Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
The Edge Cartoon Contest: You Better Watch Out ...
6 Top Nontechnical Degrees for Cybersecurity
A Cause You Care About Needs Your Cybersecurity Help
Rethinking Enterprise Data Defense
News & Commentary
Scientists Break Largest Encryption Key Yet with Brute Force
Dark Reading Staff, Quick Hits
The key, only one-third the length of most commercial encryption keys, took more than 35 million compute hours to break.
By Dark Reading Staff , 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft 'Campaign Views' Offers Full Look at Office 365 Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Campaign views, arriving in public preview, aims to share more context around how attackers targeted an organization and whether its defenses worked.
By Kelly Sheridan Staff Editor, Dark Reading, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
Maersk CISO Says NotPeyta Devastated Several Unnamed US firms
Black Hat Staff, Commentary
At least two companies may have been dealt even more damage than the shipping giant, which lost nearly its entire global IT infrastructure.
By By Eric Parizo, Senior Analyst, Ovum , 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
Two Bayrob Cybercrime Members Sentenced to 20 and 18 Years in Prison
Dark Reading Staff, Quick Hits
The Romanian nationals stole some $4 million in a vast malware, botnet, and cryptocurrency operation.
By Dark Reading Staff , 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
10 Notable Cybersecurity Acquisitions of 2019, Part 2
Kelly Sheridan, Staff Editor, Dark Reading
As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
By Kelly Sheridan Staff Editor, Dark Reading, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
Criminals Hide Fraud Behind the Green Lock Icon
Curtis Franklin Jr., Senior Editor at Dark Reading
Criminals are using free certificate services to apply real security certs to fraudulent sites — and to take advantage of victims looking for surfing safety.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.
By Shane Buckley President & Chief Operating Officer, Gigamon, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
New: From the Core to the Edge: 7 Reasons You Need Security at the Edge
Akamai Staff,
No longer can you secure the perimeter and trust that nothing will get in or out.
By Akamai Staff , 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC
Jai Vijayan, Contributing WriterNews
Money meant to fund an Israeli startup wound up directly deposited to the scammers.
By Jai Vijayan Contributing Writer, 12/6/2019
Comment1 Comment  |  Read  |  Post a Comment
Data Center Provider CyrusOne Confirms Ransomware Attack
Dark Reading Staff, Quick Hits
The attack struck CyrusOne's managed services division and compromised six customers primarily serviced by a New York data center.
By Dark Reading Staff , 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
Senators Call for End to Controversial NSA Program
Dark Reading Staff, Quick Hits
The program for collecting telephone call metadata has faced increased scrutiny and restrictions since Edward Snowden revealed its existence in 2013.
By Dark Reading Staff , 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?
Steve Zurier, Contributing Writer
Passwordless authentication advocates see 2020 as a potential turning point year for the technology. But can the industry get off the dime?
By Steve Zurier Contributing Writer, 12/6/2019
Comment1 Comment  |  Read  |  Post a Comment
Success Enablers or Silent Killers?
Douglas Ferguson, Founder & CTO, Pharos SecurityCommentary
These five success enablers will help CISOs report, measure, and demonstrate ROI to the C-suite.
By Douglas Ferguson Founder & CTO, Pharos Security, 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Dark Reading Staff, Quick Hits
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing WriterNews
Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.
By Jai Vijayan Contributing Writer, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
With Aporeto, Palo Alto Looks Away from the Firewall and Toward the Future
Dark Reading Staff, News
Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.
By Special to Dark Reading: Maria Korolov, Data Center Knowledge , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
10 Security 'Chestnuts' We Should Roast Over the Open Fire
Joan Goodchild, Contributing Writer
These outdated security rules we all know (and maybe live by) no longer apply.
By Joan Goodchild Contributing Writer, 12/5/2019
Comment2 comments  |  Read  |  Post a Comment
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Assessments can be used against your company in court proceedings. Here's how to mitigate this potential risk.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 12/5/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Defender ATP Brings EDR Capabilities to macOS
Dark Reading Staff, Quick Hits
Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
By Dark Reading Staff , 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
The Human Factor: 5 Reasons Why Cybersecurity Is a People Problem
Lysa Myers, Security Researcher, ESETCommentary
The industry can only go so far in treating security as a challenge that can be resolved only by engineering.
By Lysa Myers Security Researcher, ESET, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by lisanicholas25
Current Conversations nice
In reply to: Re: very nice
Post Your Own Reply
Posted by attrapereves
Current Conversations Great post, good job!
In reply to: Re: Pending Review
Post Your Own Reply
More Conversations
Products & Releases
Tenable Acquires Indegy
Nuspire Hires Lewie Dunsworth As New CEO
70 Top Hackers from Around the World Gathered in Finland for the 5G Cybersecurity Hackathon
Kaspersky finds ransomware now targeting back-up data
New Genetec Research Shows Almost 4 in 10 Security Cameras Can Be at Risk of Cyberattack Due to Outdated Firmware
LastPass Goes Passwordless
TrueFort Bolsters Management Team with 3 'Company Builder' Female Executives
TrueFort Unveils Application Detection and Response Platform to Secure Applications & Cloud Workloads
More Products & Releases
PR Newswire
edge
edge
Criminals Hide Fraud Behind the Green Lock Icon
Criminals are using free certificate services to apply real security certs to fraudulent sites -- and to take advantage of victims looking for surfing safety.
New: From the Core to the Edge: 7 Reasons You Need Security at the Edge
No longer can you secure the perimeter and trust that nothing will get in or out.
Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?
Passwordless authentication advocates see 2020 as a potential turning point year for the technology. But can the industry get off the dime?
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
White Papers
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4428
PUBLISHED: 2019-12-09
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....
CVE-2019-4611
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
CVE-2019-4612
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
CVE-2019-4621
PUBLISHED: 2019-12-09
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.
CVE-2019-19230
PUBLISHED: 2019-12-09
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Flash Poll
Video
Slideshows
Twitter Feed