Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

News & Commentary
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers
Dark Reading Staff, Quick Hits
Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers.
By Dark Reading Staff , 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
Utilities' Operational Networks Continue to Be Vulnerable
Robert Lemos, Contributing WriterNews
More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.
By Robert Lemos Contributing Writer, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
10 Steps to Assess SOC Maturity in SMBs
Andrew Houshian, Associate Director of SOC and Attestation Services at A-LIGNCommentary
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
By Andrew Houshian Associate Director of SOC and Attestation Services at A-LIGN, 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
8 Ways Businesses Unknowingly Help Hackers
Kelly Sheridan, Staff Editor, Dark Reading
From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
By Kelly Sheridan Staff Editor, Dark Reading, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
Quantum-Safe Cryptography: The Time to Prepare Is Now
Scott Totzke, CEO & Cofounder, ISARA CorporationCommentary
Quantum computing is real and it's evolving fast. Is the security industry up to the challenge?
By Scott Totzke CEO & Cofounder, ISARA Corporation, 10/2/2019
Comment0 comments  |  Read  |  Post a Comment
Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls
Kelly Sheridan, Staff Editor, Dark ReadingNews
The "Prying-Eye" vulnerability could let intruders scan for unprotected meeting IDs and snoop on conference calls.
By Kelly Sheridan Staff Editor, Dark Reading, 10/1/2019
Comment0 comments  |  Read  |  Post a Comment
Navigating Your First Month as a New CISO
John Hellickson, Vice President, Advisory Services, at Kudelski Security, Inc.Commentary
The single most important thing you can do is to start building the relationships and political capital you'll need to run your security program. Here's how.
By John Hellickson Vice President, Advisory Services, at Kudelski Security, Inc., 10/1/2019
Comment0 comments  |  Read  |  Post a Comment
AIOps: The State of Full Packet Capture Enters the Age of Practicality
Randy Caldejon, co-founder, CEO and CTO, CounterFlowCommentary
How machine learning and artificial intelligence are changing the game of acting on large volumes of network data in near real time.
By Randy Caldejon co-founder, CEO and CTO, CounterFlow, 10/1/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Announces Ability to Force TLS Version Compliance
Dark Reading Staff, Quick Hits
Transport Layer Security (TLS) can be critical for security, but it must be deployed in a current version. Microsoft now provides a mechanism for administrators to guarantee the right version in their network.
By Dark Reading Staff , 9/30/2019
Comment3 comments  |  Read  |  Post a Comment
Cloud Vulnerability Could Let One Server Compromise Thousands
Kelly Sheridan, Staff Editor, Dark ReadingNews
A flaw in the OnApp cloud management platform could let an attacker compromise a private cloud with access to a single server.
By Kelly Sheridan Staff Editor, Dark Reading, 9/27/2019
Comment2 comments  |  Read  |  Post a Comment
DoorDash Breach Affects 4.9M Merchants, Customers, Workers
Dark Reading Staff, Quick Hits
The May 4 incident exposed data belonging to users on the platform on or before April 5, 2018.
By Dark Reading Staff , 9/27/2019
Comment0 comments  |  Read  |  Post a Comment
Bridging the Gap Between Security & DevOps
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
An inside look into the engineering mindset of DevOps from the vantage of a career security professional.
By John B. Dickson CISSP, Principal, Denim Group, 9/26/2019
Comment0 comments  |  Read  |  Post a Comment
New Emergency Communications Plan Released by CISA
Dark Reading Staff, Quick Hits
The Cybersecurity and Infrastructure Security Agency's latest version of the National Emergency Communications Plan comes after a two-year process to improve the cybersecurity and flexibility of the nation's emergency communications.
By Dark Reading Staff , 9/25/2019
Comment0 comments  |  Read  |  Post a Comment
When Compliance Isn't Enough: A Case for Integrated Risk Management
Kelly Sheridan, Staff Editor, Dark ReadingNews
Why governance, risk, and compliance solutions lull companies into a false sense of security, and how to form a more effective approach.
By Kelly Sheridan Staff Editor, Dark Reading, 9/25/2019
Comment0 comments  |  Read  |  Post a Comment
Long-Lining: Reeling In the Big Fish in Your Supply Chain
Saumitra Das, CTO and Co-Founder of Blue HexagonCommentary
The object of this new attack campaign is not swordfish or tuna but high-ranking executives within target organizations.
By Saumitra Das CTO and Co-Founder of Blue Hexagon, 9/25/2019
Comment0 comments  |  Read  |  Post a Comment
The Future of Account Security: A World Without Passwords?
Chris Roberts, Chief Security Strategist, Attivo NetworksCommentary
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
By Chris Roberts Chief Security Strategist, Attivo Networks, 9/25/2019
Comment4 comments  |  Read  |  Post a Comment
Startup Cowbell Cyber Launches 'Continuous Underwriting' Platform
Jai Vijayan, Contributing WriterNews
New inside-out approach will give SMBs a way to buy insurance coverage based on a realistic and ongoing assessment of their risk, company says.
By Jai Vijayan Contributing Writer, 9/24/2019
Comment0 comments  |  Read  |  Post a Comment
6 Best Practices for Performing Physical Penetration Tests
Daniel Wood, Associate Vice President of Consulting, Bishop FoxCommentary
A cautionary tale from a pen test gone wrong in an Iowa county courthouse.
By Daniel Wood Associate Vice President of Consulting, Bishop Fox, 9/24/2019
Comment0 comments  |  Read  |  Post a Comment
Rethinking Risk Management
Kelly Sheridan, Staff Editor, Dark ReadingNews
Where most organizations fall short in risk management tools, technologies, and talent, and how they can improve.
By Kelly Sheridan Staff Editor, Dark Reading, 9/23/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17545
PUBLISHED: 2019-10-14
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVE-2019-17546
PUBLISHED: 2019-10-14
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
CVE-2019-17547
PUBLISHED: 2019-10-14
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVE-2019-17501
PUBLISHED: 2019-10-14
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen).
CVE-2019-17539
PUBLISHED: 2019-10-14
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.