Advertise

Risk

News & Commentary

Vulnerability Volume Poised to Overwhelm Infosec Teams

Kelly Sheridan, Staff Editor, Dark Reading

News

The collision of Microsoft and Oracle patches on the same day has contributed to risk and stress for organizations.

By Kelly Sheridan Staff Editor, Dark Reading, 8/27/2020

0 comments | Read | Post a Comment

COVID-19: Latest Security News & Commentary

News

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

By Dark Reading Staff , 8/27/2020

20 comments | Read | Post a Comment

Latest Comment: Wnahingr, Coooool

Higher Education CISOs Share COVID-19 Response Stories

News

Security leaders from Stanford, Ohio State, and the University of Chicago share challenges and response tactics from the COVID-19 pandemic.

By Kelly Sheridan Staff Editor, Dark Reading, 8/26/2020

0 comments | Read | Post a Comment

US Warns of Ongoing BeagleBoyz Bank-Theft Operations

Quick Hits

The North Korean operatives have attempted to steal more than $2 billion since 2015 in a series of ongoing campaigns.

By Dark Reading Staff , 8/26/2020

0 comments | Read | Post a Comment

6 Signs Your Supply Chain Risk Just Shot Up

Risk levels are not steady states. Here are six indications that the danger posed by your supply chain is headed in the wrong direction.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/26/2020

0 comments | Read | Post a Comment

Deep Fake: Setting the Stage for Next-Gen Social Engineering

Commentary

Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.

By Jon Mendoza CISO, Technologent, 8/26/2020

0 comments | Read | Post a Comment

Three Easy Ways to Avoid Meow-like Database Attacks

Ron Bennatan, Co-founder & CTO of jSonar

Commentary

The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.

By Ron Bennatan Co-founder & CTO of jSonar, 8/25/2020

0 comments | Read | Post a Comment

Palo Alto Networks to Acquire The Crypsis Group for $265M

Quick Hits

This is the latest in a series of acquisitions that Palo Alto has made since 2018.

By Dark Reading Staff , 8/25/2020

0 comments | Read | Post a Comment

The Fatal Flaw in Data Security

Commentary

Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.

By Ayal Yogev CEO & Cofounder, Anjuna, 8/25/2020

0 comments | Read | Post a Comment

CISA Releases 5G Security Guidelines

Quick Hits

The new document defines lines of effort for developing security for the growing 5G network.

By Dark Reading Staff , 8/24/2020

0 comments | Read | Post a Comment

DeathStalker APT Targets SMBs with Cyber Espionage

Quick Hits

The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.

By Dark Reading Staff , 8/24/2020

0 comments | Read | Post a Comment

74 Days From the Presidential Election, Security Worries Mount

News

With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election.

By Robert Lemos Contributing Writer, 8/21/2020

1 Comment | Read | Post a Comment

Latest Comment: Theallove, Good post, thanks!!

'Next-Gen' Supply Chain Attacks Surge 430%

News

Attackers are increasingly seeding open source projects with compromised components.

By Ericka Chickowski Contributing Writer, 8/21/2020

0 comments | Read | Post a Comment

Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy

Nasser Al-Nasser & Dr. Guy Diedrich, Chair of the B20 Digitalization Taskforce and CEO of Saudi Telecom Company / Co-Chair of the B20 Digitalization Taskforce and Vice President and Global Innovation Officer of Cisco Systems

Commentary

COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.

By Nasser Al-Nasser & Dr. Guy Diedrich Chair of the B20 Digitalization Taskforce and CEO of Saudi Telecom Company / Co-Chair of the B20 Digitalization Taskforce and Vice President and Global Innovation Officer of Cisco Systems, 8/21/2020

0 comments | Read | Post a Comment

Cryptominer Found Embedded in AWS Community AMI

News

Researchers advise Amazon Web Services users running Community Amazon Machine Images to verify them for potentially malicious code.

By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2020

0 comments | Read | Post a Comment

Smart-Lock Hacks Point to Larger IoT Problems

News

Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.

By Nicole Ferraro Contributing Writer, 8/20/2020

1 Comment | Read | Post a Comment

Latest Comment: mcr314, The article is correct: "There probably should be regulations in...

Twitter Hack: The Spotlight that Insider Threats Need

Shareth Ben, Executive Director, Field Engineering, Securonix

Commentary

The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.

By Shareth Ben Executive Director, Field Engineering, Securonix, 8/20/2020

2 comments | Read | Post a Comment

Latest Comment: shareth27, Hello mosesbotbol, Thanks for your comment. I am glad you thought about UEBA...

Black Hat USA 2020 Recap: Experts Discuss Election Security Questions, but Offer Few Answers

Commentary

The U.S. election in November is once again expected to be a target of digital adversaries. Experts at Black Hat USA 2020 highlighted the many election security questions authorities must address.

By Don Tait Senior Analyst, Omdia, 8/20/2020

0 comments | Read | Post a Comment

Banks and the New Abnormal

Matt Deres, SVP, Chief Information Officer, Rocket Software

Commentary

Banks have hesitated to adopt many strong security practices, and for understandable reasons. But now is the time to be bold.

