Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

News & Commentary
Software Developers Face Secure Coding Challenges
Robert Lemos, Contributing WriterNews
Seven in ten developers are expected to write secure code, but less than half receive feedback on security, a survey finds.
By Robert Lemos Contributing Writer, 7/15/2019
Comment0 comments  |  Read  |  Post a Comment
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading
Too many systems, failure to test tools, and fear of replacement drive endpoint complexity and render products less effective.
By Kelly Sheridan Staff Editor, Dark Reading, 7/15/2019
Comment3 comments  |  Read  |  Post a Comment
Competing Priorities Mean Security Risks for Small Businesses
Dark Reading Staff, Quick Hits
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.
By Dark Reading Staff , 7/12/2019
Comment2 comments  |  Read  |  Post a Comment
A Lawyers Guide to Cyber Insurance: 4 Basic Tips
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 7/12/2019
Comment3 comments  |  Read  |  Post a Comment
Data Center Changes Push Cyber Risk to Network's Edge
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Changes in fundamental enterprise architectures coupled with shifts in human resources mean that companies are considering new risks to their infrastructure.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Summer: A Time for Vacations & Cyberattacks?
Robert Lemos, Contributing WriterNews
About a third of cybersecurity professionals believe that their companies see more cyberattacks during the summer, but the survey data does not convince on the reasons for the perception of a summer bump.
By Robert Lemos Contributing Writer, 7/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Why You Need a Global View of IT Assets
Pablo Quiroga, Director of Product Management at QualysCommentary
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
By Pablo Quiroga Director of Product Management at Qualys, 7/10/2019
Comment1 Comment  |  Read  |  Post a Comment
4 Reasons Why SOC Superstars Quit
Edy Almer, VP Product, CyberbitCommentary
Security analysts know they are a hot commodity in the enviable position of writing their own ticket. Here's how to keep them engaged, challenged, and happy.
By Edy Almer VP Product, Cyberbit, 7/10/2019
Comment1 Comment  |  Read  |  Post a Comment
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading
A Raspberry Pi attached to the network at NASA JPL became the doorway for a massive intrusion and subsequent data loss. Here's how to keep the same thing from happening to your network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/10/2019
Comment4 comments  |  Read  |  Post a Comment
Coast Guard Warns Shipping Firms of Maritime Cyberattacks
Robert Lemos, Contributing WriterNews
A commercial vessel suffered a significant malware attack in February, prompting the US Coast Guard to issues an advisory to all shipping companies: Here be malware.
By Robert Lemos Contributing Writer, 7/9/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Target Budding Cannabis Retailers
Dark Reading Staff, Quick Hits
Companies in the young, rapidly growing industry are targeted for sensitive information they store and immature security practices.
By Dark Reading Staff , 7/9/2019
Comment0 comments  |  Read  |  Post a Comment
Insider Threats: An M&A Dealmaker's Nightmare
Joe Payne, President and CEO at Code42Commentary
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
By Joe Payne President and CEO at Code42, 7/9/2019
Comment0 comments  |  Read  |  Post a Comment
NIST Sets Draft Guidelines for Government AI
Dark Reading Staff, Quick Hits
This is the first formal step in writing the standards that will guide the implementation of AI technologies within the federal government.
By Dark Reading Staff , 7/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Smash-and-Grab Crime Threatens Enterprise Security
Nicko van Someren, Ph.D., Chief Technology Officer at AbsoluteCommentary
Getting your company smartphone or laptop stolen from your car isn't just a hassle; it can have large regulatory ramifications, too. Visibility is the answer.
By Nicko van Someren, Ph.D. Chief Technology Officer at Absolute, 7/8/2019
Comment0 comments  |  Read  |  Post a Comment
Intelligent Authentication Market Grows to Meet Demand
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/5/2019
Comment0 comments  |  Read  |  Post a Comment
20 Questions to Ask During a Real (or Manufactured) Security Crisis
Joshua Goldfarb, Independent ConsultantCommentary
There are important lessons to be learned from a crisis, even the ones that are more fiction than fact.
By Joshua Goldfarb Independent Consultant, 7/3/2019
Comment1 Comment  |  Read  |  Post a Comment
Disarming Employee Weaponization
Ilan Abadi, VP and Global CISO, Teva Pharmaceutical IndustriesCommentary
Human vulnerability presents a real threat for organizations. But it's also a remarkable opportunity to turn employees into our strongest cyber warriors.
By Ilan Abadi VP and Global CISO, Teva Pharmaceutical Industries, 7/3/2019
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Experts Worry About Satellite & Space Systems
Robert Lemos, Contributing WriterNews
As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines.
By Robert Lemos Contributing Writer, 7/2/2019
Comment0 comments  |  Read  |  Post a Comment
Poor Communications Slowing DevOps Shift
Dark Reading Staff, Quick Hits
Existing functional silos are standing in the way of building a DevOps culture.
By Dark Reading Staff , 7/2/2019
Comment0 comments  |  Read  |  Post a Comment
The Case for Encryption: Fact vs. Fiction
Ramon Peypoch, SVP Products, Vera SecurityCommentary
The common belief that encryption enables bad behavior primarily used by thieves, international terrorists, and other villainous characters is simply not true. Here's why.
By Ramon Peypoch SVP Products, Vera Security, 7/2/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10100
PUBLISHED: 2019-07-16
NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43.
CVE-2019-10100
PUBLISHED: 2019-07-16
BigTree-CMS commit b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6 and earlier is affected by: Improper Neutralization of Script-Related HTML Tags in a Web Page. The impact is: Any Javascript code can be executed. The component is: users management page. The attack vector is: Insert payload into users' pro...
CVE-2019-10100
PUBLISHED: 2019-07-16
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit 09f0ab871...
CVE-2019-13612
PUBLISHED: 2019-07-16
MDaemon Email Server 19 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious e-mail, if a cu...
CVE-2019-10100
PUBLISHED: 2019-07-16
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.