Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Products and Releases

Content posted in May 2019
Cyber Ireland announced by IDA Ireland and Cork Institute of Technology
Products and Releases  |  5/31/2019  | 
National cyber security cluster initiative is recruiting industry and higher education institutes.
FS-ISAC Survey: Nearly 75 Percent of Financial Institutions CISOs Plan to Ask for an Increase in Cybersecurity Investment
Products and Releases  |  5/29/2019  | 
Only four percent of financial institutions prioritize employee education and training in existing budgets
2019 State of Enterprise Secure Access Report
Products and Releases  |  5/23/2019  | 
A full 61% of IT organizations surveyed have little to modest confidence in their ability to mitigate access security threats, despite a majority significantly increasing their near-term budget.
Infocyte Launches Agentless Cloud Workload Protection Platform, Strengthens Capabilities in AWS Environments
Products and Releases  |  5/22/2019  | 
Capabilities include agentless deployment via API, automated threat detection, and instant root cause analysis for certifying cloud workloads are clean and aecure.
Microsoft Joins MANRS to Improve Routing Security
Products and Releases  |  5/22/2019  | 
Hunters.AI Raises $5.4M Seed Round to Equip Cybersecurity Teams with Autonomous Threat Hunting Machine
Products and Releases  |  5/22/2019  | 
Utilizes unique military-grade attack intelligence, artificial intelligence and existing security data to deliver proactive, scalable and actionable attack detection
xMatters open-sources its Chaos Engineering tool
Products and Releases  |  5/16/2019  | 
Cthulhu automates cross-platform failure testing to help developers put better software into production and minimize downtime costs
Sectigo Sponsors Lets Encrypt to Enable Certificate Transparency Log Operation
Products and Releases  |  5/15/2019  | 
Commercial Certificate Authority Helps Ensure Fabric of CT Logs is Adequate for Worlds Certificate Needs
LogRhythm Releases Cloud-Based NextGen Security Information and Event Management (SIEM) Platform
Products and Releases  |  5/15/2019  | 
With LogRhythm Cloud, security analysts get the full experience of an award-winning platform with the benefits of Software as a Service (SaaS)
Semmle appoints its first CSO
Products and Releases  |  5/8/2019  | 
roduct security veteran Fermn Serna leaves Google to help secure all software by bringing the security and development communities together
Sumo Logic Completes $110 Million Funding Round
Products and Releases  |  5/8/2019  | 
Battery Ventures, Tiger Global Management and Franklin Templeton Sign on to Back Sumo Logics Industry Leading Continuous Intelligence Platform
Quad9 Offers Owners of Android-Based Devices DNS Security Protections for Free
Products and Releases  |  5/7/2019  | 
Privacy-centric DNS service blocks access to more than 15 million malicious events per day, limiting access to malware and phishing as well as encrypting private DNS data.
CrowdStrike Falcon Integrates Firmware Attack Detection Capability
Products and Releases  |  5/3/2019  | 
Endpoints protected by CrowdStrike Falcon will now gain continuous monitoring for firmware attacks
NSS Labs Appoints New Chief Executive Officer
Products and Releases  |  5/2/2019  | 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file