Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
Dell Sells RSA to Private Equity Firm for $2.1B
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Deal with private equity entity Symphony Technology Group revealed one week before the security industry's RSA Conference in San Francisco.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Ryan Weeks, Chief Information Security Officer at DattoCommentary
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
By Ryan Weeks Chief Information Security Officer at Datto, 2/18/2020
Comment2 comments  |  Read  |  Post a Comment
1.7M Nedbank Customers Affected via Third-Party Breach
Dark Reading Staff, Quick Hits
A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank.
By Dark Reading Staff , 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
8 Things Users Do That Make Security Pros Miserable
Curtis Franklin Jr., Senior Editor at Dark Reading
When a user interacts with an enterprise system, the result can be productivity or disaster. Here are eight opportunities for the disaster side to win out over the productive.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
The 5 Love Languages of Cybersecurity
Fredrick Commentary
When it comes to building buy-in from the business, all cybersecurity needs is love -- especially when it comes to communication.
By Fredrick "Flee" Lee Chief Security Officer, Gusto, 2/14/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tax Season Security Tips
Steve Zurier, Contributing Writer
Security pros need be on high alert from now until Tax Day on April 15. Here are seven ways to help keep your company safe.
By Steve Zurier Contributing Writer, 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at KaseyaCommentary
There is no one-size-fits-all strategy for security, but a robust plan and the implementation of new technologies will help you and your IT team sleep better.
By Mike Puglia Chief Strategy Officer at Kaseya, 2/13/2020
Comment3 comments  |  Read  |  Post a Comment
Forget Hacks... Ransomware, Phishing Are Election Year's Real Threats
Tod Beardsley, Director of Research, Rapid7Commentary
As we gear up for the voting season, let's put aside any links between foreign interference and voting machine security and focus on the actual risks threatening election security.
By Tod Beardsley Director of Research, Rapid7, 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
FBI: Business Email Compromise Cost Businesses $1.7B in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
BEC attacks comprised nearly half of cybercrime losses last year, which totaled $3.5 billion overall as Internet-enabled crimes ramped up.
By Kelly Sheridan Staff Editor, Dark Reading, 2/12/2020
Comment0 comments  |  Read  |  Post a Comment
Stop Defending Everything
Kevin Kurzawa, Senior Information Security AuditorCommentary
Instead, try prioritizing with the aid of a thorough asset inventory.
By Kevin Kurzawa Senior Information Security Auditor, 2/12/2020
Comment3 comments  |  Read  |  Post a Comment
5 Common Errors That Allow Attackers to Go Undetected
Matt Middleton-Leal, General Manager and Chief Security Strategist, NetwrixCommentary
Make these mistakes and invaders might linger in your systems for years.
By Matt Middleton-Leal General Manager and Chief Security Strategist, Netwrix, 2/12/2020
Comment2 comments  |  Read  |  Post a Comment
Microsoft Patches Exploited Internet Explorer Flaw
Kelly Sheridan, Staff Editor, Dark ReadingNews
This month's Patch Tuesday brings fixes for 99 CVEs, including one IE flaw seen exploited in the wild.
By Kelly Sheridan Staff Editor, Dark Reading, 2/11/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
Kelly Sheridan, Staff Editor, Dark ReadingNews
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 2/11/2020
Comment0 comments  |  Read  |  Post a Comment
Keeping a Strong Security Metrics Framework Strong
Joshua Goldfarb, Independent ConsultantCommentary
Don't just report metrics -- analyze, understand, monitor, and adjust them. These 10 tips will show you how.
By Joshua Goldfarb Independent Consultant, 2/11/2020
Comment1 Comment  |  Read  |  Post a Comment
How North Korea's Senior Leaders Harness the Internet
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers learn how North Korea is expanding its Internet use in order to generate revenue and bypass international sanctions.
By Kelly Sheridan Staff Editor, Dark Reading, 2/10/2020
Comment0 comments  |  Read  |  Post a Comment
Some Democrats Lead Trump in Campaign Domain-Security Efforts
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Sanders and Trump campaigns lack proper DMARC security enforcement, study finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/10/2020
Comment0 comments  |  Read  |  Post a Comment
Day in the Life of a Bot
Steve Winterfeld, Advisory CISO at AkamaiCommentary
A typical workday for a bot, from its own point of view.
By Steve Winterfeld Advisory CISO at Akamai, 2/10/2020
Comment0 comments  |  Read  |  Post a Comment
RobbinHood Kills Security Processes Before Dropping Ransomware
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers deploy a legitimate, digitally signed hardware driver to delete security software from machines before encrypting files.
By Kelly Sheridan Staff Editor, Dark Reading, 2/7/2020
Comment0 comments  |  Read  |  Post a Comment
5 Measures to Harden Election Technology
Ari Singer, CTO at TrustPhiCommentary
Voting machinery needs hardware-level security. The stakes are the ultimate, and the attackers among the world's most capable.
By Ari Singer CTO at TrustPhi, 2/7/2020
Comment2 comments  |  Read  |  Post a Comment
90% of CISOs Would Cut Pay for Better Work-Life Balance
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses receive $30,000 of 'free' CISO time as security leaders report job-related stress taking a toll on their health and relationships.
By Kelly Sheridan Staff Editor, Dark Reading, 2/6/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Matt Middleton-Leal Netwrix
Current Conversations Many thanks!
In reply to: Re: reading
Post Your Own Reply
More Conversations
PR Newswire
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
5 Common Errors That Allow Attackers to Go Undetected
Matt Middleton-Leal, General Manager and Chief Security Strategist, Netwrix,  2/12/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20477
PUBLISHED: 2020-02-19
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
CVE-2019-20478
PUBLISHED: 2020-02-19
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.
CVE-2011-2054
PUBLISHED: 2020-02-19
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper in...
CVE-2015-0749
PUBLISHED: 2020-02-19
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker ...
CVE-2015-9543
PUBLISHED: 2020-02-19
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is rel...