help Theta Lake expand its platform and global market delivery for protecting employers and employees in a new collaboration-based remote work era.
Sophos Launches Rapid Response Service to Identify and Neutralize Active Cybersecurity Attacks
Products and Releases  |  10/29/2020  | 
Sophos Rapid Response addresses a wide range of security incidents, including ransomware, network breaches, and hands-on keyboard adversaries.
Axio Offers Free Cybersecurity Program Assessment Tools
Products and Releases  |  10/27/2020  | 
Tools can be used to assess the current state of a companys cybersecurity program.
Offensive Security Continues to Expand Security Training and Certification Offerings with New Advanced Pentest Training Course
Products and Releases  |  10/27/2020  | 
Evasion Techniques and Breaching Defenses Represents Unique Opportunity for Security Professionals to Take Careers to New Heights
Nozomi Networks Pioneers SaaS Security and Visibility Solution for Dynamic IoT and OT Networks
Products and Releases  |  10/27/2020  | 
Nozomi Networks Vantage empowers a new generation of cyber and physical system security with the SaaS simplicity, scale and TCO control that the converging worlds of IT and OT require.
Red Canary Enters Cloud Workload Protection Space
Products and Releases  |  10/27/2020  | 
Red Canary Cloud Workload Protection secures cloud environments with a lightweight sensor, proven threat detection platform, and security expertise
4iQ Raises $30 Million in Series C Funding, Names Kailash Ambwani as CEO
Products and Releases  |  10/26/2020  | 
Cybersecurity startup helps enterprises to understand their digital risk and exposure.
Attivo Networks Enhances Portfolio for Amplified Identity Access Management Control
Products and Releases  |  10/26/2020  | 
Threatpath release addresses proliferation of endpoints and credential protection challenges.
Avira Researchers Discover a New Variant of Mirai
Products and Releases  |  10/26/2020  | 
The botnet, named Katana, is still in development but already has modules such as layer 7 DdoS, unique encryption keys, fast self-replication, and secure C&C, making it a more serious threat
Positive Technologies Helps Fix 11 Vulnerabilities in Popular SonicWall Firewall Appliances
Products and Releases  |  10/23/2020  | 
Potential threats included disconnection of remote employees or branches and possible attacker penetration into corporate networks.
Nokia Threat Intelligence Report Warns of Rising Cyberattacks on Internet-Connected Devices
Products and Releases  |  10/22/2020  | 
Report also highlights role of numerous COVID-19-themed cybercriminal campaigns aimed at exploiting user data.
Splunk Unveils New Innovations Across Its Security Operations Suite
Products and Releases  |  10/20/2020  | 
Splunk Mission Control Plug-In Framework is a new framework that allows customers to combine their Splunk security tools and non-Splunk security tools.
Rapid7 Announces Availability of Enhanced Endpoint Telemetry for InsightIDR
Products and Releases  |  10/20/2020  | 
New capabilities extend endpoint visibility to further unify critical security data and drive accelerated investigations and response.
Farsight Security Announces General Availability for DNSDB 2.0 Flexible Search
Products and Releases  |  10/20/2020  | 
Tool uncovers phishing, brand infringement, and misinformation campaigns.
Splunk Acquires Plumbr, Agrees to Acquire Rigor
Products and Releases  |  10/20/2020  | 
With both acquisitions and product integrations, Splunk will significantly expand its APM and DEM capabilities.
Apptega Launches B2B E-Commerce Marketplace Dedicated to Cybersecurity
Products and Releases  |  10/18/2020  | 
CyberXchange maps the worlds leading cybersecurity products and services to over 10,000 categories and compliance standards.
Corsa Security Automates Firewall as a Service
Products and Releases  |  10/18/2020  | 
MSSPs and service providers can easily and quickly offer a virtualized firewall service to their customers.
ReliaQuests GreyMatter Unified SaaS Security Platform Delivers Open XDR Approach
Products and Releases  |  10/18/2020  | 
Vendor-agnostic platform helps Fortune 1000 customers maximize value of their existing cybersecurity investments.
