Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
10 Low-Cost (or Free!) Ways to Boost Your Security AI Skills
7 Biggest Cloud Security Blind Spots
Cartoon: Identity Theft Mitigation
7 Big Factors Putting Small Businesses At Risk
Moving on Up: Ready for Your Apps to Live in the Cloud?
News & Commentary
Ransomware Trains Its Sights on Cloud Providers
Dark Reading Staff, CommentaryVideo
Ransomware writers are now targeting cloud service providers with network file encryption attacks as a way to hold hostage the maximum number of customers that they can, notes Chris Morales, head of security analytics for Vectra. He also discusses Vectra's new ransomware report, which offers tips for protecting against virtual hostage taking.
By Dark Reading Staff , 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
Qualys Launches Free App for IT Asset Discovery and Inventory
Dark Reading Staff, CommentaryVideo
Qualys's Chairman and CEO, Philippe Courtot talks about changes in the security landscape he's witnessed during the company's 20-year lifespan, as well as what motivated the vendor to give away its Global IT Asset Discovery and Inventory app for free.
By Dark Reading Staff , 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
IBM Announces Quantum Safe Encryption
Dark Reading Staff, Quick Hits
Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.
By Dark Reading Staff , 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
80 Charged in Massive BEC Operation Bust
Kelly Sheridan, Staff Editor, Dark ReadingNews
A group of mostly Nigerian nationals attempted to steal $46 million through business email compromise and romance scams, the FBI reports.
By Kelly Sheridan Staff Editor, Dark Reading, 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
Virtual World of Containers, VMs Creates New Security Challenges
Dark Reading Staff, CommentaryVideo
Containers, virtual machines, and the advent of DevOps as a software creation tool all put new pressures on organizations' security strength, according to Dan Hubbard, CEO of Lacework. Cloud's ability to offer scale, capacity, and processing power may even exacerbate the vulnerabilities unless properly managed, he adds.
By Dark Reading Staff , 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
VMware to Buy Carbon Black for $2.1B
Dark Reading Staff, Quick Hits
Virtual machine giant's big cloud move includes plans to shell out $2.7 billion in stock transactions for Pivotal Software.
By Dark Reading Staff , 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
Capital One Breach: What Security Teams Can Do Now
Dr. Richard Gold, Head of Security Engineering at Digital ShadowsCommentary
Knowing the methods of the attacker, as laid out in the federal indictment, allow us to prevent similar attacks.
By Dr. Richard Gold Head of Security Engineering at Digital Shadows, 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
Spirent Nixes Over-Reliance on Compliance Checklists for Good Security
Dark Reading Staff, CommentaryVideo
Enterprises must regularly validate their security efficacy based on real-time conditions, not compliance criteria, says John Weinschenk, General manager, Enterprise Network and Application Security of Spirent. That sort of testing returns actionable data to tune devices, update policies, and fortify defenses before they are compromised, he adds.
By Dark Reading Staff , 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
10 Low-Cost (or Free!) Ways to Boost Your Security AI Skills
Curtis Franklin Jr., Senior Editor at Dark Reading
The following hardware and software options will amplify your know-how about artificial intelligence and how to apply it to security — without busting any budgets.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
App Security Still Dogs Developers, End-User Organizations
Dark Reading, CommentaryVideo
Lots of re-used code, cost pressures and long lead times for application software all lead to porous security where application software is concerned, says Chris Eng, Chief Research Officer for Veracode. But an emerging role he calls a "security champion" can help circumvent those problems and make apps safer for everyone.
By Dark Reading , 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
Clogged Cache? The Edge Cartoon Contest Winners
Edge Editors, Dark Reading
Creativity flowed, but two captions rose to the top.
