Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

2019 Pwnie Award Winners (And Those Who Wish They Weren't)
7 Online Safety Tips for College Students
8 Head-Turning Ransomware Attacks to Hit City Governments
Contest: Name That Toon
Moving on Up: Ready for Your Apps to Live in the Cloud?
News & Commentary
App Security Still Dogs Developers, End-User Organizations
Dark Reading, CommentaryVideo
Lots of re-used code, cost pressures and long lead times for application software all lead to porous security where application software is concerned, says Chris Eng, Chief Research Officer for Veracode. But an emerging role he calls a "security champion" can help circumvent those problems and make apps safer for everyone.
By Dark Reading , 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
Clogged Cache? The Edge Cartoon Contest Winners
Edge Editors, Dark Reading
Creativity flowed, but two captions rose to the top.
By Edge Editors Dark Reading, 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
Cloud Services Require a Shift in Security Strategy
Dark Reading Staff, CommentaryVideo
End-user organizations have their security management tools, but so do cloud service providers, and that forces some hard questions about whose tools will be used to keep everything locked down, says Jesse Rothstein, CTO and Co-Founder of ExtraHop. And he makes the case that better data hygiene can help decrease the chances of a breach.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Regular User Training Most Effective Security Antidote
Dark Reading Staff, CommentaryVideo
Social engineering remains the top vulnerability organizations face because humans remain the easiest way to access networks or databases, says Stu Sjouwerman, Founder and CEO of KnowBe4. Regular training sessions coupled with creation of a "human firewall" remain the most effective protections against social engineering and phishing, he adds.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Analytics and Security Prove Effective Security Hybrid
Dark Reading Staff, CommentaryVideo
Against the backdrop of consolidation in the SIEM and SOAR sectors, infosec professionals are deploying some combination of analytics and security, according to Haiyan Song, Senior Vice President & General Manager of Security Markets for Splunk. Analytics helps organizations make better decisions and detect anomalies faster, she adds.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Haas Formula 1 CIO Builds Security at 230 Miles per Hour
Curtis Franklin Jr., Senior Editor at Dark Reading
As the CIO for both Formula 1 and NASCAR racing teams, Gary Foote is tackling the same security issues as other manufacturing CIOs with a huge dash of motorized mayhem thrown in.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
New Malware Variant Targets Old Adobe, Office Vulnerabilities
Jai Vijayan, Contributing WriterNews
Criminals appear to have developed it knowing some users have not patched or updated to newer versions, Trend Micro says.
By Jai Vijayan Contributing Writer, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Time to Get Smarter About Threat Intel
Dark Reading Staff, CommentaryVideo
Bad actors move faster than threat intelligence feeds and the infosec pros who monitor them, notes Joakim Kennedy, Threat Intel Manager for Anomali Research. Organizations need to establish a dedicated team to manage threat intel, and an adequate budget. Kennedy also encourages intelligence sharing as part of a stepped-up protection strategy.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft remains the favorite brand to spoof in phishing campaigns, but more attackers are impersonating Facebook.
By Kelly Sheridan Staff Editor, Dark Reading, 8/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Some aviation experts and security researchers are trying to foster closer alliances for securing airplane networks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Make DNS a Cornerstone of Your Cyber Security Arsenal
Dark Reading Staff, CommentaryVideo
Better known for their essential role in networking, Domain Name Servers should be tapped as a means to identify and shut down suspicious or destructive activity, according to Anthony James, VP of Marketing for Infoblox. He also explains how to combine DNS with DHCP and IP address management to improve an organization's security.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security
Rik Turner, Principal Analyst, Infrastructure Solutions, OvumCommentary
Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.
By Rik Turner Principal Analyst, Infrastructure Solutions, Ovum, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Endgame Boosts Apple Security to Be Commensurate with Windows Security
Dark Reading Staff, CommentaryVideo
Gone are the days when users could take refuge from Windows threats with Apple devices, as malware writers are exploiting OSX and iOS with real vigor, says Mark Dufresne, VP of R&D at Endgame. And though it's taken a while, Mac security has achieved parity with Windows so that Apple users need no longer settle for "protected enough."
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
LinkedIn Details Features of Fight Against Fakes
Dark Reading Staff, Quick Hits
A recent blog post explains how the social network is fighting to protect its users from interactions with fake accounts.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Texas Towns Recover, but Local Governments Have Little Hope for Respite from Ransomware
Robert Lemos, Contributing WriterNews
Their struggles underscore the difficulties for small towns in dealing with cyberattacks.
By Robert Lemos Contributing Writer, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
SafeGuard Cyber Adds Security, Compliance Capabilities for WeChat
Dark Reading Staff, Quick Hits
A lack of visibility into the app could expose business users to compliance risks and security threats, the company says.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Secureworks Pushes Human Intelligence, Machine Learning to Work Together
Dark Reading Staff, CommentaryVideo
Eschewing the either-or approach with machine learning, security operations centers must learn to identify and exploit the best of both approaches according to Secureworks' Tim Vidas and Nash Borges. Taken together, human and machine intelligence can be a force multiplier against human cyber adversaries, they say.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
5 Identity Challenges Facing Todays IT Teams
John Bennett, Senior VP & General Manager of Identity & Access at LastPass by LogMeInCommentary
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
By John Bennett Senior VP & General Manager of Identity & Access at LastPass by LogMeIn, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Asset Management Becomes the New Security Model
Dark Reading Staff, CommentaryVideo
While security pros once rallied around end-device management as their organizing principle, that approach is being subsumed by asset management, according to Dean Sysman, CEO and Co-Founder of Axonius. Device management becomes a subset of asset management, as organizations create a hierarchy to protect what's most valuable to them, he adds.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/21/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by allenred123
Current Conversations useful suggestion
In reply to: cybersecurity
Post Your Own Reply
More Conversations
PR Newswire
sponsored by

The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.

As the CIO for both Formula 1 and NASCAR racing teams, Gary Foote is tackling the same security issues as other manufacturing CIOs -- with a huge dash of motorized mayhem thrown in.
Figuring that out actually begins with a broader question.
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15513
PUBLISHED: 2019-08-23
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.
CVE-2019-15504
PUBLISHED: 2019-08-23
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
CVE-2019-15505
PUBLISHED: 2019-08-23
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
CVE-2019-15507
PUBLISHED: 2019-08-23
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. Th...
CVE-2019-15508
PUBLISHED: 2019-08-23
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fi...
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Flash Poll
Video
Slideshows
Twitter Feed