By Matt Deres SVP, Chief Information Officer, Rocket Software, 8/20/2020

2 comments | Read | Post a Comment

Latest Comment: Shih-Chin Yang, For software companies, it might be easier to adopt a working-anywhere-anytime...

Newly Patched Alexa Flaws a Red Flag for Home Workers

News

Alexa could serve as an entry point to home and corporate networks. Security experts point to the need for manufacturers to work closely with enterprise security teams to spot and shut down IoT device flaws.

By Steve Zurier Contributing Writer, 8/19/2020

1 Comment | Read | Post a Comment

Latest Comment: asaduzzaman66, Very informative site. I learned a lot about the home needs of daily life.

More Stories

Current Conversations

Posted by homerjohnl

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by nobesityahmedabad

This comment is waiting for review by our moderators.

In reply to: Pending Review
Post Your Own Reply

Posted by shareth27

Hello mosesbotbol, Thanks for your comment. I am glad you thought about UEBA in this scenario as an essential tool. A few years back UEBA was considered to be optional however it is becoming more of a necessity to detect...

In reply to: Re: UBEA?
Post Your Own Reply

Posted by [email protected]

When itto iPhones, you are definitely using one of the best smartphones on the internet. Despite this fact, there are still some flaws that you may likely come across. Ofcourse, these flas are being fixed in the iOs releases....

In reply to: Compliments
Post Your Own Reply

Posted by Wnahingr

Coooool

In reply to: -
Post Your Own Reply

Posted by mosesbotbol

Not much mention of UEBA in the article only indirect. Treat all sensitive data exfiltration; be it insider or out the same. Very strict protocols on how sensitive data is used and stored, and where it can...

In reply to: UBEA?
Post Your Own Reply

Posted by Shih-Chin Yang

For software companies, it might be easier to adopt a working-anywhere-anytime model, since their deliverables are digital in nature. On the other hand, for incumbent industries such as banking, a lot need to be learned...

In reply to: We all have a lot to learn for working-anytime-anywhere
Post Your Own Reply

Posted by asaduzzaman66

Very informative site. I learned a lot about the home needs of daily life.

In reply to: Home
Post Your Own Reply

Posted by Theallove

Good post, thanks!!

In reply to: best
Post Your Own Reply

Posted by ScottyTheMenace

Along with the infrastructure and employee security you talk about, banks are desperately in need of upgrades to end-user security, which is universally awful. Most banks' idea of end-user security is blocking VPNs, imposing...

In reply to: end-user banking security is universally awful
Post Your Own Reply

Posted by mcr314

The article is correct: "There probably should be regulations in place saying if you're making certain types of devices, you need to have forms of contact," indeed this is true. https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf says...

In reply to: EN 303 645 requires vulnerability disclosure
Post Your Own Reply

Posted by [email protected]=

Amazing website, i love the way this website has been designed and developed.

In reply to: re: Hacking Higher Education
Post Your Own Reply

More Conversations

Products & Releases

NeuVector Releases New Version of its Cloud-Native Kubernetes Security Platform

RangeForce Raises $16 Million to Help Enterprises Build Highly Skilled Cybersecurity Teams

DHS Awards $1 Million Phase 2 Contract to Waverley Labs to Deploy the Dynamic AccessID (TM) Network

Quantum Xchange Releases Version 2.0 of its Quantum-Safe Key Distribution System Featuring New User Interface

Quantum Introduces Multi-Factor Authentication to Make Tape Libraries More Secure

Thoma Bravo Completes Exostar Acquisition

Small Businesses Continue to Underestimate Cyberthreats Even as More Work Remotely

60% of Organizations Expect to Suffer from an Email-borne Attack: Mimecast Report

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 8/27/2020

The Inside Threat from Psychological Manipulators

Joshua Goldfarb, Independent Consultant, 8/27/2020

74 Days From the Presidential Election, Security Worries Mount

Robert Lemos, Contributing Writer, 8/21/2020

Live Events

Webinars

Collaborate With IT Industry Leaders at Interop Digital, Oct. 5-8

More Informa Tech Live Events

White Papers

7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk

The Benefits of Automation: Do More with Less

Unify, Analyze, Act: Go Beyond Real-Time Analytics

Threat and Attack Surface Intelligence: Stay a Step or Two Ahead of Risk

Multicloud Data Security: Cloud Security Landscape

More White Papers

Cartoon

Latest Comment: Yes Mother I know I've been eating too many cookies again! You can stop talking about that now......

Cartoon Archive

Current Issue

7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk

In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Special Report: Understanding Your Cyber Attackers

If you want to get a better sense of the threats that might be coming - and your organization's vulnerability to those threats - this special report is a must-read.

Download Now!

2020 State of Cybersecurity Operations and Incident Response

0 comments

The Changing Face of Threat Intelligence

0 comments

The Threat from the Internet—and What Your Organization Can Do About It

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-15601
PUBLISHED: 2020-08-27

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack....

CVE-2020-15605
PUBLISHED: 2020-08-27

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents thi...

CVE-2020-8602
PUBLISHED: 2020-08-27

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.

CVE-2020-24618
PUBLISHED: 2020-08-27

In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.

CVE-2020-24717
PUBLISHED: 2020-08-27

OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]