Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
The Edge Cartoon Contest: You Better Watch Out ...
6 Top Nontechnical Degrees for Cybersecurity
A Cause You Care About Needs Your Cybersecurity Help
Rethinking Enterprise Data Defense
News & Commentary
Only 53% of Security Pros Have Ownership of Workforce IAM
Dark Reading Staff, Quick Hits
Most practitioners report an increase in identities, but many don't have control over how those identities are protected from a range of attacks.
By Dark Reading Staff , 12/10/2019
Comment0 comments  |  Read  |  Post a Comment
Deliver a Deadly Counterpunch to Ransomware Attacks: 4 Steps
Mathew Newfield, Chief Information Security Officer at UnisysCommentary
You can't prevent all ransomware attacks. However, it's possible to ensure that if a breach happens, it doesn't spread, affect business, and become a newsworthy event.
By Mathew Newfield Chief Information Security Officer at Unisys, 12/10/2019
Comment0 comments  |  Read  |  Post a Comment
Scientists Break Largest Encryption Key Yet with Brute Force
Dark Reading Staff, Quick Hits
The key, only one-third the length of most commercial encryption keys, took more than 35 million compute hours to break.
By Dark Reading Staff , 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft 'Campaign Views' Offers Full Look at Office 365 Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Campaign views, arriving in public preview, aims to share more context around how attackers targeted an organization and whether its defenses worked.
By Kelly Sheridan Staff Editor, Dark Reading, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
Maersk CISO Says NotPeyta Devastated Several Unnamed US firms
Black Hat Staff, Commentary
At least two companies may have been dealt even more damage than the shipping giant, which lost nearly its entire global IT infrastructure.
By By Eric Parizo, Senior Analyst, Ovum , 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
Two Bayrob Cybercrime Members Sentenced to 20 and 18 Years in Prison
Dark Reading Staff, Quick Hits
The Romanian nationals stole some $4 million in a vast malware, botnet, and cryptocurrency operation.
By Dark Reading Staff , 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
10 Notable Cybersecurity Acquisitions of 2019, Part 2
Kelly Sheridan, Staff Editor, Dark Reading
As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
By Kelly Sheridan Staff Editor, Dark Reading, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
Criminals Hide Fraud Behind the Green Lock Icon
Curtis Franklin Jr., Senior Editor at Dark Reading
Criminals are using free certificate services to apply real security certs to fraudulent sites — and to take advantage of victims looking for surfing safety.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.
By Shane Buckley President & Chief Operating Officer, Gigamon, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
New: From the Core to the Edge: 7 Reasons You Need Security at the Edge
Akamai Staff,
No longer can you secure the perimeter and trust that nothing will get in or out.
By Akamai Staff , 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC
Jai Vijayan, Contributing WriterNews
Money meant to fund an Israeli startup wound up directly deposited to the scammers.
By Jai Vijayan Contributing Writer, 12/6/2019
Comment2 comments  |  Read  |  Post a Comment
Data Center Provider CyrusOne Confirms Ransomware Attack
Dark Reading Staff, Quick Hits
The attack struck CyrusOne's managed services division and compromised six customers primarily serviced by a New York data center.
By Dark Reading Staff , 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
Senators Call for End to Controversial NSA Program
Dark Reading Staff, Quick Hits
The program for collecting telephone call metadata has faced increased scrutiny and restrictions since Edward Snowden revealed its existence in 2013.
By Dark Reading Staff , 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?
Steve Zurier, Contributing Writer
Passwordless authentication advocates see 2020 as a potential turning point year for the technology. But can the industry get off the dime?
By Steve Zurier Contributing Writer, 12/6/2019
Comment1 Comment  |  Read  |  Post a Comment
Success Enablers or Silent Killers?
Douglas Ferguson, Founder & CTO, Pharos SecurityCommentary
These five success enablers will help CISOs report, measure, and demonstrate ROI to the C-suite.
By Douglas Ferguson Founder & CTO, Pharos Security, 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Dark Reading Staff, Quick Hits
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing WriterNews
Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.
By Jai Vijayan Contributing Writer, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
With Aporeto, Palo Alto Looks Away from the Firewall and Toward the Future
Dark Reading Staff, News
Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.
By Special to Dark Reading: Maria Korolov, Data Center Knowledge , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
10 Security 'Chestnuts' We Should Roast Over the Open Fire
Joan Goodchild, Contributing Writer
These outdated security rules we all know (and maybe live by) no longer apply.
By Joan Goodchild Contributing Writer, 12/5/2019
Comment2 comments  |  Read  |  Post a Comment
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Assessments can be used against your company in court proceedings. Here's how to mitigate this potential risk.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 12/5/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by lisanicholas25
Current Conversations nice
In reply to: Re: very nice
Post Your Own Reply
Posted by attrapereves
Current Conversations Great post, good job!
In reply to: Re: Pending Review
Post Your Own Reply
More Conversations
Products & Releases
Organizations Grapple With Growing Consumer Expectation for Personalization and Security Challenges
Tenable Acquires Indegy
Nuspire Hires Lewie Dunsworth As New CEO
70 Top Hackers from Around the World Gathered in Finland for the 5G Cybersecurity Hackathon
Kaspersky finds ransomware now targeting back-up data
New Genetec Research Shows Almost 4 in 10 Security Cameras Can Be at Risk of Cyberattack Due to Outdated Firmware
LastPass Goes Passwordless
TrueFort Bolsters Management Team with 3 'Company Builder' Female Executives
More Products & Releases
PR Newswire
edge
edge
Criminals Hide Fraud Behind the Green Lock Icon
Criminals are using free certificate services to apply real security certs to fraudulent sites -- and to take advantage of victims looking for surfing safety.
New: From the Core to the Edge: 7 Reasons You Need Security at the Edge
No longer can you secure the perimeter and trust that nothing will get in or out.
Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?
Passwordless authentication advocates see 2020 as a potential turning point year for the technology. But can the industry get off the dime?
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
White Papers
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4095
PUBLISHED: 2019-12-10
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.
CVE-2019-4244
PUBLISHED: 2019-12-10
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.
CVE-2019-4521
PUBLISHED: 2019-12-10
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
CVE-2019-4663
PUBLISHED: 2019-12-10
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245...
CVE-2019-19251
PUBLISHED: 2019-12-10
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Flash Poll
Video
Slideshows
Twitter Feed