Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

DRTV: Dark Reading News Desk @ Black Hat USA

Overestimating WebAssembly's Security Benefits Is Risky for Developers
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Dark Reading Videos  |  8/29/2018  | 
Although WebAssembly technology promises both better performance and better security to developers, it also creates a new risk for native exploits in the browser.
Researcher Cracks San Francisco's Emergency Siren System
Researcher Cracks San Francisco's Emergency Siren System
Dark Reading Videos  |  8/24/2018  | 
Bastille researcher Balint Seeber discusses the process of creating SirenJack and cracking one of a city's critical safety systems.
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
Dark Reading Videos  |  8/22/2018  | 
University of Copenhagen associate professor discusses what he found when he dug into some decommissioned WinVote voting machines.
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Videos  |  8/20/2018  | 
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
How Better Intel Can Reduce, Prevent Payment Card Fraud
How Better Intel Can Reduce, Prevent Payment Card Fraud
Dark Reading Videos  |  8/20/2018  | 
Royal Bank of Canada machine learning researcher and Terbium Labs chief scientist discuss how they use intelligence about the carding market to predict the next payment card fraud victims.
Malicious Cryptomining & Other Shifting Threats
Malicious Cryptomining & Other Shifting Threats
Dark Reading Videos  |  8/17/2018  | 
Skybox Security CMO Michelle Johnson Cobb discloses research results that include a spike in malicious cryptomining during Bitcoins peak, a shift to outside-the-perimeter mobile threats, and more.
The Economics of AI-Enabled Security
The Economics of AI-Enabled Security
Dark Reading Videos  |  8/17/2018  | 
While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.
Using Threat Deception on Malicious Insiders
Using Threat Deception on Malicious Insiders
Dark Reading Videos  |  8/17/2018  | 
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
Filtering the Threat Intelligence Tsunami
Filtering the Threat Intelligence Tsunami
Dark Reading Videos  |  8/17/2018  | 
Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.
Ensuring Web Applications Are Hardened, Secure
Ensuring Web Applications Are Hardened, Secure
Dark Reading Videos  |  8/17/2018  | 
Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.
Supplementing the SOC with Cyber-as-a-Service
Supplementing the SOC with Cyber-as-a-Service
Dark Reading Videos  |  8/17/2018  | 
Raytheon Cyber Protection Solutions CTO Mark Orlando suggests under-resourced SOCs enhance their effectiveness at-scale by tapping the advanced cyber defense automation his company has developed.
Assessing & Mitigating Increased Exposure to Third-Party Risk
Assessing & Mitigating Increased Exposure to Third-Party Risk
Dark Reading Videos  |  8/17/2018  | 
As we increasingly connect with each other digitally, CyberGRX CRO Scott Schneider believes we need to be much more diligent about sharing validated insight into the infosec maturity of our organizations.
Leveraging the Power of your End-Users Human Cognition
Leveraging the Power of your End-Users Human Cognition
Dark Reading Videos  |  8/17/2018  | 
Cofense CEO Rohyt Belani makes a case for more aggressively leveraging the unique ability of your most perceptive and well-trained end-users to help you more quickly spot and stop email threats.
How Orchestration, Automation Help SOCs Do More With Less
How Orchestration, Automation Help SOCs Do More With Less
Dark Reading Videos  |  8/17/2018  | 
Splunks Haiyan Song and Oliver Friedrichs - co-founder of recently acquired Phantom - explain how security orchestration, automation, and response (SOAR) can empower SOCs to do more with less.
Simplifying Defense Across the MITRE ATT&CK Matrix
Simplifying Defense Across the MITRE ATT&CK Matrix
Dark Reading Videos  |  8/17/2018  | 
Endgames Mark Dufresne says SOCs can achieve better results within their existing staff and budget constraints with AI- and visualization-empowered, unified defense across the MITRE ATT&CK matrix.
The Rise of Bespoke Ransomware
The Rise of Bespoke Ransomware
Dark Reading Videos  |  8/17/2018  | 
Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...