Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
6 Security Team Goals for DevSecOps in 2020
Assessing Cybersecurity Risk in Today's Enterprise
Car Hacking Hits the Streets
How AI and Cybersecurity Will Intersect in 2020
The Edge Cartoon Caption Contest: Latest Winners, New Toon 'Like a Boss'
News & Commentary
9 Things Application Security Champions Need to Succeed
Ericka Chickowski, Contributing Writer
Common elements to highly effective security champion programs that take DevSecOps to the next level
By Ericka Chickowski Contributing Writer, 1/29/2020
Comment0 comments  |  Read  |  Post a Comment
Pilfered Wawa Payment Card Data Now for Sale on Dark Web
Dark Reading Staff, Quick Hits
The Joker's Stash underground marketplace is offering stolen payment card data from Wawa's recently disclosed data breach.
By Dark Reading Staff , 1/29/2020
Comment0 comments  |  Read  |  Post a Comment
Securing Containers with Zero Trust
Peter Smith, Founder & Chief Executive Officer, Edgewise NetworksCommentary
A software identity-based approach should become a standard security measure for protecting workloads in all enterprise networks.
By Peter Smith Founder & Chief Executive Officer, Edgewise Networks, 1/29/2020
Comment0 comments  |  Read  |  Post a Comment
Businesses Improve Their Data Security, But Privacy — Not So Much
Robert Lemos, Contributing WriterNews
While the California Consumer Privacy Act will force companies to provide a modicum of meaningful privacy, World Privacy Day still mainly celebrates data security.
By Robert Lemos Contributing Writer, 1/29/2020
Comment0 comments  |  Read  |  Post a Comment
Threat Hunting Is Not for Everyone
Anton Chuvakin, Head of Security Solution Strategy, ChronicleCommentary
Threat hunting is a sophisticated, advanced technique that should be reserved for specific instances and be conducted only by trained professionals.
By Anton Chuvakin Head of Security Solution Strategy, Chronicle, 1/29/2020
Comment1 Comment  |  Read  |  Post a Comment
Why Companies Should Care about Data Privacy Day
Brad Shimmin, Distinguished AnalystCommentary
Marking yesterday's 14th anniversary of Europe's first data protection day reminds us how far we still have to go.
By Brad Shimmin Distinguished Analyst, 1/29/2020
Comment0 comments  |  Read  |  Post a Comment
NFL, Multiple NFL Teams' Twitter Accounts Hacked and Hijacked
Dark Reading Staff, Quick Hits
Hackers claiming to be from the hacktivist group OurMine temporarily took over Twitter accounts of the NFL and several teams in the league.
By Dark Reading Staff , 1/28/2020
Comment0 comments  |  Read  |  Post a Comment
Emerging Long-Range WAN Networks Vulnerable to Hacking, Compromise
Jai Vijayan, Contributing WriterNews
The root keys used to protect communication on LoRaWAN infrastructure can be easily obtained, IOActive says.
By Jai Vijayan Contributing Writer, 1/28/2020
Comment0 comments  |  Read  |  Post a Comment
'Understand What You Believe': Fmr. FBI Agent Unpacks Information Threats
Kelly Sheridan, Staff Editor, Dark ReadingNews
In the past few years, social media has transformed from a communications gold mine to a minefield of disinformation campaigns.
By Kelly Sheridan Staff Editor, Dark Reading, 1/28/2020
Comment0 comments  |  Read  |  Post a Comment
How Do I Get My Team Started with Container Security and Kubernetes?
Edge Editors, Dark Reading
The trick is to give your technical staff enough time to learn the new technology but also keep the pressure on to deliver. Here's a smart way to begin.
By Michelle McLean, vice president of marketing at StackRox: Businesses are hearing a lot about containers and Kubernetes these days, and for good reason ... , 1/28/2020
Comment0 comments  |  Read  |  Post a Comment
Russian Brothers Sentenced to 12 Years for Fraud and Identity Theft
Dark Reading Staff, Quick Hits
The pair, based in Fort Lauderdale, Fla., were running a sophisticated credit card fraud factory.
By Dark Reading Staff , 1/28/2020
Comment0 comments  |  Read  |  Post a Comment
Intel Previews Newest 'Zombieload' Patch
Dark Reading Staff, Quick Hits
Intel has promised a third patch to remediate the Zombieload speculative execution vulnerability.
