Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

6 Factors That Raise The Stakes For IoT Security

RSAC Sets Finalists for Innovation Sandbox

5 Measures to Harden Election Technology

Assessing Cybersecurity Risk in Today's Enterprise

Top Stories

7 Tax Season Security Tips

6 Factors That Raise The Stakes For IoT ...

RSAC Sets Finalists for Innovation Sandbox

5 Measures to Harden Election Technology

Assessing Cybersecurity Risk in Today's ...

News & Commentary

Clearview AI Customers Exposed in Data Breach

Quick Hits

Customers for the controversial facial recognition company were detailed in a log file leaked to news organizations.

By Dark Reading Staff , 2/27/2020

0 comments | Read | Post a Comment

Government Employees Unprepared for Ransomware

Quick Hits

Data shows 73% are concerned about municipal ransomware threats but only 38% are trained on preventing these attacks.

By Dark Reading Staff , 2/27/2020

0 comments | Read | Post a Comment

Tense Talk About Supply Chain Risk Yields Few Answers

RSA panelists locked horns over whether the ban preventing US government agencies from doing business with Huawei is unfairly singling out the Chinese telecom giant.

By Joan Goodchild Contributing Writer, 2/27/2020

0 comments | Read | Post a Comment

Latest Security News from RSAC 2020

News

Check out Dark Reading's updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2020 in San Francisco.

By Dark Reading Staff , 2/27/2020

0 comments | Read | Post a Comment

How We Enabled Ransomware to Become a Multibillion-Dollar Industry

Srinivas Mukkamala, Co-founder & CEO, RiskSense

Commentary

As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.

By Srinivas Mukkamala Co-founder & CEO, RiskSense, 2/27/2020

1 Comment | Read | Post a Comment

Latest Comment: ConcernedCitizen, A: Microsoft. Every ransomware incident is because of insecure MS Windows. ...

Intel Analyzes Vulns Reported in its Products Last Year

Curtis Franklin Jr., Senior Editor at Dark Reading

News

A new Intel report looks at the more than 250 CVEs affecting Intel products in 2019.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/27/2020

0 comments | Read | Post a Comment

What Your Company Needs to Know About Hardware Supply Chain Security

Commentary

By Daniel Wood Associate Vice President of Consulting, Bishop Fox, 2/27/2020

0 comments | Read | Post a Comment

'Cloud Snooper' Attack Circumvents AWS Firewall Controls

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Possible nation-state supply chain attack that cheated both cloud and on-premise firewalls acts like a "wolf in sheep's clothing," Sophos says.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/27/2020

0 comments | Read | Post a Comment

How Should I Answer a Nontech Exec Who Asks, 'How Secure Are We?'

Consider this your opportunity to educate.

By Kurtis Minder CEO GroupSense, 2/26/2020

0 comments | Read | Post a Comment

US State Dept. Shares Insider Tips to Fight Insider Threats

Kelly Sheridan, Staff Editor, Dark Reading

News

The insider threat is a technology, security, and personnel issue, officials said in explaining an approach that addresses all three factors.

By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2020

0 comments | Read | Post a Comment

How to Prevent an AWS Cloud Bucket Data Leak

Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/26/2020

0 comments | Read | Post a Comment

Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions

Commentary

Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.

By Dr. Zvi Guterman CEO, CloudShare, 2/26/2020

0 comments | Read | Post a Comment

Open Cybersecurity Alliance Releases New Language for Security Integration

Quick Hits

OpenDXL Ontology is intended to allow security components to interoperate right out of the box.

By Dark Reading Staff , 2/26/2020

0 comments | Read | Post a Comment

Kr00k Wi-Fi Vulnerability Affected a Billion Devices

News

Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.

By Robert Lemos Contributing Writer, 2/26/2020

1 Comment | Read | Post a Comment

Latest Comment: boholuxe, After reading this article I feel insecure

5 Ways to Up Your Threat Management Game

Wayne Reynolds, Advisory CISO, Kudelski Security

Commentary

Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.

By Wayne Reynolds Advisory CISO, Kudelski Security, 2/26/2020

5 comments | Read | Post a Comment

Latest Comment: Dr.T, " collaboration between security organizations in different companies was taboo....

Emotet Resurfaces to Drive 145% of Threats in Q4 2019

News

Analysis of 92 billion rejected emails reveals a range of simple and complex attack techniques for the last quarter of 2019.

By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2020

0 comments | Read | Post a Comment

Cryptographers Panel Tackles Espionage, Elections & Blockchain

Sara Peters, Senior Editor at Dark Reading

News

Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.

By Sara Peters Senior Editor at Dark Reading, 2/26/2020

0 comments | Read | Post a Comment

Report: Shadow IoT Emerging as New Enterprise Security Problem

News

Much of the traffic egressing enterprise networks are from poorly protected Internet-connected consumer devices, a Zscaler study finds.

By Jai Vijayan Contributing Writer, 2/25/2020

0 comments | Read | Post a Comment

Ensure Your Cloud Security Is as Modern as Your Business

Nicolas (Nico) Fischbach, Global CTO at Forcepoint

Commentary

Take a comprehensive approach to better protect your organization. Security hygiene is a must, but also look at your risk posture through a data protection lens.

By Nicolas (Nico) Fischbach Global CTO at Forcepoint, 2/25/2020

0 comments | Read | Post a Comment

Google Adds More Security Features Via Chronicle Division

News

Order out of chaos? The saga of Chronicle continues with new security features for the Google Cloud Platform.

