Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Author

 Dark Reading Staff

Profile of Dark Reading Staff

News & Commentary Posts: 1714

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article.

Articles by Dark Reading Staff
posted in March 2019

BEC Scammer Pleads Guilty

3/20/2019
Business email compromise (BEC) operation resulted in $100 million in losses to a multinational technology company and a social media firm, according to the US Attorney's Office.

Post a Comment

Deep Instinct Touts Predictive Aspects of Deep Learning

3/7/2019
Deep learning, as a subset of machine learning (which is itself a subset of artificial intelligence), can help transform a companys security posture, says Deep Instincts Guy Caspi. Deep learnings predictive capabilities also change the security management equation reactive to proactive, an important breakthrough in forecasting and risk management.

Post a Comment

Regular User Awareness Training Still the Best Security Tactic

3/7/2019
Email continues to be the largest area of exposure for most organizations, and phishing emails lead the charge, according to Stu Sjouwerman, founder and CEO of KnowBe4. And while AI and machine learning can make a difference, these same tools are used by the bad guys, Sjouwerman adds. Regular, monthly trainings help reduce phishing click rates.

Post a Comment

Raytheon IIS Seizes the Moment with Cybersecurity as a Service

3/7/2019
Tapping the flexibility and reach of the cloud makes good sense for customers, according to Jon Check, senior director, cyber protection solutions for Raytheon Intelligence, Information and Services. Cybersecurity as a Service (CYaaS) ensures both data resilience and cyber resilience by integrating analytics and automation features into the mix.

Post a Comment

AT&T Cybersecurity Ensures Companies SOAR with Security Strategy

3/7/2019
SOAR, or Security Orchestration, Automation and Response, helps customers ensure the sanctity of their infrastructure, data and end-users, according to Sanjay Ramnath, vice president, product marketing, of AT&T Cybersecurity. Integrating analytics, automation and threat intelligence helps customers eliminate the seams where the bad guys get in.

Post a Comment

Code42: Data Loss Protection is the New DLP

3/7/2019
Data loss protection helps companies get more proactive than data loss prevention and will help customers in an era of Big Data, says Vijay Ramanathan of Code 42. Data loss protection helps with both time to awareness and time to response; its reliance on automation also means greater volumes of data can be managed.

Post a Comment

Contrast Security Boosts App Security with Self-Protecting Software

3/6/2019
Vulnerability rates in application software remain as high as they were 15 years ago, according to Jeff Williams, CTO and Co-Founder of Contrast Security. But by injecting intelligent agents into code, app software gets instruments with thousands of smart, agile sensors that detect and correct vulnerabilities before deployment, and protect apps in operation.

Post a Comment

Endgame Encourages Users to Balance Detection and Response Vs. Prevention

3/6/2019
Not all security data thats publicly shared gets analyzed or vetted, but Forresters recent independent analysis of MITRE ATT&CK evaluation offers up useful insights to infosec pros and can guide their procurement and security strategy, according to Mike Nichols of Endgame. These reports can help with intelligent evaluation of detection and response versus prevention approaches.

Post a Comment

Anomali: Integration of Disparate Security Systems is Essential

3/6/2019
With a record number of cyber-attacks recorded in 2018 and even more expected this year, integrating multiple security sub-systems is essential for enterprises, says Anomalis Hugh Njemanze. He also encourages companies to operationalize their threat intelligence and to get better at sharing threat intel data.

Post a Comment

Gemalto Helps Navigate Security in the Cloud Era

3/6/2019
With digital transformation in full swing and Big Data accumulating, end-user organizations have their hands full to manage, store and protect all their data, according to Todd Moore of Gemalto. While end-users have access to cloud-based encryption and other security services, Moore warns that the bad guys have access to them too.

Post a Comment

Lockpath Advocates Benefits of Continuous Security Management

3/6/2019
Risk management and compliance technologies emerge from the intersection of technology, security, and regulation; continuous security management helps professionals from multiple departments and disciplines access the info they need, when they need it, according to Sam Abadir of Lockpath.

Post a Comment
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Tough Love: Debunking Myths about DevOps & Security
Jeff Williams, CTO, Contrast Security,  8/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5638
PUBLISHED: 2019-08-21
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user accou...
CVE-2019-6177
PUBLISHED: 2019-08-21
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Le...
CVE-2019-10687
PUBLISHED: 2019-08-21
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.
CVE-2019-11601
PUBLISHED: 2019-08-21
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
CVE-2019-11602
PUBLISHED: 2019-08-21
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.