By Dark Reading Staff , 1/28/2020
Comment0 comments  |  Read  |  Post a Comment
CCPA: Cut From the Same Cloth as PCI DSS
Jonathan Deveaux, Head of Enterprise Data Protection at comforte AGCommentary
Finally, some good news about CCPA: If you've built your security infrastructure to PCI DSS standards, you may be already covered by California's new data protection rules
By Jonathan Deveaux Head of Enterprise Data Protection at comforte AG, 1/28/2020
Comment0 comments  |  Read  |  Post a Comment
New Zoom Bug Prompts Security Fix, Platform Changes
Kelly Sheridan, Staff Editor, Dark ReadingNews
A newly discovered Zoom vulnerability would have enabled an attacker to join active meetings and access audio, video, and documents shared.
By Kelly Sheridan Staff Editor, Dark Reading, 1/28/2020
Comment0 comments  |  Read  |  Post a Comment
Average Ransomware Payments More Than Doubled in Q4 2019
Jai Vijayan, Contributing WriterNews
Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
By Jai Vijayan Contributing Writer, 1/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Greater Focus on Privacy Pays Off for Firms
Robert Lemos, Contributing WriterNews
Privacy-mature companies complete sales more quickly, have fewer and less serious breaches, and recover from incidents faster, according to Cisco's annual survey.
By Robert Lemos Contributing Writer, 1/27/2020
Comment2 comments  |  Read  |  Post a Comment
How to Get the Most Out of Your Security Metrics
Curtis Simpson, Chief Information Security Officer at ArmisCommentary
There's an art to reporting security metrics so that they speak the language of leadership and connect the data from tools to business objectives.
By Curtis Simpson Chief Information Security Officer at Armis, 1/27/2020
Comment1 Comment  |  Read  |  Post a Comment
New Social Engineering Event to Train Business Pros on Human Hacking
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The DEF CON Social Engineering Capture the Flag contest inspired a new event aimed at teaching both security and non-security professionals on the fine art of hacking human behavior.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/24/2020
Comment0 comments  |  Read  |  Post a Comment
'CardPlanet' Operator Pleads Guilty in Federal Court
Dark Reading Staff, Quick Hits
Russian national faced multiple charges in connection with operating the marketplace for stolen credit-card credentials, and a forum for VIP criminals to offer their services.
By Dark Reading Staff , 1/24/2020
Comment0 comments  |  Read  |  Post a Comment
7 Steps to IoT Security in 2020
Curtis Franklin Jr., Senior Editor at Dark Reading
There are important steps security teams should take to be ready for the evolving security threats to the IoT in 2020.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/24/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Mark_McClain
Current Conversations Great insight here!
In reply to: Great!
Post Your Own Reply
More Conversations
Products & Releases
Cowbell Cyber Demystifies Cyber Insurance with Cowbell Prime 100
Tripwire Expands Industrial Security Capabilities, Launches Industrial Appliance Line, Joins ISA Global Security Alliance
California Fraudster Sentenced In Maryland To Four Years In Federal Prison For A Credit Card Fraud Scheme With Losses Of More Than $1.365 Million
Florida Man Sentenced in ATM 'Cash-out' Scheme
Kaspersky Researchers Find Lazarus Enhances Capabilities in AppleJeus Cryptocurrency Attack
MITRE Releases Framework for Cyberattacks on Industrial Control Systems
Risk & Assurance Group Joins i3forum to Tackle Voice Fraud in International Telecommunications
Auctus Advises 5nine in Acronis Buyout
More Products & Releases
PR Newswire
edge
How Do I Get My Team Started with Container Security and Kubernetes?
The trick is to give your technical staff enough time to learn the new technology but also keep the pressure on to deliver. Here's a smart way to begin.
7 Steps to IoT Security in 2020
There are important steps security teams should take to be ready for the evolving security threats to the IoT in 2020.
The Y2K Boomerang: InfoSec Lessons Learned from a New Date-Fix Problem
We all make assumptions. They rarely turn out well. A new/old date problem offers a lesson in why that's so.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I was asking about our progression steps and this is what they provided me.
White Papers
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-2099
PUBLISHED: 2020-01-29
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating ...
CVE-2020-2100
PUBLISHED: 2020-01-29
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
CVE-2020-2101
PUBLISHED: 2020-01-29
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.
CVE-2020-2102
PUBLISHED: 2020-01-29
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.
CVE-2020-2103
PUBLISHED: 2020-01-29
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Flash Poll
Video
Slideshows
Twitter Feed