Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Products and Releases

Content posted in August 2019
McAfee Report Uncovers Ransomware Resurgence
Products and Releases  |  8/29/2019  | 
McAfee Labs sees 504 new threats per minute in Q1 2019; data breaches facilitate attacks on large organizations; majority of targeted attacks bet on victims' unwitting compliance.
Business Losses to Cybercrime Data Breaches to Exceed $5 trillion by 2024
Products and Releases  |  8/28/2019  | 
Cybersecurity Breaches to Increase Nearly 70% Over the Next 5 years
Survey: SMBs Continue to Struggle with IT Security
Products and Releases  |  8/27/2019  | 
SMBs cite budget constraints, paired with a lack of time and personnel to research new security threats, among the reasons.
Space ISAC and National Cybersecurity Center Announce MITRE Will Be an ISAC Founding Member
Products and Releases  |  8/26/2019  | 
New Information Sharing and Analysis Center Adds New Founding Member to Board
Cyberbit & Purdue Partner to Advance Cybersecurity Workforce Education & Training
Products and Releases  |  8/23/2019  | 
Cyberbit's cyberattack simulation platform will be used to enhance the skills of career professionals.
Federal Grand Jury Indicts 80 Defendants in International BEC Scams
Products and Releases  |  8/22/2019  | 
Defendants are charged with various online frauds including business email compromise, money laundering, romance scams, and schemes targeting the elderly.
Veracode Releases Advanced Software Composition Analysis Solution Decreasing Open Source Risk
Products and Releases  |  8/22/2019  | 
Cloud-based solution helps developers prioritize and remediate open source vulnerabilities quickly within DevSecOps environments.
Remediant Secures $15 Million in Series A Funding Round Co-led By Dell Technologies Capital and ForgePoint Capital
Products and Releases  |  8/22/2019  | 
Remediant’s SecureONE solution addresses major industry need for more effective Privileged Access Management
JASK Integrates with Cisco Security Portfolio, Joins Cisco Security Technical Alliance
Products and Releases  |  8/21/2019  | 
JASK’s cloud-native SIEM now integrates with Cisco ASA, Umbrella and AMP4EP.
Morphisec Announces 2019 Women in Cybersecurity Scholarship Winners
Products and Releases  |  8/20/2019  | 
Scholarships Awarded to Three Female Students to Encourage Young Women Poised To Enter The Cybersecurity Field Globally
OwnBackup Appoints Adrian Kunzle as Head of Product & Strategy
Products and Releases  |  8/20/2019  | 
Cloud-to-cloud backup innovator adds Salesforce veteran.
ZeroFOX Launches Election Protection Package
Products and Releases  |  8/20/2019  | 
AI-powered solution provides continuous protection across digital and social media channels; safeguards candidates, campaigns, and political organizations from threats targeting elections and election-related activities
Global Cyber Alliance Launches Cybersecurity Development Platform for Internet of Things (IoT) Devices
Products and Releases  |  8/19/2019  | 
New AIDE Platform Enables IoT Device Manufacturers to Test Security, Identify and Mitigate Global Attack Risks, and Identify Vulnerabilities
Deloitte and Splunk Provide Automated Security Monitoring and Response Capabilities to Organizations Worldwide
Products and Releases  |  8/19/2019  | 
Capability is designed to enable clients to more effectively detect, defend and respond to critical cyber threats
Microsoft, Imprivata Launch Cloud Access Security Tool for Healthcare
Products and Releases  |  8/15/2019  | 
Imprivata Identity Governance enables customers to manage the provisioning, tracking, and deprovisioning of users in hybrid on-premises and cloud environments.
70% of Financial Companies Suffered a Cybersecurity Incident in the Past 12 Months
Products and Releases  |  8/15/2019  | 
Nearly half originated from employees failing to follow security protocol or data protection policies, according to Clearswift.
Code42's Data Loss Detection and Response Capabilities Spot Data Theft When Employees Quit
Products and Releases  |  8/15/2019  | 
Integrates with IBM Resilient to speed incident response to data loss, leak, and theft.
