Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Tips to Improve Your Employees' Mobile Security
7 Tax Season Security Tips
RSAC Sets Finalists for Innovation Sandbox
Cartoon: Cyber Hiring Challenges
Assessing Cybersecurity Risk in Today's Enterprise
News & Commentary
New Trickbot Delivery Method Focuses on Windows 10
Dark Reading Staff, Quick Hits
Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.
By Dark Reading Staff , 2/28/2020
Comment2 comments  |  Read  |  Post a Comment
Latest Security News from RSAC 2020
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2020 in San Francisco.
By Dark Reading Staff , 2/28/2020
Comment2 comments  |  Read  |  Post a Comment
6 Truths About Disinformation Campaigns
Jai Vijayan, Contributing Writer
Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.
By Jai Vijayan Contributing Writer, 2/28/2020
Comment2 comments  |  Read  |  Post a Comment
Exploitation, Phishing Top Worries for Mobile Users
Robert Lemos, Contributing WriterNews
Reports find that mobile malware appears on the decline, but the exploitation of vulnerabilities along with phishing has led to a rise in compromises, experts say.
By Robert Lemos Contributing Writer, 2/28/2020
Comment11 comments  |  Read  |  Post a Comment
Reducing Risk with Data Minimization
Bethany Deeds, Senior IT Auditor at The Mako GroupCommentary
Putting your company on a data diet that reduces the amount of the sensitive data you store or use is a smart way to achieve compliance with GDPR and CCPA.
By Bethany Deeds Senior IT Auditor at The Mako Group, 2/28/2020
Comment2 comments  |  Read  |  Post a Comment
Educating Educators: Microsoft's Tips for Security Awareness Training
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft's director of security education and awareness shares his approach to helping train employees in defensive practices.
By Kelly Sheridan Staff Editor, Dark Reading, 2/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Clearview AI Customers Exposed in Data Breach
Dark Reading Staff, Quick Hits
Customers for the controversial facial recognition company were detailed in a log file leaked to news organizations.
By Dark Reading Staff , 2/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Government Employees Unprepared for Ransomware
Dark Reading Staff, Quick Hits
Data shows 73% are concerned about municipal ransomware threats but only 38% are trained on preventing these attacks.
By Dark Reading Staff , 2/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Tense Talk About Supply Chain Risk Yields Few Answers
Joan Goodchild, Contributing Writer
RSA panelists locked horns over whether the ban preventing US government agencies from doing business with Huawei is unfairly singling out the Chinese telecom giant.
By Joan Goodchild Contributing Writer, 2/27/2020
Comment1 Comment  |  Read  |  Post a Comment
How We Enabled Ransomware to Become a Multibillion-Dollar Industry
Srinivas Mukkamala, Co-founder & CEO, RiskSenseCommentary
As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.
By Srinivas Mukkamala Co-founder & CEO, RiskSense, 2/27/2020
Comment2 comments  |  Read  |  Post a Comment
Intel Analyzes Vulns Reported in its Products Last Year
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new Intel report looks at the more than 200 CVEs affecting Intel products in 2019.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
What Your Company Needs to Know About Hardware Supply Chain Security
Daniel Wood, Associate Vice President of Consulting, Bishop FoxCommentary
By establishing a process and framework, you can ensure you're not giving more advanced attackers carte blanche to your environment.
By Daniel Wood Associate Vice President of Consulting, Bishop Fox, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
'Cloud Snooper' Attack Circumvents AWS Firewall Controls
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Possible nation-state supply chain attack that cheated both cloud and on-premise firewalls acts like a "wolf in sheep's clothing," Sophos says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
How Should I Answer a Nontech Exec Who Asks, 'How Secure Are We?'
Kurtis Minder, CEO GroupSense
Consider this your opportunity to educate.
By Kurtis Minder CEO GroupSense, 2/26/2020
Comment2 comments  |  Read  |  Post a Comment
US State Dept. Shares Insider Tips to Fight Insider Threats
Kelly Sheridan, Staff Editor, Dark ReadingNews
The insider threat is a technology, security, and personnel issue, officials said in explaining an approach that addresses all three factors.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
How to Prevent an AWS Cloud Bucket Data Leak
Curtis Franklin Jr., Senior Editor at Dark Reading
Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/26/2020
Comment1 Comment  |  Read  |  Post a Comment
Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions
Dr. Zvi Guterman, CEO, CloudShareCommentary
Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.
By Dr. Zvi Guterman CEO, CloudShare, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Open Cybersecurity Alliance Releases New Language for Security Integration
Dark Reading Staff, Quick Hits
OpenDXL Ontology is intended to allow security components to interoperate right out of the box.
By Dark Reading Staff , 2/26/2020
Comment1 Comment  |  Read  |  Post a Comment
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
Robert Lemos, Contributing WriterNews
Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.
By Robert Lemos Contributing Writer, 2/26/2020
Comment6 comments  |  Read  |  Post a Comment
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski SecurityCommentary
Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.
By Wayne Reynolds Advisory CISO, Kudelski Security, 2/26/2020
Comment10 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Menlo Security Offers New Warranty for Products With Isolation Core
CrowdStrike Announces Automated Sensor Deployment for Falcon on Google Cloud
Mimecast's Email Security 3.0 Strategy Advances the Way Organizations Combat Email-Based Cyberattacks
ManageEngine Launches Privileged Session Management Solution
BigID Unveils Next-Generation Data Security Capabilities
Securonix Enables Use Case Testing at Full SOC Scale with New Analytics Sandbox Capability
New Enterprise Enhancements to Bugcrowd Platform Deliver Access to Skilled Security Talent and More
Fortanix Announces Availability of Self-Defending Key Management Service on VMware Cloud Marketplace
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Tense Talk About Supply Chain Risk Yields Few Answers
RSA panelists locked horns over whether the ban preventing US government agencies from doing business with Huawei is unfairly singling out the Chinese telecom giant.
How to Prevent an AWS Cloud Bucket Data Leak
Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.
Wendy Nather on How to Make Security 'Democratization' a Reality
Ahead of her keynote at the RSA Conference, Cisco's head of advisory CISOs outlines to Dark Reading a unique paradigm that asks security teams to stop fighting their users -- and start sharing control with them.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3006
PUBLISHED: 2020-02-28
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for so...
CVE-2015-5361
PUBLISHED: 2020-02-28
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensi...
CVE-2020-6803
PUBLISHED: 2020-02-28
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.
CVE-2020-6804
PUBLISHED: 2020-02-28
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
CVE-2019-4301
PUBLISHED: 2020-02-28
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Flash Poll
Video
Slideshows
Twitter Feed