Operations

News & Commentary
Third-Party Cyber-Risk by the Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/19/2019
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Spend Set to Reach $12.6B by 2023
Kelly Sheridan, Staff Editor, Dark ReadingNews
Growth corresponds with a greater reliance on public cloud services.
By Kelly Sheridan Staff Editor, Dark Reading, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Orion Cassetto, Senior Product Maester, ExabeamCommentary
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
By Orion Cassetto Senior Product Maester, Exabeam, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent
Dark Reading Staff, Quick Hits
The social media giant says it did not access the imported data and is notifying affected users.
By Dark Reading Staff , 4/18/2019
Comment2 comments  |  Read  |  Post a Comment
In Security, All Logs Are Not Created Equal
Joe Partlow, Chief Technology Officer, ReliaQuestCommentary
Prioritizing key log sources goes a long way toward effective incident response.
By Joe Partlow Chief Technology Officer, ReliaQuest, 4/11/2019
Comment0 comments  |  Read  |  Post a Comment
When Your Sandbox Fails
Kowsik Guruswamy, Chief Technology Officer at Menlo SecurityCommentary
The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why.
By Kowsik Guruswamy Chief Technology Officer at Menlo Security, 4/11/2019
Comment2 comments  |  Read  |  Post a Comment
Merging Companies, Merging Clouds
Scott Totman, VP of Engineering, DivvyCloudCommentary
Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy.
By Scott Totman VP of Engineering, DivvyCloud, 4/10/2019
Comment0 comments  |  Read  |  Post a Comment
The Matrix at 20: A Metaphor for Today's Cybersecurity Challenges
Stephen Cox, VP & CSA, SecureAuthCommentary
The Matrix ushered in a new generation of sci-fi movies and futuristic plotlines with a relentless, seemingly invulnerable set of villains. Twenty years later, that theme is all too familiar to security pros.
By Stephen Cox VP & CSA, SecureAuth, 4/5/2019
Comment4 comments  |  Read  |  Post a Comment
War on Zero-Days: 4 Lessons from Recent Google & Microsoft Vulns
Paul Makowski, CTO, PolySwarmCommentary
When selecting targets, attackers often consider total cost of 'pwnership' -- the expected cost of an operation versus the likelihood of success. Defenders need to follow a similar strategy.
By Paul Makowski CTO, PolySwarm, 4/2/2019
Comment1 Comment  |  Read  |  Post a Comment
Airports & Operational Technology: 4 Attack Scenarios
Edy Almer, VP Product, CyberbitCommentary
As OT systems increasingly fall into the crosshairs of cyberattackers, aviation-industry CISOs have become hyper-focused on securing them.
By Edy Almer VP Product, Cyberbit, 4/2/2019
Comment0 comments  |  Read  |  Post a Comment
ShadowHammer Dangers Include Update Avoidance
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
More fallout from the compromise of Asus's automated software update.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/1/2019
Comment1 Comment  |  Read  |  Post a Comment
Enterprise Data Encryption Hits All-time High
Dark Reading Staff, Quick Hits
A new report by the Ponemon Institute shows 45% of organizations have a comprehensive encryption policy in place.
By Dark Reading Staff , 3/28/2019
Comment2 comments  |  Read  |  Post a Comment
Threat Hunting 101: Not Mission Impossible for the Resource-Challenged
David Mashburn, IT Security Manager & SANS Certified InstructorCommentary
How small and medium-sized businesses can leverage native features of the operating system and freely available, high-quality hunting resources to overcome financial limitations.
By David Mashburn IT Security Manager & SANS Certified Instructor, 3/27/2019
Comment1 Comment  |  Read  |  Post a Comment
GAO Finds Deficiencies in Systems for Handling National Debt
Dark Reading Staff, Quick Hits
IT systems at the Bureau of the Fiscal Service and the Federal Reserve Bank show vulnerabilities that could lead them open to exploitation and breach.
By Dark Reading Staff , 3/27/2019
Comment7 comments  |  Read  |  Post a Comment
The 'Twitterverse' Is Not the Security Community
Ira Winkler, CISSP, President, Secure MentemCommentary
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
By Ira Winkler CISSP, President, Secure Mentem, 3/27/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Lessons from My Game Closet
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 3/22/2019
Comment2 comments  |  Read  |  Post a Comment
The Insider Threat: It's More Common Than You Think
Raj Ananthanpillai, Chairman & CEO, EnderaCommentary
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
TLS 1.3: A Good News/Bad News Scenario
Paula Musich, Research Director, Enterprise Management AssociatesCommentary
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Norsk Hydro Shuts Plants Amid Ransomware Attack
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Technology Journalist/Data ResearcherNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11378
PUBLISHED: 2019-04-20
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
CVE-2019-11372
PUBLISHED: 2019-04-20
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11373
PUBLISHED: 2019-04-20
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11374
PUBLISHED: 2019-04-20
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
CVE-2019-11375
PUBLISHED: 2019-04-20
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.