Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

RSAC Sets Finalists for Innovation Sandbox
5 Measures to Harden Election Technology
9 Things Application Security Champions Need to Succeed
AppSec Concerns Drove 61% of Businesses to Change Applications
Assessing Cybersecurity Risk in Today's Enterprise
News & Commentary
The Trouble with Free and Open Source Software
Jai Vijayan, Contributing WriterNews
Insecure developer accounts, legacy software, and nonstandard naming schemes are major problems, Linux Foundation and Harvard study concludes.
By Jai Vijayan Contributing Writer, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Dell Sells RSA to Private Equity Firm for $2.1B
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Deal with private equity entity Symphony Technology Group revealed one week before the security industry's RSA Conference in San Francisco.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Lumu to Emerge from Stealth at RSAC
Dark Reading Staff, Quick Hits
The new company will focus on giving customers earlier indications of network and server compromise.
By Dark Reading Staff , 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Ryan Weeks, Chief Information Security Officer at DattoCommentary
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
By Ryan Weeks Chief Information Security Officer at Datto, 2/18/2020
Comment2 comments  |  Read  |  Post a Comment
1.7M Nedbank Customers Affected via Third-Party Breach
Dark Reading Staff, Quick Hits
A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank.
By Dark Reading Staff , 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Firmware Weaknesses Can Turn Computer Subsystems into Trojans
Robert Lemos, Contributing WriterNews
Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants.
By Robert Lemos Contributing Writer, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
The Road(s) to Riches
Beyond the Edge, Dark Reading
You could be making millions in just two years!
By Beyond the Edge Dark Reading, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Staircase to the Cloud: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
A humorous nod to the lack of gender equity in cybersecurity hiring was our judges' unanimous choice. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
8 Things Users Do That Make Security Pros Miserable
Curtis Franklin Jr., Senior Editor at Dark Reading
When a user interacts with an enterprise system, the result can be productivity or disaster. Here are eight opportunities for the disaster side to win out over the productive.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Martin and Dorothie Hellman on Love, Crypto & Saving the World
Sara Peters, Senior Editor at Dark Reading
Martin Hellman, co-creator of the Diffie-Hellman key exchange, and his wife of 53 years, Dorothie, talk about the current state of cryptography and what making peace at home taught them about making peace on Earth.
By Sara Peters Senior Editor at Dark Reading, 2/15/2020
Comment0 comments  |  Read  |  Post a Comment
Phishing Campaign Targets Mobile Banking Users
Jai Vijayan, Contributing WriterNews
Consumers in dozens of countries were targeted, Lookout says.
By Jai Vijayan Contributing Writer, 2/14/2020
Comment0 comments  |  Read  |  Post a Comment
Palm Beach Elections Office Hit with Ransomware Pre-2016 Election
Dark Reading Staff, Quick Hits
Palm Beach County's elections supervisor does not believe the attack is linked to Russian hacking attempts targeting Florida.
By Dark Reading Staff , 2/14/2020
Comment0 comments  |  Read  |  Post a Comment
Ovum to Expand Cybersecurity Research Under New Omdia Group
Dark Reading Staff, News
Informa Tech combines Ovum, Heavy Reading, Tractica, and IHS Markit research.
By Dark Reading Staff , 2/14/2020
Comment0 comments  |  Read  |  Post a Comment
DHS Warns of Cyber Heartbreak
Dark Reading Staff, Quick Hits
Fraudulent dating and relationship apps and websites raise the risks for those seeking online romance on Valentine's Day.
By Dark Reading Staff , 2/14/2020
Comment0 comments  |  Read  |  Post a Comment
The 5 Love Languages of Cybersecurity
Fredrick Commentary
When it comes to building buy-in from the business, all cybersecurity needs is love -- especially when it comes to communication.
By Fredrick "Flee" Lee Chief Security Officer, Gusto, 2/14/2020
Comment0 comments  |  Read  |  Post a Comment
Coronavirus Raises New Business Continuity, Phishing Challenges for InfoSec
Sara Peters, Senior Editor at Dark Reading
What happens when understaffed security teams at home and abroad are sequestered in physical quarantine zones?
By Sara Peters Senior Editor at Dark Reading, 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Nearly Double Between Q4 2018 and Q4 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Peer-to-peer botnets, TCP reflection attacks, and increased activity on Sundays are three DDoS attack trends from last quarter.
By Kelly Sheridan Staff Editor, Dark Reading, 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing WriterNews
The new threat model hones in on ML security at the design state.
By Jai Vijayan Contributing Writer, 2/13/2020
Comment1 Comment  |  Read  |  Post a Comment
Babel of IoT Authentication Poses Security Challenges
Robert Lemos, Contributing WriterNews
With more than 80 different schemes for authenticating devices either proposed or implemented, best practices and reference architectures are sorely needed, experts say.
By Robert Lemos Contributing Writer, 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
Huawei Charged with RICO Violations in Federal Court
Dark Reading Staff, Quick Hits
A new set of indictments adds conspiracy to violate RICO statutes to a list of existing charges against the Chinese telecommunications giant.
By Dark Reading Staff , 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Matt Middleton-Leal Netwrix
Current Conversations Many thanks!
In reply to: Re: reading
Post Your Own Reply
More Conversations
PR Newswire
edge
When a user interacts with an enterprise system, the result can be productivity or disaster. Here are eight opportunities for the disaster side to win out over the productive.
Martin Hellman, co-creator of the Diffie-Hellman key exchange, and his wife of 53 years, Dorothie, talk about the current state of cryptography and what making peace at home taught them about making peace on Earth.
What happens when understaffed security teams at home and abroad are sequestered in physical quarantine zones?
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20477
PUBLISHED: 2020-02-19
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
CVE-2019-20478
PUBLISHED: 2020-02-19
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.
CVE-2011-2054
PUBLISHED: 2020-02-19
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper in...
CVE-2015-0749
PUBLISHED: 2020-02-19
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker ...
CVE-2015-9543
PUBLISHED: 2020-02-19
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is rel...
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Flash Poll
Video
Slideshows
Twitter Feed