Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Tax Season Security Tips
6 Factors That Raise The Stakes For IoT Security
RSAC Sets Finalists for Innovation Sandbox
5 Measures to Harden Election Technology
Assessing Cybersecurity Risk in Today's Enterprise
News & Commentary
'Cloud Snooper' Attack Circumvents AWS Firewall Controls
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Possible nation-state supply chain attack acts like a "wolf in sheep's clothing," Sophos says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
How Should I Answer a Nontech Exec Who Asks, 'How Secure Are We?'
Kurtis Minder, CEO GroupSense
Consider this your opportunity to educate.
By Kurtis Minder CEO GroupSense, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
US State Dept. Shares Insider Tips to Fight Insider Threats
Kelly Sheridan, Staff Editor, Dark ReadingNews
The insider threat is a technology, security, and personnel issue, officials said in explaining an approach that addresses all three factors.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
How to Prevent an AWS Cloud Bucket Data Leak
Curtis Franklin Jr., Senior Editor at Dark Reading
Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions
Dr. Zvi Guterman, CEO, CloudShareCommentary
Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.
By Dr. Zvi Guterman CEO, CloudShare, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Open Cybersecurity Alliance Releases New Language for Security Integration
Dark Reading Staff, Quick Hits
OpenDXL Ontology is intended to allow security components to interoperate right out of the box.
By Dark Reading Staff , 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
Robert Lemos, Contributing WriterNews
Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.
By Robert Lemos Contributing Writer, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski SecurityCommentary
Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.
By Wayne Reynolds Advisory CISO, Kudelski Security, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Emotet Resurfaces to Drive 145% of Threats in Q4 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysis of 92 billion rejected emails reveals a range of simple and complex attack techniques for the last quarter of 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Cryptographers Panel Tackles Espionage, Elections & Blockchain
Sara Peters, Senior Editor at Dark ReadingNews
Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.
By Sara Peters Senior Editor at Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Report: Shadow IoT Emerging as New Enterprise Security Problem
Jai Vijayan, Contributing WriterNews
Much of the traffic egressing enterprise networks are from poorly protected Internet-connected consumer devices, a Zscaler study finds.
By Jai Vijayan Contributing Writer, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Ensure Your Cloud Security Is as Modern as Your Business
Nicolas (Nico) Fischbach, Global CTO at ForcepointCommentary
Take a comprehensive approach to better protect your organization. Security hygiene is a must, but also look at your risk posture through a data protection lens.
By Nicolas (Nico) Fischbach Global CTO at Forcepoint, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Latest Security News from RSAC 2020
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2020 in San Francisco.
By Dark Reading Staff , 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Google Adds More Security Features Via Chronicle Division
Robert Lemos, Contributing WriterNews
Order out of chaos? The saga of Chronicle continues with new security features for the Google Cloud Platform.
By Robert Lemos Contributing Writer, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Wendy Nather on How to Make Security 'Democratization' a Reality
Sara Peters, Senior Editor at Dark Reading
Ahead of her keynote at the RSA Conference, Cisco's head of advisory CISOs outlines to Dark Reading a unique paradigm that asks security teams to stop fighting their users -- and start sharing control with them.
By Sara Peters Senior Editor at Dark Reading, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Jessica Smith, Senior Vice President, The Crypsis GroupCommentary
There are far more ways to be helpful than adding to the noise of what a company probably did wrong.
By Jessica Smith Senior Vice President, The Crypsis Group, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
McAfee Acquires Light Point for Browser Isolation Tech
Dark Reading Staff, Quick Hits
Company plans to integrate Light Point Security's technology into the McAfee Secure Web Gateway and its Mvision UCE platform.
By Dark Reading Staff , 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Wanted: Hands-On Cybersecurity Experience
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Organizations lament a lack of qualified job candidates as they continue to struggle to hire and retain security teams, the new ISACA State of Cybersecurity 2020 report shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Verizon: Attacks on Mobile Devices Rise
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Companies of all sizes are being hit by mobile attacks and feeling the effects for extended periods of time, according to the 2020 Verizon Mobile Security Index.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Security, Networking Collaboration Cuts Breach Cost
Kelly Sheridan, Staff Editor, Dark ReadingNews
CISOs report increases in alert fatigue and the number of records breached, as well as the struggle to secure mobile devices in a new Cisco study.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
CrowdStrike Announces Automated Sensor Deployment for Falcon on Google Cloud
Mimecast's Email Security 3.0 Strategy Advances the Way Organizations Combat Email-Based Cyberattacks
ManageEngine Launches Privileged Session Management Solution
BigID Unveils Next-Generation Data Security Capabilities
Securonix Enables Use Case Testing at Full SOC Scale with New Analytics Sandbox Capability
New Enterprise Enhancements to Bugcrowd Platform Deliver Access to Skilled Security Talent and More
Fortanix Announces Availability of Self-Defending Key Management Service on VMware Cloud Marketplace
OneTrust Raises $210M in New Funding
More Products & Releases
PR Newswire
Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

edge
How to Prevent an AWS Cloud Bucket Data Leak
Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.
Wendy Nather on How to Make Security 'Democratization' a Reality
Ahead of her keynote at the RSA Conference, Cisco's head of advisory CISOs outlines to Dark Reading a unique paradigm that asks security teams to stop fighting their users -- and start sharing control with them.
SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps
Server-side request forgery is a dangerous attack method that is also becoming an issue for the cloud. Here are some of the basics to help keep your Web server from turning against you.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19668
PUBLISHED: 2020-02-27
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-17963. Reason: This candidate is a reservation duplicate of CVE-2018-17963. Notes: All CVE users should reference CVE-2018-17963 instead of this candidate. All references and descriptions in this candidate have been removed to preve...
CVE-2019-12882
PUBLISHED: 2020-02-27
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2017-6363
PUBLISHED: 2020-02-27
** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for...
CVE-2017-6371
PUBLISHED: 2020-02-27
Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.
CVE-2017-5861
PUBLISHED: 2020-02-27
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000020. Reason: This candidate is a reservation duplicate of CVE-2017-1000020. Notes: All CVE users should reference CVE-2017-1000020 instead of this candidate. All references and descriptions in this candidate have been removed to...
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Flash Poll
Video
Slideshows
Twitter Feed