New Cyber Research Records a 91% Reduction in Dwell Time for Users of Deception Technology
Products and Releases  |  8/15/2019  | 
70% of Users Highly Familiar with Deception Technology Report a High Confidence for Detecting In-Network Threat
McAfee to Acquire NanoSec to Enhance Capabilities in Cloud Security
Products and Releases  |  8/9/2019  | 
NanoSec's multi-cloud, zero-trust application visibility and security platform further extend McAfee's cloud access security broker (CASB) and cloud workload protection platform (CWPP) capabilities.
ZeroFOX Expands AI Capabilities to Detect Deepfakes
Products and Releases  |  8/8/2019  | 
New video analysis features analyze content and identify risks.
Capsule8 Adds Significant Funding from Intel Capital
Products and Releases  |  8/7/2019  | 
Strategic investment to fuel expansion of Capsule8's go-to-market efforts.
Censys To Unveil Attack Surface Visibility Platform at Black Hat
Products and Releases  |  8/7/2019  | 
Enterprise-level attack surface management software platform provides automatic attack surface monitoring and real-time alerts.
QOMPLX Launches Identity Assurance 2.1 For Active Directory Monitoring And Security
Products and Releases  |  8/6/2019  | 
Module can quickly detect a Kerberos-based attack.
SiteLock Announces Solution to Automatically Remove Malware & Spam from Website Databases
Products and Releases  |  8/6/2019  | 
New enhancements to SMART Database extend support across WordPress, Joomla!, and any other web application that uses a MySQL database.
Bugcrowd Announces Platform-Enabled Cybersecurity Assessments for Marketplaces
Products and Releases  |  8/6/2019  | 
Bugcrowd for Secure Marketplaces enables bulk adoption of crowdsourced security for marketplace and app store owners.
Bugcrowd Establishes Standard for Crowdsourced Security Workflow Management
Products and Releases  |  8/6/2019  | 
New standardized workflows, advanced reporting, and enhanced skills matching help operationalize true security intelligence.
CrowdStrike Introduces CrowdScore Real-Time Threat-Monitoring Metric
Products and Releases  |  8/6/2019  | 
Score helps security leaders understand the real-time state of the threat inside their organizations.
Arctic Wolf Introduces Arctic Wolf Agent for Endpoint Protection
Products and Releases  |  8/6/2019  | 
Tool provides telemetry to understand the status of endpoints including asset information, operational metrics, and key behavioral insight from vulnerability scans.
Irdeto Unveils Mobile App Protection Service
Products and Releases  |  8/5/2019  | 
Zero-touch mobile app protection service with machine learning empowers developers to focus on time-to-market and business logic.
Evolve Security Opens NSA'S GenCyber Cypersecurity Camp for Girl Scouts
Products and Releases  |  8/5/2019  | 
National Security Agency's program introduces girls to cybersecurity.
Digital Guardian Releases Free Forensic Tool
Products and Releases  |  8/5/2019  | 
DG Wingman can instantly extract key forensic artifacts, such as the Master File Table ($MFT), Windows registry, and Windows event logs for further analysis.
Everbridge Announces Acquisition of NC4
Products and Releases  |  8/2/2019  | 
Acquisition creates the industry's only end-to-end critical event management and threat assessment platform to keep people safe and business operations running.
FireEye Expands Cloud Server Protection and Investigation Capabilities
Products and Releases  |  8/1/2019  | 
New versions of FireEye Network and Endpoint Security work together to enhance detection and investigation capabilities, protecting cloud, on-premise, and hybrid deployments against emerging attacks
Capsule8 Announces New Investigations Capability for Securing Linux Production Networks
Products and Releases  |  8/1/2019  | 
Capsule8 Protect now solves production security’s data warehousing problem
Zerto Research Highlights Business Need for IT Resilience Planning
Products and Releases  |  8/1/2019  | 
Perception gap among IT and business decision makers contributing to lack of IT Resilience maturity.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file