Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Tips to Improve Your Employees' Mobile Security
7 Tax Season Security Tips
RSAC Sets Finalists for Innovation Sandbox
Cartoon: Cyber Hiring Challenges
Assessing Cybersecurity Risk in Today's Enterprise
News & Commentary
Reducing Risk with Data Minimization
Bethany Deeds, Senior IT Auditor at The Mako GroupCommentary
Putting your company on a data diet that reduces the amount of the sensitive data you store or use is a smart way to achieve compliance with GDPR and CCPA.
By Bethany Deeds Senior IT Auditor at The Mako Group, 2/28/2020
Comment0 comments  |  Read  |  Post a Comment
Latest Security News from RSAC 2020
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2020 in San Francisco.
By Dark Reading Staff , 2/28/2020
Comment0 comments  |  Read  |  Post a Comment
Educating Educators: Microsoft's Tips for Security Awareness Training
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft's director of security education and awareness shares his approach to helping train employees in defensive practices.
By Kelly Sheridan Staff Editor, Dark Reading, 2/28/2020
Comment0 comments  |  Read  |  Post a Comment
Clearview AI Customers Exposed in Data Breach
Dark Reading Staff, Quick Hits
Customers for the controversial facial recognition company were detailed in a log file leaked to news organizations.
By Dark Reading Staff , 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
Government Employees Unprepared for Ransomware
Dark Reading Staff, Quick Hits
Data shows 73% are concerned about municipal ransomware threats but only 38% are trained on preventing these attacks.
By Dark Reading Staff , 2/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Tense Talk About Supply Chain Risk Yields Few Answers
Joan Goodchild, Contributing Writer
RSA panelists locked horns over whether the ban preventing US government agencies from doing business with Huawei is unfairly singling out the Chinese telecom giant.
By Joan Goodchild Contributing Writer, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
How We Enabled Ransomware to Become a Multibillion-Dollar Industry
Srinivas Mukkamala, Co-founder & CEO, RiskSenseCommentary
As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.
By Srinivas Mukkamala Co-founder & CEO, RiskSense, 2/27/2020
Comment2 comments  |  Read  |  Post a Comment
Intel Analyzes Vulns Reported in its Products Last Year
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new Intel report looks at the more than 250 CVEs affecting Intel products in 2019.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
What Your Company Needs to Know About Hardware Supply Chain Security
Daniel Wood, Associate Vice President of Consulting, Bishop FoxCommentary
By establishing a process and framework, you can ensure you're not giving more advanced attackers carte blanche to your environment.
By Daniel Wood Associate Vice President of Consulting, Bishop Fox, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
'Cloud Snooper' Attack Circumvents AWS Firewall Controls
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Possible nation-state supply chain attack that cheated both cloud and on-premise firewalls acts like a "wolf in sheep's clothing," Sophos says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
How Should I Answer a Nontech Exec Who Asks, 'How Secure Are We?'
Kurtis Minder, CEO GroupSense
Consider this your opportunity to educate.
By Kurtis Minder CEO GroupSense, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
US State Dept. Shares Insider Tips to Fight Insider Threats
Kelly Sheridan, Staff Editor, Dark ReadingNews
The insider threat is a technology, security, and personnel issue, officials said in explaining an approach that addresses all three factors.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
How to Prevent an AWS Cloud Bucket Data Leak
Curtis Franklin Jr., Senior Editor at Dark Reading
Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions
Dr. Zvi Guterman, CEO, CloudShareCommentary
Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.
By Dr. Zvi Guterman CEO, CloudShare, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Open Cybersecurity Alliance Releases New Language for Security Integration
Dark Reading Staff, Quick Hits
OpenDXL Ontology is intended to allow security components to interoperate right out of the box.
By Dark Reading Staff , 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
Robert Lemos, Contributing WriterNews
Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.
By Robert Lemos Contributing Writer, 2/26/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski SecurityCommentary
Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.
By Wayne Reynolds Advisory CISO, Kudelski Security, 2/26/2020
Comment5 comments  |  Read  |  Post a Comment
Emotet Resurfaces to Drive 145% of Threats in Q4 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysis of 92 billion rejected emails reveals a range of simple and complex attack techniques for the last quarter of 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Cryptographers Panel Tackles Espionage, Elections & Blockchain
Sara Peters, Senior Editor at Dark ReadingNews
Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.
By Sara Peters Senior Editor at Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Report: Shadow IoT Emerging as New Enterprise Security Problem
Jai Vijayan, Contributing WriterNews
Much of the traffic egressing enterprise networks are from poorly protected Internet-connected consumer devices, a Zscaler study finds.
By Jai Vijayan Contributing Writer, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Menlo Security Offers New Warranty for Products With Isolation Core
CrowdStrike Announces Automated Sensor Deployment for Falcon on Google Cloud
Mimecast's Email Security 3.0 Strategy Advances the Way Organizations Combat Email-Based Cyberattacks
ManageEngine Launches Privileged Session Management Solution
BigID Unveils Next-Generation Data Security Capabilities
Securonix Enables Use Case Testing at Full SOC Scale with New Analytics Sandbox Capability
New Enterprise Enhancements to Bugcrowd Platform Deliver Access to Skilled Security Talent and More
Fortanix Announces Availability of Self-Defending Key Management Service on VMware Cloud Marketplace
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Tense Talk About Supply Chain Risk Yields Few Answers
RSA panelists locked horns over whether the ban preventing US government agencies from doing business with Huawei is unfairly singling out the Chinese telecom giant.
How to Prevent an AWS Cloud Bucket Data Leak
Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.
Wendy Nather on How to Make Security 'Democratization' a Reality
Ahead of her keynote at the RSA Conference, Cisco's head of advisory CISOs outlines to Dark Reading a unique paradigm that asks security teams to stop fighting their users -- and start sharing control with them.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8741
PUBLISHED: 2020-02-28
A denial of service issue was addressed with improved input validation.
CVE-2020-9399
PUBLISHED: 2020-02-28
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
CVE-2020-9442
PUBLISHED: 2020-02-28
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
CVE-2019-3698
PUBLISHED: 2020-02-28
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux...
CVE-2020-9431
PUBLISHED: 2020-02-27
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Flash Poll
Video
Slideshows
Twitter Feed