Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

News & Commentary
How to Get CISOs & Boards on the Same Page
Joe Schorr, Global Executive Services Director, Optiv SecurityCommentary
These two groups have talked past each other for years, each hobbled by their own tunnel vision and misperceptions.
By Joe Schorr Global Executive Services Director, Optiv Security, 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Security Now Merges With Dark Reading
Tim Wilson, Editor in Chief, Dark Reading, News
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
By Tim Wilson, Editor in Chief, Dark Reading , 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Personal Info of 10.6M MGM Resort Guests Leaked Online
Dark Reading Staff, Quick Hits
Data published on a hacking forum includes phone numbers and email addresses of travelers ranging from everyday tourists to celebrities and tech CEOs.
By Dark Reading Staff , 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
5 Strategies to Secure Cloud Operations Against Today's Cyber Threats
Chris Christou & Brad Beaulieu, Director of Cloud Security / Cloud Security Engineer at Booz Allen HamiltonCommentary
With these fundamentals in mind, organizations can reduce their security and compliance risks as they reap the cloud's many benefits:
By Chris Christou & Brad Beaulieu Director of Cloud Security / Cloud Security Engineer at Booz Allen Hamilton, 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing WriterNews
In addition, more third parties are discovering the attacks rather than the companies themselves.
By Robert Lemos Contributing Writer, 2/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Users Have Risky Security Habits, but Security Pros Aren't Much Better
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
By Kelly Sheridan Staff Editor, Dark Reading, 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust CompanyCommentary
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
By Nick Selby Chief Security Officer at Paxos Trust Company, 2/19/2020
Comment1 Comment  |  Read  |  Post a Comment
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 2/19/2020
Comment1 Comment  |  Read  |  Post a Comment
DHS's CISA Warns of New Critical Infrastructure Ransomware Attack
Dark Reading Staff, Quick Hits
An attack on a natural gas compression facility sent the operations offline for two days.
By Dark Reading Staff , 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
Don't Let Iowa Bring Our Elections Back to the Stone Age
Andre McGregor, Chief Security Officer at ShiftState & Veteran FBI AgentCommentary
The voting experience should be the same whether the vote is in person, by mail, or over the Internet. Let's not allow one bad incident stop us from finding new ways to achieve this.
By Andre McGregor Chief Security Officer at ShiftState & Veteran FBI Agent, 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
Dell Sells RSA to Private Equity Firm for $2.1B
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Deal with private equity entity Symphony Technology Group revealed one week before the security industry's RSA Conference in San Francisco.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Ryan Weeks, Chief Information Security Officer at DattoCommentary
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
By Ryan Weeks Chief Information Security Officer at Datto, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
1.7M Nedbank Customers Affected via Third-Party Breach
Dark Reading Staff, Quick Hits
A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank.
By Dark Reading Staff , 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
8 Things Users Do That Make Security Pros Miserable
Curtis Franklin Jr., Senior Editor at Dark Reading
When a user interacts with an enterprise system, the result can be productivity or disaster. Here are eight opportunities for the disaster side to win out over the productive.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
The 5 Love Languages of Cybersecurity
Fredrick Commentary
When it comes to building buy-in from the business, all cybersecurity needs is love -- especially when it comes to communication.
By Fredrick "Flee" Lee Chief Security Officer, Gusto, 2/14/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tax Season Security Tips
Steve Zurier, Contributing Writer
Security pros need be on high alert from now until Tax Day on April 15. Here are seven ways to help keep your company safe.
By Steve Zurier Contributing Writer, 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at KaseyaCommentary
There is no one-size-fits-all strategy for security, but a robust plan and the implementation of new technologies will help you and your IT team sleep better.
By Mike Puglia Chief Strategy Officer at Kaseya, 2/13/2020
Comment3 comments  |  Read  |  Post a Comment
Forget Hacks... Ransomware, Phishing Are Election Year's Real Threats
Tod Beardsley, Director of Research, Rapid7Commentary
As we gear up for the voting season, let's put aside any links between foreign interference and voting machine security and focus on the actual risks threatening election security.
By Tod Beardsley Director of Research, Rapid7, 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
FBI: Business Email Compromise Cost Businesses $1.7B in 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
BEC attacks comprised nearly half of cybercrime losses last year, which totaled $3.5 billion overall as Internet-enabled crimes ramped up.
By Kelly Sheridan Staff Editor, Dark Reading, 2/12/2020
Comment1 Comment  |  Read  |  Post a Comment
Stop Defending Everything
Kevin Kurzawa, Senior Information Security AuditorCommentary
Instead, try prioritizing with the aid of a thorough asset inventory.
By Kevin Kurzawa Senior Information Security Auditor, 2/12/2020
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Matt Middleton-Leal Netwrix
Current Conversations Many thanks!
In reply to: Re: reading
Post Your Own Reply
More Conversations
PR Newswire
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8813
PUBLISHED: 2020-02-22
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2020-9039
PUBLISHED: 2020-02-22
Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).
CVE-2020-8860
PUBLISHED: 2020-02-22
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. T...
CVE-2020-8861
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue ...
CVE-2020-8862
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the ...