Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

DRTV

Using Market Pressures to Improve Cybersecurity
Using Market Pressures to Improve Cybersecurity
Dark Reading Videos  |  8/31/2017  | 
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
The Active Directory Botnet
The Active Directory Botnet
Dark Reading Videos  |  8/30/2017  | 
It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Dark Reading Videos  |  8/29/2017  | 
Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.
IoTCandyJar: A HoneyPot for any IoT Device
IoTCandyJar: A HoneyPot for any IoT Device
Dark Reading Videos  |  8/29/2017  | 
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
Turning Sound Into Keystrokes: Skype & Type
Turning Sound Into Keystrokes: Skype & Type
Dark Reading Videos  |  8/25/2017  | 
Don't let your fingers do the talking in a Skype session. The callers on the other end could know what you're writing, researcher Daniele Lain explains.
Insecure IoT Devices Pose Physical Threat to General Public
Insecure IoT Devices Pose Physical Threat to General Public
Dark Reading Videos  |  8/24/2017  | 
At the car wash, look out for attack robots. Billy Rios discusses how IoT devices could be hacked to physically attack people -- not just on factory floors, but in everyday public settings.
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dark Reading Videos  |  8/23/2017  | 
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Why Most Security Awareness Training Fails (And What To Do About It)
Why Most Security Awareness Training Fails (And What To Do About It)
Dark Reading Videos  |  8/22/2017  | 
Arun Vishwanath discusses why awareness training shouldn't apply the same cure to every ailment then blame the patient when the treatment doesn't work.
The Benefits of Exploiting Attackers' Favorite Tools
The Benefits of Exploiting Attackers' Favorite Tools
Dark Reading Videos  |  8/22/2017  | 
Symantec senior threat researcher Waylon Grange explains that attackers write vulnerable code, too.
How To Avoid Legal Trouble When Protecting Client Data
How To Avoid Legal Trouble When Protecting Client Data
Dark Reading Videos  |  8/21/2017  | 
Attorneys discuss how cybersecurity consultants can manage conflicts between e-discovery demands and client agreements.
ShieldFS Hits 'Rewind' on Ransomware
ShieldFS Hits 'Rewind' on Ransomware
Dark Reading Videos  |  8/18/2017  | 
Federico Maggi and Andrea Continella discuss a new tool to protect filesystems by disrupting and undoing ransomware's encryption activities.
How Bad Teachers Ruin Good Machine Learning
How Bad Teachers Ruin Good Machine Learning
Dark Reading Videos  |  8/18/2017  | 
Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
The Shadow Brokers: How They Changed 'Cyber Fear'
The Shadow Brokers: How They Changed 'Cyber Fear'
Dark Reading Videos  |  8/17/2017  | 
At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.
Behind the Briefings: How Black Hat Sessions Get Chosen
Behind the Briefings: How Black Hat Sessions Get Chosen
Dark Reading Videos  |  8/17/2017  | 
Daniel Cuthbert and Stefano Zanero explain what the Black Hat review board is looking for in an abstract submission for the Briefings.
Optimizing Online Defenses Through Crowdsourcing
Optimizing Online Defenses Through Crowdsourcing
Dark Reading Videos  |  8/7/2017  | 
With limited time and money, many organizations are hamstrung when it comes to cyber defense. AlienVault’s CTO Roger Thornton discusses how the company’s crowdsourced, open-source community product, the Open Threat Exchange (OTX), can help.
Three Steps to Strong Enterprise Security
Three Steps to Strong Enterprise Security
Dark Reading Videos  |  8/3/2017  | 
Raytheon Cyber Services’ CEO Paul Perkinson and Chief Strategy Officer Joshua Douglas discusses how a layered approach of assessment, threat hunting, and training can pave the way for more secure enterprise data.
Thwarting DDoS Attacks
Thwarting DDoS Attacks
Dark Reading Videos  |  8/2/2017  | 
Neustar’s Barrett Lyon discusses the company’s investment in a “scrubbing service” and Web application firewalls to protect organizations against DDoS attacks.
