Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
6 Small-Business Password Managers
10 Tips for Building Compliance by Design into Cloud Architecture
8 Holiday Security Tips for Retailers
4 Ways to Soothe a Stressed-Out Incident Response Team
8 Tips for More Secure Mobile Computing
News & Commentary
12 Tips for Dealing with a Manipulative Security Manager
Joshua Goldfarb, Independent ConsultantCommentary
Don't let yourself be stuck in an unhealthy work environment with a toxic manager who takes advantage of your talent.
By Joshua Goldfarb Independent Consultant, 11/15/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing WriterNews
Based on penetration tests and vulnerability assessments, attackers' costs to compromise a company's network increases significantly when security is continuously tested, a report finds.
By Robert Lemos Contributing Writer, 11/15/2019
Comment0 comments  |  Read  |  Post a Comment
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at NetskopeCommentary
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.
By Lamont Orange Chief Information Security Officer at Netskope, 11/15/2019
Comment0 comments  |  Read  |  Post a Comment
Symantec, McAfee Patch Privilege Escalation Bugs
Jai Vijayan, Contributing WriterNews
All versions of endpoint protection software from both vendors were susceptible to near identical issue, SafeBreach says.
By Jai Vijayan Contributing Writer, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
BSIMM10 Shows Industry Vertical Maturity
Sammy Migues, BSIMM Co-Author and Principal Scientist at SynopsysCommentary
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
By Sammy Migues BSIMM Co-Author and Principal Scientist at Synopsys, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Capture the Flag Planned to Find Missing Persons Information
Dark Reading Staff, Quick Hits
The competition, launched by SANS and Trace Labs, will put to use open source information in search of new clues.
By Dark Reading Staff , 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Attacks on Healthcare Jump 60% in 2019 - So Far
Robert Lemos, Contributing WriterNews
Well-known Trojans Emotet and Trickbot are cybercriminals' favorite weapons in their campaigns.
By Robert Lemos Contributing Writer, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
5 Cybersecurity CISO Priorities for the Future
Paul Shomo, Cybersecurity AnalystCommentary
Seven chief information security officers share their pain points and two-year spending plans.
By Paul Shomo Cybersecurity Analyst, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Dark Reading Staff, Quick Hits
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
By Dark Reading Staff , 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
8 Backup & Recovery Questions to Ask Yourself
Sara Peters, Senior Editor at Dark Reading
Don't wait until after a disaster, DDoS, or ransomware attack to learn just how good your backups really are.
By Sara Peters Senior Editor at Dark Reading, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
How Does Your Cyber Resilience Measure Up?
Troy Mattern, Vice President for Product and Services Cybersecurity at Motorola SolutionsCommentary
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
By Troy Mattern Vice President for Product and Services Cybersecurity at Motorola Solutions, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites
Jai Vijayan, Contributing WriterNews
'Pipka' JavaScript skimmer has infected at least 16 e-commerce websites so far, according to Visa's Payment Fraud Disruption Group.
By Jai Vijayan Contributing Writer, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Well, Hello, Dolly!
Beyond the Edge, Dark Reading
Eight hours is certainly a start.
By Beyond the Edge Dark Reading, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity: An Organizationwide Responsibility
Guy Bunker, CTO of ClearswiftCommentary
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
By Guy Bunker CTO of Clearswift, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
The Ripple Effect of Data Breaches: How Damage Spreads
Kelly Sheridan, Staff Editor, Dark ReadingNews
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.
By Kelly Sheridan Staff Editor, Dark Reading, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
2019 Trending as Worst Year on Record for Data Breaches
Dark Reading Staff, Quick Hits
New Risk Based Security report shows data breaches up 33.3% over last year so far.
By Dark Reading Staff , 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, GuardicoreCommentary
Avoid sinking security with principles of shipbuilding known since the 15th century.
By Ariel Zeitlin Chief Technology Officer & Co-Founder, Guardicore, 11/13/2019
Comment1 Comment  |  Read  |  Post a Comment
Cardplanet Operator Extradited for Facilitating Credit Card Fraud
Dark Reading Staff, Quick Hits
Russian national Aleksei Burkov is charged with wire fraud, access device fraud, and conspiracy to commit identity theft, among other crimes.
By Dark Reading Staff , 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLensCommentary
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
By Jack Freund Director, Risk Science at RiskLens, 11/13/2019
Comment1 Comment  |  Read  |  Post a Comment
While CISOs Fret, Business Leaders Tout Security Robustness
Jai Vijayan, Contributing WriterNews
A new Nominet survey shows a familiar disconnect between business and security teams on the matter of cyber preparedness.
By Jai Vijayan Contributing Writer, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by TerryWilliams
Current Conversations very useful information
In reply to: thanks
Post Your Own Reply
More Conversations
Products & Releases
Kaspersky: More Senior Execs Making Cyber Decisions
Trend Micro Launches Smart Factory Security Solutions
MITRE Engenuity Announces the Center for Threat-Informed Defense
Nuspire Security Researchers Discover 730% Increase in Emotet Activity
Cybrary Lands $15 Million in Series B Funding
Siemplify Integrates MITRE ATT&CK Framework into Security Operations Platform
HID Global Risk-Based User Authentication Tool Goes Live on Temenos MarketPlace
Cybervore Changes Direction, Introduces Fragglestorm™
More Products & Releases
PR Newswire
edge
edge
I'm Setting Up a Bug-Bounty Program. What Should I be Thinking About?
Here are some important points to factor into your vulnerability disclosure policy.
8 Backup & Recovery Questions to Ask Yourself
Don't wait until after a disaster, DDoS, or ransomware attack to learn just how good your backups really are.
New: 2019 State of the Internet / Security: Media Under Assault
It can't be overstated: Web attacks and credential stuffing are real, long-term threats. This white paper, sponsored by Akamai, focuses on how they are impacting the high-tech, video media, and entertainment sectors.
Register for Dark Reading Newsletters
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Looks like the Trojans are evolving into a more focused attack mode."
White Papers
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-2916
PUBLISHED: 2019-11-15
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.
CVE-2019-12757
PUBLISHED: 2019-11-15
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt t...
CVE-2019-12758
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
CVE-2019-12759
PUBLISHED: 2019-11-15
Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicat...
CVE-2019-18372
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Flash Poll
Video
Slideshows
Twitter Feed