ROKK Solutions Launches New Cybersecurity Communications Offering
Products and Releases  |  10/13/2020  | 
GROKK is a unique program that offers a customized communications strategy to effectively manage security incidents.
StackRox and Robin.io Partner to Deliver Hardened Security, Compliance and Data Management for Stateful Applications on Kubernetes
Products and Releases  |  10/9/2020  | 
StackRox Kubernetes Security Platform now available as a Robin.io enterprise application bundle
Digital Shadows launches access key alerts -- to mitigate the growing problem of credentials exposed during software development
Products and Releases  |  10/9/2020  | 
Threat actors actively scouring code repositories such as GitHub for easy way to infiltrate organizations.
Onapsis Raises $55M Growth Round, Led by CDPQ and NightDragon, Fueling Expansion to Protect Mission-Critical SaaS Applications
Products and Releases  |  10/9/2020  | 
Funding Round to Accelerate Companys Growth Strategy to Expand Security and Compliance Support for Salesforce, Workday, Oracle, SAP and Other Leading Cloud Applications
Arctic Wolf Security Operations Report: Corporate Credentials Exposed on Dark Web Up Over 400 Percent
Products and Releases  |  10/9/2020  | 
More than One-Third of High-Risk Cybersecurity Incidents Now Occur After Hours
Cyvatar Launches All-in-One Cybersecurity-as-a-Service to Disrupt the Industry with $3 Million Seed Round
Products and Releases  |  10/9/2020  | 
New Market Entrant Targets Waste and Inefficiency across the Industry with Backing from Bill Wood Ventures.
Ping Identity Acquires Self-Sovereign Identity Leader ShoCard in Significant Leap Toward Personal Identity Management
Products and Releases  |  10/9/2020  | 
Company paves the way for a future where identity management is in the hands of individuals
Ping Identity Launches New Cloud Services Enabling Advanced Risk Management and Authentication for the Enterprise
Products and Releases  |  10/9/2020  | 
PingOne Services provide multi-factor authentication and real-time threat detection for stronger overall customer and workforce security
CipherCloud Introduces Advanced Data Discovery, Extending its End-to-End Data Security Platform
Products and Releases  |  10/9/2020  | 
Added Visualization and Automated Remediation Capabilities Deepen Market-Leading Approach to Data Security Lifecycle
Majority of Industrial Enterprises Face Increase in Cyber Threats Since COVID-19 Pandemic Began
Products and Releases  |  10/8/2020  | 
New global report from Claroty shows the importance of IT and OT interconnectivity in order to advance digital initiatives and thrive in a post-pandemic future
Rapid7 Announces Cloud Identity and Access Management Governance Module for DivvyCloud
Products and Releases  |  10/8/2020  | 
Security professionals can now simplify cloud identity and access management at scale to help prevent security incidents and data breaches.
Sonatype Introduces Next Generation Dependency Management for Software Developers
Products and Releases  |  10/7/2020  | 
Advanced Development Pack enables developers to choose the right components.
77% of Organizations That Use Both Mac and Non-Mac Devices View Mac as Most Secure
Products and Releases  |  10/7/2020  | 
Among IT and infosec professionals, there was a consensus that oversight and endpoint visibility is easier on Mac, but also that Mac security maintenance is easier.
Maryland to Bridge Cybersecurity Workforce Gap with Bachelors Degree Program
Products and Releases  |  10/2/2020  | 
SANS Launches First Professional Bachelors Degree in Applied Cybersecurity
Red Canary Delivers Alert Fatigue Relief for Security Teams
Products and Releases  |  10/1/2020  | 
Red Canary Alert Center reduces risk, gives teams control over alerts across the entire security stack.
Jamf Announces Acquisition of Mondada, a Leading Innovator in Patch Management
Products and Releases  |  10/1/2020  | 
Patch capabilities save the enterprise significant time deploying Mac, while improving organizational security.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file