Getting the Most From Your Threat Intelligence
Getting the Most From Your Threat Intelligence
Dark Reading Videos  |  8/2/2017  | 
Anomali’s Director of Security Strategy Travis Farral discusses how security pros can better use the threat intel feeds and tools they already have.
Using Machine Learning to Combat Bots
Using Machine Learning to Combat Bots
Dark Reading Videos  |  8/2/2017  | 
Splunk’s SVP and General Manager of Security Markets Haiyan Song talks about how enterprises need to apply data science and machine learning to thwart some of the most nefarious online attacks.
Should You be Worried about Cloud Security?
Should You be Worried about Cloud Security?
Dark Reading Videos  |  8/2/2017  | 
Skybox Security's CMO Michelle Johnson Cobb talks about the current threats targeting the cloud -- and how the difference between security of the cloud and security in the cloud.
Can Machine Learning Help Organizations Improve Data Security?
Can Machine Learning Help Organizations Improve Data Security?
Dark Reading Videos  |  8/2/2017  | 
Bitdefender’s Malware Researcher Cristina Vatamanu talks about the opportunities and limitations of using machine-learning technology to identify security threats.
Stop Malware Attacks Automatically
Stop Malware Attacks Automatically
Dark Reading Videos  |  8/2/2017  | 
Jeffrey Duran, Director of Product Marketing for enSilo warns CISOs that putting too much emphasis on preventative security can be a risky proposition. Instead, organizations need the ability to automatically detect and block pre and post infection. Want to see a demo? Want to see a demo? Let's talk!
How to Combat the Security Skills Shortage
How to Combat the Security Skills Shortage
Dark Reading Videos  |  8/2/2017  | 
A higher volume of online attacks and a dearth of security professionals make it difficult for organizations to protect themselves. CenturyLink’s Cybersecurity Architect Jeffrey Krone explains how outsourcing can help companies get the talent, scale, and expertise they need.
Twenty-five Percent of Emails Deemed Unsafe
Twenty-five Percent of Emails Deemed Unsafe
Dark Reading Videos  |  8/2/2017  | 
Mimecast’s Steve Malone discusses the latest findings from the company’s Email Security Risk Assessment report, and how cloud-based email services can help.
Leveraging Machine Learning and AI to Combat Online Attacks
Leveraging Machine Learning and AI to Combat Online Attacks
Dark Reading Videos  |  8/2/2017  | 
As the threat landscape grows more complex, organizations need a framework to combat a wide diversity of cyberattacks. Gigamon’s CTO Shehzad Merchant talks about the company’s Security Defender Lifecycle Model and how it uses AI and machine learning to contain potential threats.
Using Intelligence to Optimize Your Data Defense Strategy
Using Intelligence to Optimize Your Data Defense Strategy
Dark Reading Videos  |  8/2/2017  | 
How do you optimize your security budget and the tools you already have? John Weinschenk of Spirent discusses how preemptive intelligence can help an organization manage its in-house security solutions and prioritize equipment decisions.
Protecting Your Organization Against Ransomware
Protecting Your Organization Against Ransomware
Dark Reading Videos  |  8/2/2017  | 
John Shier, Senior Security Advisor for Sophos, explains how the company’s ransomware protection solutions, including Sophos Intercept X, can help you defend your organization without going through a steep learning curve.
How to Beat Phishing Attacks
How to Beat Phishing Attacks
Dark Reading Videos  |  8/2/2017  | 
From attacks on CEOs to “mom phishing,” social engineering attacks are getting more targeted and sophisticated. KnowBe4’s CEO Stu Sjouwerman explains how online security awareness training and phishing exercises can help educate and train employees to protect corporate data.
Continuous Security Validation and Measuring Security Effectiveness with NSS Labs’ CAWS Platform
Continuous Security Validation and Measuring Security Effectiveness with NSS Labs’ CAWS Platform
Dark Reading Videos  |  8/2/2017  | 
NSS Labs’ CMO and Head of Products Gautam Aggarwal discusses how the company’s CAWS Security Validation Platform can help CISOs get empirical evidence of security effectiveness and map security vulnerabilities to business impact.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.