Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

DRTV

Deep Instinct Touts Predictive Aspects of Deep Learning
Deep Instinct Touts Predictive Aspects of Deep Learning
Dark Reading Videos  |  3/7/2019  | 
Deep learning, as a subset of machine learning (which is itself a subset of artificial intelligence), can help transform a companys security posture, says Deep Instincts Guy Caspi. Deep learnings predictive capabilities also change the security management equation reactive to proactive, an important breakthrough in forecasting and risk management.
Regular User Awareness Training Still the Best Security Tactic
Regular User Awareness Training Still the Best Security Tactic
Dark Reading Videos  |  3/7/2019  | 
Email continues to be the largest area of exposure for most organizations, and phishing emails lead the charge, according to Stu Sjouwerman, founder and CEO of KnowBe4. And while AI and machine learning can make a difference, these same tools are used by the bad guys, Sjouwerman adds. Regular, monthly trainings help reduce phishing click rates.
Raytheon IIS Seizes the Moment with Cybersecurity as a Service
Raytheon IIS Seizes the Moment with Cybersecurity as a Service
Dark Reading Videos  |  3/7/2019  | 
Tapping the flexibility and reach of the cloud makes good sense for customers, according to Jon Check, senior director, cyber protection solutions for Raytheon Intelligence, Information and Services. Cybersecurity as a Service (CYaaS) ensures both data resilience and cyber resilience by integrating analytics and automation features into the mix.
eSentire: Boost Security with Managed Detection & Orchestrated Response
eSentire: Boost Security with Managed Detection & Orchestrated Response
Dark Reading Videos  |  3/7/2019  | 
By integrating endpoint security with network security, end-users can reduce their risk and greatly improve their overall security, says Ashley Fidler of eSentire. For managed detection to deliver an orchestrated response, they must tap a reliable framework for decision-making and management, she adds.
AT&T Cybersecurity Ensures Companies SOAR with Security Strategy
AT&T Cybersecurity Ensures Companies SOAR with Security Strategy
Dark Reading Videos  |  3/7/2019  | 
SOAR, or Security Orchestration, Automation and Response, helps customers ensure the sanctity of their infrastructure, data and end-users, according to Sanjay Ramnath, vice president, product marketing, of AT&T Cybersecurity. Integrating analytics, automation and threat intelligence helps customers eliminate the seams where the bad guys get in.
Code42: Data Loss Protection is the New DLP
Code42: Data Loss Protection is the New DLP
Dark Reading Videos  |  3/7/2019  | 
Data loss protection helps companies get more proactive than data loss prevention and will help customers in an era of Big Data, says Vijay Ramanathan of Code 42. Data loss protection helps with both time to awareness and time to response; its reliance on automation also means greater volumes of data can be managed.
Contrast Security Boosts App Security with Self-Protecting Software
Contrast Security Boosts App Security with Self-Protecting Software
Dark Reading Videos  |  3/6/2019  | 
Vulnerability rates in application software remain as high as they were 15 years ago, according to Jeff Williams, CTO and Co-Founder of Contrast Security. But by injecting intelligent agents into code, app software gets instruments with thousands of smart, agile sensors that detect and correct vulnerabilities before deployment, and protect apps in operation.
Endgame Encourages Users to Balance Detection and Response Vs. Prevention
Endgame Encourages Users to Balance Detection and Response Vs. Prevention
Dark Reading Videos  |  3/6/2019  | 
Not all security data thats publicly shared gets analyzed or vetted, but Forresters recent independent analysis of MITRE ATT&CK evaluation offers up useful insights to infosec pros and can guide their procurement and security strategy, according to Mike Nichols of Endgame. These reports can help with intelligent evaluation of detection and response versus prevention approaches.
Anomali: Integration of Disparate Security Systems is Essential
Anomali: Integration of Disparate Security Systems is Essential
Dark Reading Videos  |  3/6/2019  | 
With a record number of cyber-attacks recorded in 2018 and even more expected this year, integrating multiple security sub-systems is essential for enterprises, says Anomalis Hugh Njemanze. He also encourages companies to operationalize their threat intelligence and to get better at sharing threat intel data.
Gemalto Helps Navigate Security in the Cloud Era
Gemalto Helps Navigate Security in the Cloud Era
Dark Reading Videos  |  3/6/2019  | 
With digital transformation in full swing and Big Data accumulating, end-user organizations have their hands full to manage, store and protect all their data, according to Todd Moore of Gemalto. While end-users have access to cloud-based encryption and other security services, Moore warns that the bad guys have access to them too.
From Silicon to Security: Synopsys Bolsters App Security with New Platform
From Silicon to Security: Synopsys Bolsters App Security with New Platform
Dark Reading Videos  |  3/6/2019  | 
Application security is always important to infosec professionals, and as Ravi Iyer of Synopsys points out, software development trends like Agile, DevOps and CI/CD push app security to the forefront. Polaris, the new software integrity platform from Synopsys, can help with early detection of software vulnerabilities.
Lockpath Advocates Benefits of Continuous Security Management
Lockpath Advocates Benefits of Continuous Security Management
Dark Reading Videos  |  3/6/2019  | 
Risk management and compliance technologies emerge from the intersection of technology, security, and regulation; continuous security management helps professionals from multiple departments and disciplines access the info they need, when they need it, according to Sam Abadir of Lockpath.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14310
PUBLISHED: 2020-07-31
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a ma...
CVE-2020-14311
PUBLISHED: 2020-07-31
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-5413
PUBLISHED: 2020-07-31
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains mali...
CVE-2020-5414
PUBLISHED: 2020-07-31
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are a...
CVE-2019-11286
PUBLISHED: 2020-07-31
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the ...