Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

DRTV

Deep Instinct Touts Predictive Aspects of Deep Learning
Deep Instinct Touts Predictive Aspects of Deep Learning
Dark Reading Videos  |  3/7/2019  | 
Deep learning, as a subset of machine learning (which is itself a subset of artificial intelligence), can help transform a companys security posture, says Deep Instincts Guy Caspi. Deep learnings predictive capabilities also change the security management equation reactive to proactive, an important breakthrough in forecasting and risk management.
Regular User Awareness Training Still the Best Security Tactic
Regular User Awareness Training Still the Best Security Tactic
Dark Reading Videos  |  3/7/2019  | 
Email continues to be the largest area of exposure for most organizations, and phishing emails lead the charge, according to Stu Sjouwerman, founder and CEO of KnowBe4. And while AI and machine learning can make a difference, these same tools are used by the bad guys, Sjouwerman adds. Regular, monthly trainings help reduce phishing click rates.
Raytheon IIS Seizes the Moment with Cybersecurity as a Service
Raytheon IIS Seizes the Moment with Cybersecurity as a Service
Dark Reading Videos  |  3/7/2019  | 
Tapping the flexibility and reach of the cloud makes good sense for customers, according to Jon Check, senior director, cyber protection solutions for Raytheon Intelligence, Information and Services. Cybersecurity as a Service (CYaaS) ensures both data resilience and cyber resilience by integrating analytics and automation features into the mix.
eSentire: Boost Security with Managed Detection & Orchestrated Response
eSentire: Boost Security with Managed Detection & Orchestrated Response
Dark Reading Videos  |  3/7/2019  | 
By integrating endpoint security with network security, end-users can reduce their risk and greatly improve their overall security, says Ashley Fidler of eSentire. For managed detection to deliver an orchestrated response, they must tap a reliable framework for decision-making and management, she adds.
AT&T Cybersecurity Ensures Companies SOAR with Security Strategy
AT&T Cybersecurity Ensures Companies SOAR with Security Strategy
Dark Reading Videos  |  3/7/2019  | 
SOAR, or Security Orchestration, Automation and Response, helps customers ensure the sanctity of their infrastructure, data and end-users, according to Sanjay Ramnath, vice president, product marketing, of AT&T Cybersecurity. Integrating analytics, automation and threat intelligence helps customers eliminate the seams where the bad guys get in.
Code42: Data Loss Protection is the New DLP
Code42: Data Loss Protection is the New DLP
Dark Reading Videos  |  3/7/2019  | 
Data loss protection helps companies get more proactive than data loss prevention and will help customers in an era of Big Data, says Vijay Ramanathan of Code 42. Data loss protection helps with both time to awareness and time to response; its reliance on automation also means greater volumes of data can be managed.
Contrast Security Boosts App Security with Self-Protecting Software
Contrast Security Boosts App Security with Self-Protecting Software
Dark Reading Videos  |  3/6/2019  | 
Vulnerability rates in application software remain as high as they were 15 years ago, according to Jeff Williams, CTO and Co-Founder of Contrast Security. But by injecting intelligent agents into code, app software gets instruments with thousands of smart, agile sensors that detect and correct vulnerabilities before deployment, and protect apps in operation.
Endgame Encourages Users to Balance Detection and Response Vs. Prevention
Endgame Encourages Users to Balance Detection and Response Vs. Prevention
Dark Reading Videos  |  3/6/2019  | 
Not all security data thats publicly shared gets analyzed or vetted, but Forresters recent independent analysis of MITRE ATT&CK evaluation offers up useful insights to infosec pros and can guide their procurement and security strategy, according to Mike Nichols of Endgame. These reports can help with intelligent evaluation of detection and response versus prevention approaches.
Anomali: Integration of Disparate Security Systems is Essential
Anomali: Integration of Disparate Security Systems is Essential
Dark Reading Videos  |  3/6/2019  | 
With a record number of cyber-attacks recorded in 2018 and even more expected this year, integrating multiple security sub-systems is essential for enterprises, says Anomalis Hugh Njemanze. He also encourages companies to operationalize their threat intelligence and to get better at sharing threat intel data.
Gemalto Helps Navigate Security in the Cloud Era
Gemalto Helps Navigate Security in the Cloud Era
Dark Reading Videos  |  3/6/2019  | 
With digital transformation in full swing and Big Data accumulating, end-user organizations have their hands full to manage, store and protect all their data, according to Todd Moore of Gemalto. While end-users have access to cloud-based encryption and other security services, Moore warns that the bad guys have access to them too.
From Silicon to Security: Synopsys Bolsters App Security with New Platform
From Silicon to Security: Synopsys Bolsters App Security with New Platform
Dark Reading Videos  |  3/6/2019  | 
Application security is always important to infosec professionals, and as Ravi Iyer of Synopsys points out, software development trends like Agile, DevOps and CI/CD push app security to the forefront. Polaris, the new software integrity platform from Synopsys, can help with early detection of software vulnerabilities.
Lockpath Advocates Benefits of Continuous Security Management
Lockpath Advocates Benefits of Continuous Security Management
Dark Reading Videos  |  3/6/2019  | 
Risk management and compliance technologies emerge from the intersection of technology, security, and regulation; continuous security management helps professionals from multiple departments and disciplines access the info they need, when they need it, according to Sam Abadir of Lockpath.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36239
PUBLISHED: 2021-07-29
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 e...
CVE-2021-37578
PUBLISHED: 2021-07-29
Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malic...
CVE-2021-23416
PUBLISHED: 2021-07-28
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
CVE-2021-23417
PUBLISHED: 2021-07-28
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
CVE-2021-23415
PUBLISHED: 2021-07-28
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.