Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Dark Reading Staff
RSS
E-Mail

Profile of Dark Reading Staff

News & Commentary Posts: 2263

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article.

Articles by Dark Reading Staff
posted in March 2019

BEC Scammer Pleads Guilty

3/20/2019
Business email compromise (BEC) operation resulted in $100 million in losses to a multinational technology company and a social media firm, according to the US Attorney's Office.

Post a Comment

Deep Instinct Touts Predictive Aspects of Deep Learning

3/7/2019
Deep learning, as a subset of machine learning (which is itself a subset of artificial intelligence), can help transform a companys security posture, says Deep Instincts Guy Caspi. Deep learnings predictive capabilities also change the security management equation reactive to proactive, an important breakthrough in forecasting and risk management.

Post a Comment

Regular User Awareness Training Still the Best Security Tactic

3/7/2019
Email continues to be the largest area of exposure for most organizations, and phishing emails lead the charge, according to Stu Sjouwerman, founder and CEO of KnowBe4. And while AI and machine learning can make a difference, these same tools are used by the bad guys, Sjouwerman adds. Regular, monthly trainings help reduce phishing click rates.

Post a Comment

Raytheon IIS Seizes the Moment with Cybersecurity as a Service

3/7/2019
Tapping the flexibility and reach of the cloud makes good sense for customers, according to Jon Check, senior director, cyber protection solutions for Raytheon Intelligence, Information and Services. Cybersecurity as a Service (CYaaS) ensures both data resilience and cyber resilience by integrating analytics and automation features into the mix.

Post a Comment

AT&T Cybersecurity Ensures Companies SOAR with Security Strategy

3/7/2019
SOAR, or Security Orchestration, Automation and Response, helps customers ensure the sanctity of their infrastructure, data and end-users, according to Sanjay Ramnath, vice president, product marketing, of AT&T Cybersecurity. Integrating analytics, automation and threat intelligence helps customers eliminate the seams where the bad guys get in.

Post a Comment

Code42: Data Loss Protection is the New DLP

3/7/2019
Data loss protection helps companies get more proactive than data loss prevention and will help customers in an era of Big Data, says Vijay Ramanathan of Code 42. Data loss protection helps with both time to awareness and time to response; its reliance on automation also means greater volumes of data can be managed.

Post a Comment

Contrast Security Boosts App Security with Self-Protecting Software

3/6/2019
Vulnerability rates in application software remain as high as they were 15 years ago, according to Jeff Williams, CTO and Co-Founder of Contrast Security. But by injecting intelligent agents into code, app software gets instruments with thousands of smart, agile sensors that detect and correct vulnerabilities before deployment, and protect apps in operation.

Post a Comment

Endgame Encourages Users to Balance Detection and Response Vs. Prevention

3/6/2019
Not all security data thats publicly shared gets analyzed or vetted, but Forresters recent independent analysis of MITRE ATT&CK evaluation offers up useful insights to infosec pros and can guide their procurement and security strategy, according to Mike Nichols of Endgame. These reports can help with intelligent evaluation of detection and response versus prevention approaches.

Post a Comment

Anomali: Integration of Disparate Security Systems is Essential

3/6/2019
With a record number of cyber-attacks recorded in 2018 and even more expected this year, integrating multiple security sub-systems is essential for enterprises, says Anomalis Hugh Njemanze. He also encourages companies to operationalize their threat intelligence and to get better at sharing threat intel data.

Post a Comment

Gemalto Helps Navigate Security in the Cloud Era

3/6/2019
With digital transformation in full swing and Big Data accumulating, end-user organizations have their hands full to manage, store and protect all their data, according to Todd Moore of Gemalto. While end-users have access to cloud-based encryption and other security services, Moore warns that the bad guys have access to them too.

Post a Comment

Lockpath Advocates Benefits of Continuous Security Management

3/6/2019
Risk management and compliance technologies emerge from the intersection of technology, security, and regulation; continuous security management helps professionals from multiple departments and disciplines access the info they need, when they need it, according to Sam Abadir of Lockpath.

Post a Comment
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14180
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are...
CVE-2020-14177
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from versio...
CVE-2020-14179
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from...
CVE-2020-25789
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
CVE-2020-25790
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...