By Edge Editors Dark Reading, 8/23/2019
Comment0 comments  |  Read  |  Post a Comment
Cloud Services Require a Shift in Security Strategy
Dark Reading Staff, CommentaryVideo
End-user organizations have their security management tools, but so do cloud service providers, and that forces some hard questions about whose tools will be used to keep everything locked down, says Jesse Rothstein, CTO and Co-Founder of ExtraHop. And he makes the case that better data hygiene can help decrease the chances of a breach.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Regular User Training Most Effective Security Antidote
Dark Reading Staff, CommentaryVideo
Social engineering remains the top vulnerability organizations face because humans remain the easiest way to access networks or databases, says Stu Sjouwerman, Founder and CEO of KnowBe4. Regular training sessions coupled with creation of a "human firewall" remain the most effective protections against social engineering and phishing, he adds.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Analytics and Security Prove Effective Security Hybrid
Dark Reading Staff, CommentaryVideo
Against the backdrop of consolidation in the SIEM and SOAR sectors, infosec professionals are deploying some combination of analytics and security, according to Haiyan Song, Senior Vice President & General Manager of Security Markets for Splunk. Analytics helps organizations make better decisions and detect anomalies faster, she adds.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Haas Formula 1 CIO Builds Security at 230 Miles per Hour
Curtis Franklin Jr., Senior Editor at Dark Reading
As the CIO for both Formula 1 and NASCAR racing teams, Gary Foote is tackling the same security issues as other manufacturing CIOs — with a huge dash of motorized mayhem thrown in.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
New Malware Variant Targets Old Adobe, Office Vulnerabilities
Jai Vijayan, Contributing WriterNews
Criminals appear to have developed it knowing some users have not patched or updated to newer versions, Trend Micro says.
By Jai Vijayan Contributing Writer, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Time to Get Smarter About Threat Intel
Dark Reading Staff, CommentaryVideo
Bad actors move faster than threat intelligence feeds and the infosec pros who monitor them, notes Joakim Kennedy, Threat Intel Manager for Anomali Research. Organizations need to establish a dedicated team to manage threat intel, and an adequate budget. Kennedy also encourages intelligence sharing as part of a stepped-up protection strategy.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft remains the favorite brand to spoof in phishing campaigns, but more attackers are impersonating Facebook.
By Kelly Sheridan Staff Editor, Dark Reading, 8/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Some aviation experts and security researchers are trying to foster closer alliances for securing airplane networks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/22/2019
Comment2 comments  |  Read  |  Post a Comment
Make DNS a Cornerstone of Your Cyber Security Arsenal
Dark Reading Staff, CommentaryVideo
Better known for their essential role in networking, Domain Name Servers should be tapped as a means to identify – and shut down – suspicious or destructive activity, according to Anthony James, VP of Marketing for Infoblox. He also explains how to combine DNS with DHCP and IP address management to improve an organization's security.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by allenred123
Current Conversations useful suggestion
In reply to: cybersecurity
Post Your Own Reply
More Conversations
Products & Releases
Ping Identity Files Registration Statement for Proposed IPO
Cyberbit & Purdue Partner to Advance Cybersecurity Workforce Education & Training
Federal Grand Jury Indicts 80 Defendants in International BEC Scams
Veracode Releases Advanced Software Composition Analysis Solution Decreasing Open Source Risk
Remediant Secures $15 Million in Series A Funding Round Co-led By Dell Technologies Capital and ForgePoint Capital
JASK Integrates with Cisco Security Portfolio, Joins Cisco Security Technical Alliance
Morphisec Announces 2019 Women in Cybersecurity Scholarship Winners
OwnBackup Appoints Adrian Kunzle as Head of Product & Strategy
More Products & Releases
PR Newswire
sponsored by

The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.
As the CIO for both Formula 1 and NASCAR racing teams, Gary Foote is tackling the same security issues as other manufacturing CIOs -- with a huge dash of motorized mayhem thrown in.
Figuring that out actually begins with a broader question.
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
Register for Dark Reading Newsletters
Cartoon
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVE-2019-12400
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
CVE-2019-15092
PUBLISHED: 2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Flash Poll
Video
Slideshows
Twitter Feed