Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
7 Online Safety Tips for College Students
8 Head-Turning Ransomware Attacks to Hit City Governments
Contest: Name That Toon
Moving on Up: Ready for Your Apps to Live in the Cloud?
News & Commentary
Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security
Rik Turner, Principal Analyst, Infrastructure Solutions, OvumCommentary
Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.
By Rik Turner Principal Analyst, Infrastructure Solutions, Ovum, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Endgame Boosts Apple Security to Be Commensurate with Windows Security
Dark Reading Staff, CommentaryVideo
Gone are the days when users could take refuge from Windows threats with Apple devices, as malware writers are exploiting OSX and iOS with real vigor, says Mark Dufresne, VP of R&D at Endgame. And though it's taken a while, Mac security has achieved parity with Windows so that Apple users need no longer settle for "protected enough."
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
LinkedIn Details Features of Fight Against Fakes
Dark Reading Staff, Quick Hits
A recent blog post explains how the social network is fighting to protect its users from interactions with fake accounts.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Texas Towns Recover, But Local Governments Have Little Hope For Respite from Ransomware
Robert Lemos, Contributing WriterNews
Their struggles underscore the difficulties for small towns in dealing with cyberattacks.
By Robert Lemos Contributing Writer, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
SafeGuard Cyber Adds Security, Compliance Capabilities for WeChat
Dark Reading Staff, Quick Hits
A lack of visibility into the app could expose business users to compliance risks and security threats, the company says.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Secureworks Pushes Human Intelligence, Machine Learning to Work Together
Dark Reading Staff, CommentaryVideo
Eschewing the either-or approach with machine learning, security operations centers must learn to identify and exploit the best of both approaches according to Secureworks' Tim Vidas and Nash Borges. Taken together, human and machine intelligence can be a force multiplier against human cyber adversaries, they say.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
5 Identity Challenges Facing Today’s IT Teams
John Bennett, Senior VP & General Manager of Identity & Access at LastPass by LogMeInCommentary
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
By John Bennett Senior VP & General Manager of Identity & Access at LastPass by LogMeIn, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Asset Management Becomes the New Security Model
Dark Reading Staff, CommentaryVideo
While security pros once rallied around end-device management as their organizing principle, that approach is being subsumed by asset management, according to Dean Sysman, CEO and Co-Founder of Axonius. Device management becomes a subset of asset management, as organizations create a hierarchy to protect what's most valuable to them, he adds.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Silence APT Group Broadens Attacks on Banks, Gets More Dangerous
Jai Vijayan, Contributing WriterNews
Over the past year, the financial damage linked to the Russian-speaking threat group has spiked fivefold, Group-IB says.
By Jai Vijayan Contributing Writer, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
Splunk Buys SignalFx for $1.05 Billion
Dark Reading Staff, Quick Hits
Deal will yield 'one platform that can monitor the entire enterprise application lifecycle,' Splunk CEO says.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark ReadingNews
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019
Comment1 Comment  |  Read  |  Post a Comment
'Box Shield' Brings New Security Controls
Kelly Sheridan, Staff Editor, Dark ReadingNews
New controls and threat detection capabilities built into Box aim to prevent accidental data leakage and misuse.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
eSentire Blends Managed Detection Response With Machine Learning
Dark Reading Staff, CommentaryVideo
While many infosec pros believe they're getting managed detection response (MDR) from their managed security service providers, that's not necessarily the case, according to Eldon Sprickerhoff, Founder and Chief Innovation Officer of eSentire. Adding machine learning to the mix helps automate MDR, strengthening an organization's security posture.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
Ransomware Hits Fortnite Players
Dark Reading Staff, Quick Hits
Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
State-Sponsored Cyberattacks Target Medical Research
Robert Lemos, Contributing WriterNews
Cancer research is a particular target among Chinese espionage groups, says security firm FireEye.
By Robert Lemos Contributing Writer, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
New Confidential Computing Consortium Includes Google, Intel, Microsoft
Dark Reading Staff, Quick Hits
The Linux Foundation plans to form a community to "define and accelerate" the adoption of confidential computing.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
Bad Actors Find Leverage With Automated Active Attacks
Dark Reading Staff, CommentaryVideo
Once used only by nation-state attackers, automated active attacks have gone mainstream and allow the average cyber-criminal to gain entry and engage in malfeasance, says Chet Wisniewski, Principal Research scientist with Sophos. Luckily, organizations are getting smarter at spotting these stealthy, customized attacks earlier than they used to.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
'Phoning Home': Your Latest Data Exfiltration Headache
Jeff Costlow, CISO, ExtraHopCommentary
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
By Jeff Costlow CISO, ExtraHop, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
7 Big Factors Putting Small Businesses At Risk
Kelly Sheridan, Staff Editor, Dark Reading
Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Veracode Releases Advanced Software Composition Analysis Solution Decreasing Open Source Risk
Remediant Secures $15 Million in Series A Funding Round Co-led By Dell Technologies Capital and ForgePoint Capital
JASK Integrates with Cisco Security Portfolio, Joins Cisco Security Technical Alliance
Morphisec Announces 2019 Women in Cybersecurity Scholarship Winners
OwnBackup Appoints Adrian Kunzle as Head of Product & Strategy
ZeroFOX Launches Election Protection Package
Global Cyber Alliance Launches Cybersecurity Development Platform for Internet of Things (IoT) Devices
Deloitte and Splunk Provide Automated Security Monitoring and Response Capabilities to Organizations Worldwide
More Products & Releases
PR Newswire
sponsored by

The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.
Figuring that out actually begins with a broader question.
Engineering teams have only a certain amount of capacity. Cutting down the volume of rework inherent in the open source business model begins with three best practices.
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7617
PUBLISHED: 2019-08-22
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.
CVE-2019-14751
PUBLISHED: 2019-08-22
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
CVE-2019-9153
PUBLISHED: 2019-08-22
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
CVE-2019-9154
PUBLISHED: 2019-08-22
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
CVE-2019-9155
PUBLISHED: 2019-08-22
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Flash Poll
Video
Slideshows
Twitter Feed