Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
7 Online Safety Tips for College Students
8 Head-Turning Ransomware Attacks to Hit City Governments
Contest: Name That Toon
Moving on Up: Ready for Your Apps to Live in the Cloud?
News & Commentary
Cloud Services Require a Shift in Security Strategy
Dark Reading Staff, CommentaryVideo
End-user organizations have their security management tools, but so do cloud service providers, and that forces some hard questions about whose tools will be used to keep everything locked down, says Jesse Rothstein, CTO and Co-Founder of ExtraHop. And he makes the case that better data hygiene can help decrease the chances of a breach.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Regular User Training Most Effective Security Antidote
Dark Reading Staff, CommentaryVideo
Social engineering remains the top vulnerability organizations face because humans remain the easiest way to access networks or databases, says Stu Sjouwerman, Founder and CEO of KnowBe4. Regular training sessions coupled with creation of a "human firewall" remain the most effective protections against social engineering and phishing, he adds.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Analytics and Security Prove Effective Security Hybrid
Dark Reading Staff, CommentaryVideo
Against the backdrop of consolidation in the SIEM and SOAR sectors, infosec professionals are deploying some combination of analytics and security, according to Haiyan Song, Senior Vice President & General Manager of Security Markets for Splunk. Analytics helps organizations make better decisions and detect anomalies faster, she adds.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Haas Formula 1 CIO Builds Security at 230 Miles per Hour
Curtis Franklin Jr., Senior Editor at Dark Reading
As the CIO for both Formula 1 and NASCAR racing teams, Gary Foote is tackling the same security issues as other manufacturing CIOs -- with a huge dash of motorized mayhem thrown in.
By Case Study , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
New Malware Variant Targets Old Adobe, Office Vulnerabilities
Jai Vijayan, Contributing WriterNews
Criminals appear to have developed it knowing some users have not patched or updated to newer versions, Trend Micro says.
By Jai Vijayan Contributing Writer, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Time to Get Smarter About Threat Intel
Dark Reading Staff, CommentaryVideo
Bad actors move faster than threat intelligence feeds and the infosec pros who monitor them, notes Joakim Kennedy, Threat Intel Manager for Anomali Research. Organizations need to establish a dedicated team to manage threat intel, and an adequate budget. Kennedy also encourages intelligence sharing as part of a stepped-up protection strategy.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft remains the favorite brand to spoof in phishing campaigns, but more attackers are impersonating Facebook.
By Kelly Sheridan Staff Editor, Dark Reading, 8/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Some aviation experts and security researchers are trying to foster closer alliances for securing airplane networks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Make DNS a Cornerstone of Your Cyber Security Arsenal
Dark Reading Staff, CommentaryVideo
Better known for their essential role in networking, Domain Name Servers should be tapped as a means to identify – and shut down – suspicious or destructive activity, according to Anthony James, VP of Marketing for Infoblox. He also explains how to combine DNS with DHCP and IP address management to improve an organization's security.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security
Rik Turner, Principal Analyst, Infrastructure Solutions, OvumCommentary
Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.
By Rik Turner Principal Analyst, Infrastructure Solutions, Ovum, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Endgame Boosts Apple Security to Be Commensurate with Windows Security
Dark Reading Staff, CommentaryVideo
Gone are the days when users could take refuge from Windows threats with Apple devices, as malware writers are exploiting OSX and iOS with real vigor, says Mark Dufresne, VP of R&D at Endgame. And though it's taken a while, Mac security has achieved parity with Windows so that Apple users need no longer settle for "protected enough."
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
LinkedIn Details Features of Fight Against Fakes
Dark Reading Staff, Quick Hits
A recent blog post explains how the social network is fighting to protect its users from interactions with fake accounts.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Texas Towns Recover, but Local Governments Have Little Hope for Respite from Ransomware
Robert Lemos, Contributing WriterNews
Their struggles underscore the difficulties for small towns in dealing with cyberattacks.
By Robert Lemos Contributing Writer, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
SafeGuard Cyber Adds Security, Compliance Capabilities for WeChat
Dark Reading Staff, Quick Hits
A lack of visibility into the app could expose business users to compliance risks and security threats, the company says.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Secureworks Pushes Human Intelligence, Machine Learning to Work Together
Dark Reading Staff, CommentaryVideo
Eschewing the either-or approach with machine learning, security operations centers must learn to identify and exploit the best of both approaches according to Secureworks' Tim Vidas and Nash Borges. Taken together, human and machine intelligence can be a force multiplier against human cyber adversaries, they say.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
5 Identity Challenges Facing Today’s IT Teams
John Bennett, Senior VP & General Manager of Identity & Access at LastPass by LogMeInCommentary
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
By John Bennett Senior VP & General Manager of Identity & Access at LastPass by LogMeIn, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Asset Management Becomes the New Security Model
Dark Reading Staff, CommentaryVideo
While security pros once rallied around end-device management as their organizing principle, that approach is being subsumed by asset management, according to Dean Sysman, CEO and Co-Founder of Axonius. Device management becomes a subset of asset management, as organizations create a hierarchy to protect what's most valuable to them, he adds.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Silence APT Group Broadens Attacks on Banks, Gets More Dangerous
Jai Vijayan, Contributing WriterNews
Over the past year, the financial damage linked to the Russian-speaking threat group has spiked fivefold, Group-IB says.
By Jai Vijayan Contributing Writer, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
Splunk Buys SignalFx for $1.05 Billion
Dark Reading Staff, Quick Hits
Deal will yield 'one platform that can monitor the entire enterprise application lifecycle,' Splunk CEO says.
By Dark Reading Staff , 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Federal Grand Jury Indicts 80 Defendants in International BEC Scams
Veracode Releases Advanced Software Composition Analysis Solution Decreasing Open Source Risk
Remediant Secures $15 Million in Series A Funding Round Co-led By Dell Technologies Capital and ForgePoint Capital
JASK Integrates with Cisco Security Portfolio, Joins Cisco Security Technical Alliance
Morphisec Announces 2019 Women in Cybersecurity Scholarship Winners
OwnBackup Appoints Adrian Kunzle as Head of Product & Strategy
ZeroFOX Launches Election Protection Package
Global Cyber Alliance Launches Cybersecurity Development Platform for Internet of Things (IoT) Devices
More Products & Releases
PR Newswire
sponsored by

The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.
Figuring that out actually begins with a broader question.
Engineering teams have only a certain amount of capacity. Cutting down the volume of rework inherent in the open source business model begins with three best practices.
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15498
PUBLISHED: 2019-08-23
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.
CVE-2019-15499
PUBLISHED: 2019-08-23
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.
CVE-2019-13139
PUBLISHED: 2019-08-22
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the ...
CVE-2019-15325
PUBLISHED: 2019-08-22
In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.
CVE-2019-15326
PUBLISHED: 2019-08-22
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Flash Poll
Video
Slideshows
Twitter Feed