Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Tax Season Security Tips
6 Factors That Raise The Stakes For IoT Security
RSAC Sets Finalists for Innovation Sandbox
5 Measures to Harden Election Technology
Assessing Cybersecurity Risk in Today's Enterprise
News & Commentary
Elastic Security Makes Case For Blending 'Human Element,' Election Security
Dark Reading Staff, Quick Hits
Nate Fick, general manager of Elastic and former CEO of Endgame, talks about the impact of AI and machine learning on security professionals, and how what technologies can be tapped to improve security in the runup to November's election.
By Dark Reading Staff , 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
How to Prevent an AWS Cloud Bucket Data Leak
Curtis Franklin Jr., Senior Editor at Dark Reading
Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions
Dr. Zvi Guterman, CEO, CloudShareCommentary
Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.
By Dr. Zvi Guterman CEO, CloudShare, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Open Cybersecurity Alliance Releases New Language for Security Integration
Dark Reading Staff, Quick Hits
OpenDXL Ontology is intended to allow security components to interoperate right out of the box.
By Dark Reading Staff , 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Next-Gen SOC Is On Its Way and Here's What It Should Contain
Dark Reading Staff, Quick Hits
The next-gen-SOC starts with the next-gen SIEM, and Jason Mical of Devo Technology and Kevin Golas from OpenText talk about what capabilities are required, including threat hunting and greater automation, and how security professionals should exploit the tools.
By Dark Reading Staff , 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
Robert Lemos, Contributing WriterNews
Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.
By Robert Lemos Contributing Writer, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski SecurityCommentary
Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.
By Wayne Reynolds Advisory CISO, Kudelski Security, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Emotet Resurfaces to Drive 145% of Threats in Q4 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysis of 92 billion rejected emails reveals a range of simple and complex attack techniques for the last quarter of 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Cryptographers Panel Tackles Espionage, Elections & Blockchain
Sara Peters, Senior Editor at Dark ReadingNews
Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.
By Sara Peters Senior Editor at Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Report: Shadow IoT Emerging as New Enterprise Security Problem
Jai Vijayan, Contributing WriterNews
Much of the traffic egressing enterprise networks are from poorly protected Internet-connected consumer devices, a Zscaler study finds.
By Jai Vijayan Contributing Writer, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Ensure Your Cloud Security Is as Modern as Your Business
Nicolas (Nico) Fischbach, Global CTO at ForcepointCommentary
Take a comprehensive approach to better protect your organization. Security hygiene is a must, but also look at your risk posture through a data protection lens.
By Nicolas (Nico) Fischbach Global CTO at Forcepoint, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Latest Security News from RSAC 2020
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2020 in San Francisco.
By Dark Reading Staff , 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Google Adds More Security Features Via Chronicle Division
Robert Lemos, Contributing WriterNews
Order out of chaos? The saga of Chronicle continues with new security features for the Google Cloud Platform.
By Robert Lemos Contributing Writer, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
KnowBe4 At BlackHat
Dark Reading Staff, Quick Hits
KnowBe4 at BlackHat
By Dark Reading Staff , 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Wendy Nather on How to Make Security 'Democratization' a Reality
Sara Peters, Senior Editor at Dark Reading
Ahead of her keynote at the RSA Conference, Cisco's head of advisory CISOs outlines to Dark Reading a unique paradigm that asks security teams to stop fighting their users -- and start sharing control with them.
By Sara Peters Senior Editor at Dark Reading, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Jessica Smith, Senior Vice President, The Crypsis GroupCommentary
There are far more ways to be helpful than adding to the noise of what a company probably did wrong.
By Jessica Smith Senior Vice President, The Crypsis Group, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
McAfee Acquires Light Point for Browser Isolation Tech
Dark Reading Staff, Quick Hits
Company plans to integrate Light Point Security's technology into the McAfee Secure Web Gateway and its Mvision UCE platform.
By Dark Reading Staff , 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Wanted: Hands-On Cybersecurity Experience
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Organizations lament a lack of qualified job candidates as they continue to struggle to hire and retain security teams, the new ISACA State of Cybersecurity 2020 report shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Verizon: Attacks on Mobile Devices Rise
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Companies of all sizes are being hit by mobile attacks and feeling the effects for extended periods of time, according to the 2020 Verizon Mobile Security Index.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Security, Networking Collaboration Cuts Breach Cost
Kelly Sheridan, Staff Editor, Dark ReadingNews
CISOs report increases in alert fatigue and the number of records breached, as well as the struggle to secure mobile devices in a new Cisco study.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
CrowdStrike Announces Automated Sensor Deployment for Falcon on Google Cloud
Mimecast's Email Security 3.0 Strategy Advances the Way Organizations Combat Email-Based Cyberattacks
ManageEngine Launches Privileged Session Management Solution
BigID Unveils Next-Generation Data Security Capabilities
Securonix Enables Use Case Testing at Full SOC Scale with New Analytics Sandbox Capability
New Enterprise Enhancements to Bugcrowd Platform Deliver Access to Skilled Security Talent and More
Fortanix Announces Availability of Self-Defending Key Management Service on VMware Cloud Marketplace
OneTrust Raises $210M in New Funding
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
Wendy Nather on How to Make Security 'Democratization' a Reality
Ahead of her keynote at the RSA Conference, Cisco's head of advisory CISOs outlines to Dark Reading a unique paradigm that asks security teams to stop fighting their users -- and start sharing control with them.
SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps
Server-side request forgery is a dangerous attack method that is also becoming an issue for the cloud. Here are some of the basics to help keep your Web server from turning against you.
10 Tough Questions CEOs Are Asking CISOs
CEOs today are prepared with better questions than 'Are we secure,' and chief information security officers had better be ready to answer.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17274
PUBLISHED: 2020-02-26
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.
CVE-2019-17275
PUBLISHED: 2020-02-26
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.
CVE-2020-3169
PUBLISHED: 2020-02-26
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a spe...
CVE-2020-3170
PUBLISHED: 2020-02-26
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could expl...
CVE-2020-3171
PUBLISHED: 2020-02-26
A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input vali...
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Flash Poll
Video
Slideshows
Twitter Feed