Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
6 Truths About Disinformation Campaigns
Jai Vijayan, Contributing Writer
Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.
By Jai Vijayan Contributing Writer, 2/28/2020
Comment0 comments  |  Read  |  Post a Comment
Educating Educators: Microsoft's Tips for Security Awareness Training
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft's director of security education and awareness shares his approach to helping train employees in defensive practices.
By Kelly Sheridan Staff Editor, Dark Reading, 2/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Clearview AI Customers Exposed in Data Breach
Dark Reading Staff, Quick Hits
Customers for the controversial facial recognition company were detailed in a log file leaked to news organizations.
By Dark Reading Staff , 2/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Government Employees Unprepared for Ransomware
Dark Reading Staff, Quick Hits
Data shows 73% are concerned about municipal ransomware threats but only 38% are trained on preventing these attacks.
By Dark Reading Staff , 2/27/2020
Comment1 Comment  |  Read  |  Post a Comment
How We Enabled Ransomware to Become a Multibillion-Dollar Industry
Srinivas Mukkamala, Co-founder & CEO, RiskSenseCommentary
As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.
By Srinivas Mukkamala Co-founder & CEO, RiskSense, 2/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Intel Analyzes Vulns Reported in its Products Last Year
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new Intel report looks at the more than 200 CVEs affecting Intel products in 2019.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
What Your Company Needs to Know About Hardware Supply Chain Security
Daniel Wood, Associate Vice President of Consulting, Bishop FoxCommentary
By establishing a process and framework, you can ensure you're not giving more advanced attackers carte blanche to your environment.
By Daniel Wood Associate Vice President of Consulting, Bishop Fox, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
US State Dept. Shares Insider Tips to Fight Insider Threats
Kelly Sheridan, Staff Editor, Dark ReadingNews
The insider threat is a technology, security, and personnel issue, officials said in explaining an approach that addresses all three factors.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions
Dr. Zvi Guterman, CEO, CloudShareCommentary
Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.
By Dr. Zvi Guterman CEO, CloudShare, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Open Cybersecurity Alliance Releases New Language for Security Integration
Dark Reading Staff, Quick Hits
OpenDXL Ontology is intended to allow security components to interoperate right out of the box.
By Dark Reading Staff , 2/26/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski SecurityCommentary
Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.
By Wayne Reynolds Advisory CISO, Kudelski Security, 2/26/2020
Comment10 comments  |  Read  |  Post a Comment
Emotet Resurfaces to Drive 145% of Threats in Q4 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysis of 92 billion rejected emails reveals a range of simple and complex attack techniques for the last quarter of 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Ensure Your Cloud Security Is as Modern as Your Business
Nicolas (Nico) Fischbach, Global CTO at ForcepointCommentary
Take a comprehensive approach to better protect your organization. Security hygiene is a must, but also look at your risk posture through a data protection lens.
By Nicolas (Nico) Fischbach Global CTO at Forcepoint, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Verizon: Attacks on Mobile Devices Rise
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Companies of all sizes are being hit by mobile attacks and feeling the effects for extended periods of time, according to the 2020 Verizon Mobile Security Index.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
Solving the Cloud Data Security Conundrum
Faiyaz Shahpurwala, Chief Product and Strategy Officer for FortanixCommentary
Trusting the cloud involves a change in mindset. You must be ready to use runtime encryption in the cloud.
By Faiyaz Shahpurwala Chief Product and Strategy Officer for Fortanix, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips to Improve Your Employees' Mobile Security
Kelly Sheridan, Staff Editor, Dark Reading
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2020
Comment1 Comment  |  Read  |  Post a Comment
How to Get CISOs & Boards on the Same Page
Joe Schorr, Global Executive Services Director, Optiv SecurityCommentary
These two groups have talked past each other for years, each hobbled by their own tunnel vision and misperceptions.
By Joe Schorr Global Executive Services Director, Optiv Security, 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Security Now Merges With Dark Reading
Tim Wilson, Editor in Chief, Dark Reading, News
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
By Tim Wilson, Editor in Chief, Dark Reading , 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Personal Info of 10.6M MGM Resort Guests Leaked Online
Dark Reading Staff, Quick Hits
Data published on a hacking forum includes phone numbers and email addresses of travelers ranging from everyday tourists to celebrities and tech CEOs.
By Dark Reading Staff , 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
5 Strategies to Secure Cloud Operations Against Today's Cyber Threats
Chris Christou & Brad Beaulieu, Director of Cloud Security / Cloud Security Engineer at Booz Allen HamiltonCommentary
With these fundamentals in mind, organizations can reduce their security and compliance risks as they reap the cloud's many benefits:
By Chris Christou & Brad Beaulieu Director of Cloud Security / Cloud Security Engineer at Booz Allen Hamilton, 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski Security,  2/26/2020
Exploitation, Phishing Top Worries for Mobile Users
Robert Lemos, Contributing Writer,  2/28/2020
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
Robert Lemos, Contributing Writer,  2/26/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3006
PUBLISHED: 2020-02-28
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for so...
CVE-2015-5361
PUBLISHED: 2020-02-28
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensi...
CVE-2020-6803
PUBLISHED: 2020-02-28
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.
CVE-2020-6804
PUBLISHED: 2020-02-28
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
CVE-2019-4301
PUBLISHED: 2020-02-28
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.