Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

News & Commentary
No Quick Fix for Security-Worker Shortfall
Robert Lemos, Contributing WriterNews
Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees.
By Robert Lemos Contributing Writer, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Taking a Fresh Look at Security Ops: 10 Tips
Joshua Goldfarb, Independent ConsultantCommentary
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
By Joshua Goldfarb Independent Consultant, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Security Leaders Share Tips for Boardroom Chats
Kelly Sheridan, Staff Editor, Dark Reading
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff, Quick Hits
A new set of regulations converts the government ban on using Kaspersky products from a temporary rule to one that's permanent.
By Dark Reading Staff , 9/11/2019
Comment1 Comment  |  Read  |  Post a Comment
New Technique Makes Passwords 14M Percent Harder to Crack, Nonprofit Claims
Jai Vijayan, Contributing WriterNews
Tide's method for protecting passwords splinters them up into tiny pieces and stores them on distributed nodes.
By Jai Vijayan Contributing Writer, 9/5/2019
Comment3 comments  |  Read  |  Post a Comment
Phishing Campaign Uses SharePoint to Slip Past Defenses
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals targeting financial institutions in the UK bypassed Symantec email gateway and other perimeter technologies.
By Kelly Sheridan Staff Editor, Dark Reading, 9/4/2019
Comment2 comments  |  Read  |  Post a Comment
Splunk Buys Microservices Monitoring Firm Omnition
Dark Reading Staff, Quick Hits
The purchase is intended to boost Splunk's capabilities in microservices architectures.
By Dark Reading Staff , 9/4/2019
Comment0 comments  |  Read  |  Post a Comment
Multicloud Businesses Face Higher Breach Risk
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report finds 52% of multicloud environments have suffered a breach within the past year, compared with 24% of hybrid cloud users.
By Kelly Sheridan Staff Editor, Dark Reading, 9/3/2019
Comment0 comments  |  Read  |  Post a Comment
3 Promising Technologies Making an Impact on Cybersecurity
Jon Oltsik, Senior Principal Analyst & Fellow, Enterprise Strategy GroupCommentary
The common thread: Each acts as a force multiplier, adding value to every other security technology around it.
By Jon Oltsik Senior Principal Analyst & Fellow, Enterprise Strategy Group, 9/3/2019
Comment0 comments  |  Read  |  Post a Comment
ISAC 101: Unlocking the Power of Information
Jonathan Couch, Senior VP of Strategy, ThreatQuotientCommentary
How information sharing and analysis centers provide contextual threat information by creating communities that helps security professionals and their organizations grow in maturity and capability.
By Jonathan Couch Senior VP of Strategy, ThreatQuotient, 9/2/2019
Comment1 Comment  |  Read  |  Post a Comment
Google Cloud Releases Beta of Managed Service to Microsoft AD
Dark Reading Staff, Quick Hits
Managed Service for Microsoft Active Directory was built to help admins handle cloud-based workloads.
By Dark Reading Staff , 8/29/2019
Comment0 comments  |  Read  |  Post a Comment
More Than Half of Social Media Login Attempts Are Fraud
Kelly Sheridan, Staff Editor, Dark ReadingNews
Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.
By Kelly Sheridan Staff Editor, Dark Reading, 8/26/2019
Comment0 comments  |  Read  |  Post a Comment
IBM Announces Quantum Safe Encryption
Dark Reading Staff, Quick Hits
Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.
By Dark Reading Staff , 8/23/2019
Comment1 Comment  |  Read  |  Post a Comment
Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security
Rik Turner, Principal Analyst, Infrastructure Solutions, OvumCommentary
Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.
By Rik Turner Principal Analyst, Infrastructure Solutions, Ovum, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
LinkedIn Details Features of Fight Against Fakes
Dark Reading Staff, Quick Hits
A recent blog post explains how the social network is fighting to protect its users from interactions with fake accounts.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
Texas Towns Recover, but Local Governments Have Little Hope for Respite from Ransomware
Robert Lemos, Contributing WriterNews
Their struggles underscore the difficulties for small towns in dealing with cyberattacks.
By Robert Lemos Contributing Writer, 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
SafeGuard Cyber Adds Security, Compliance Capabilities for WeChat
Dark Reading Staff, Quick Hits
A lack of visibility into the app could expose business users to compliance risks and security threats, the company says.
By Dark Reading Staff , 8/22/2019
Comment0 comments  |  Read  |  Post a Comment
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/21/2019
Comment1 Comment  |  Read  |  Post a Comment
'Box Shield' Brings New Security Controls
Kelly Sheridan, Staff Editor, Dark ReadingNews
New controls and threat detection capabilities built into Box aim to prevent accidental data leakage and misuse.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
State-Sponsored Cyberattacks Target Medical Research
Robert Lemos, Contributing WriterNews
Cancer research is a particular target among Chinese espionage groups, says security firm FireEye.
By Robert Lemos Contributing Writer, 8/21/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by kathleenrkeaton
Current Conversations Thank so much
In reply to: thank you somuch
Post Your Own Reply
More Conversations
PR Newswire
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16317
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerabi...
CVE-2019-16318
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
CVE-2019-16307
PUBLISHED: 2019-09-14
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKe...
CVE-2019-16294
PUBLISHED: 2019-09-14
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVE-2019-16309
PUBLISHED: 2019-09-14
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.