By Robert Lemos Contributing Writer, 2/25/2020

5 comments | Read | Post a Comment

Latest Comment: Dr.T, "Such platforms help reduce the amount of time analysts are swapping between...

More Stories

Current Conversations

Posted by rforrest123

I expected the the New Snowman Academy to be less obvious

In reply to: Obvious
Post Your Own Reply

Posted by Dr.T

" collaboration between security organizations in different companies was taboo. Today, it's required. " Collaboration can really happen if we can anonymize data.

In reply to: Collaboration
Post Your Own Reply

Posted by Dr.T

" They are highly effective when leveraged to continually improve an operational program " Threats are changing obviously programs and countermeasures have to adapt.

In reply to: Improvement
Post Your Own Reply

Posted by Dr.T

" Inventory management is a common struggle, partially because VTM teams use a combination of sources to identify where assets live." I agree. If we do not know where they are most likely we do not know what they do either....

In reply to: Assets
Post Your Own Reply

Posted by Dr.T

" VTM strategies should include effective, timely, and collaborative reporting of actionable metrics. " I think timely is operative word in here. All these things come together at one point but mainly late.

In reply to: Timely
Post Your Own Reply

Posted by Dr.T

" Good security programs start with a mindset that it's not about the tools, it's what you do with them." For me it is less about to tools more about processes we incorporate into our daily routines.

In reply to: Security
Post Your Own Reply

Posted by ConcernedCitizen

A: Microsoft. Every ransomware incident is because of insecure MS Windows. MS is never mentioned as having any responsibilty yet they are the basis of the hacks. Bill Gates: Trustworthy Computing ...more important...

In reply to: Q: How Did We Enable Ransomware to Become a Multibillion-Dollar Industry?
Post Your Own Reply

Posted by Dr.T

"Such platforms help reduce the amount of time analysts are swapping between different dashboards on different products, the company said in a statement." This would be biggest impact, if information is gathered and available...

In reply to: Time
Post Your Own Reply

Posted by Dr.T

"Such platforms help reduce the amount of time analysts are swapping between different dashboards on different products, the company said in a statement." I think leads about dashboards not about not knowing where to look...

In reply to: Dashboards
Post Your Own Reply

Posted by Dr.T

" Google reabsorbed Chronicle back into its Google Cloud business, potentially reducing the independent threat platform into a service offering on the Google Cloud Platform (GCP)" This may mean you can not have it unless...

In reply to: GCP
Post Your Own Reply

Posted by Dr.T

" Backstory, a cloud-based service to bring varied threat intelligence together to give security teams context regarding threats facing their business." Providing context would be most valuable obviously, just want to wait...

In reply to: Context
Post Your Own Reply

Posted by Dr.T

" This advanced threat detection provides massively scalable, real-time and retroactive rule execution." When I hear anything rule based the I can easily guess that it will be a challenge to maintain.

In reply to: Rules decay
Post Your Own Reply

More Conversations

Products & Releases

Menlo Security Offers New Warranty for Products With Isolation Core

CrowdStrike Announces Automated Sensor Deployment for Falcon on Google Cloud

Mimecast's Email Security 3.0 Strategy Advances the Way Organizations Combat Email-Based Cyberattacks

ManageEngine Launches Privileged Session Management Solution

BigID Unveils Next-Generation Data Security Capabilities

Securonix Enables Use Case Testing at Full SOC Scale with New Analytics Sandbox Capability

New Enterprise Enhancements to Bugcrowd Platform Deliver Access to Skilled Security Talent and More

Fortanix Announces Availability of Self-Defending Key Management Service on VMware Cloud Marketplace

More Products & Releases

PR Newswire

Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Tense Talk About Supply Chain Risk Yields Few Answers

RSA panelists locked horns over whether the ban preventing US government agencies from doing business with Huawei is unfairly singling out the Chinese telecom giant.

How to Prevent an AWS Cloud Bucket Data Leak

Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.

Wendy Nather on How to Make Security 'Democratization' a Reality

Ahead of her keynote at the RSA Conference, Cisco's head of advisory CISOs outlines to Dark Reading a unique paradigm that asks security teams to stop fighting their users -- and start sharing control with them.

Live Events

Webinars

March 16-19, 2020: Data Center World Registration is open! Join Us

Data Center World: The leading conference & expo for Data Center and IT Infrastructure Professionals. Register Today!

Get Insights: Cisco vs Microsoft & More at EC20 Orlando

More Informa Tech Live Events

Cartoon

Latest Comment: "... you see, he has solid cyber security knowledge, still we cannot hire him with his long hair and T-shirt"

Cartoon Archive

White Papers

IT Careers: Tech Drives Constant Change

Data Protection: Verify Anything and Everything

6 Emerging Cyber Threats That Enterprises Face in 2020

Research Report: Rethinking Security for Digital Transformation

Maximize the ROI of Detection and Response

More White Papers

Current Issue

6 Emerging Cyber Threats That Enterprises Face in 2020

This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-9431
PUBLISHED: 2020-02-27

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.

CVE-2020-9432
PUBLISHED: 2020-02-27

openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.

CVE-2020-9433
PUBLISHED: 2020-02-27

openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.

CVE-2020-9434
PUBLISHED: 2020-02-27

openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.

CVE-2020-6383
PUBLISHED: 2020-02-27

Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Reports

How Enterprises Are Developing and Maintaining Secure Applications

The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.

Download Now!

How Enterprises are Attacking the Cybersecurity Problem

0 comments

How Data Breaches affect the Enterprise

0 comments

Rethinking Enterprise Data Defense

0 comments

More Reports

Flash Poll

All Polls

Video