Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

DRTV

Using Market Pressures to Improve Cybersecurity
Using Market Pressures to Improve Cybersecurity
Dark Reading Videos  |  8/31/2017  | 
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
The Active Directory Botnet
The Active Directory Botnet
Dark Reading Videos  |  8/30/2017  | 
It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Dark Reading Videos  |  8/29/2017  | 
Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.
IoTCandyJar: A HoneyPot for any IoT Device
IoTCandyJar: A HoneyPot for any IoT Device
Dark Reading Videos  |  8/29/2017  | 
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
Turning Sound Into Keystrokes: Skype & Type
Turning Sound Into Keystrokes: Skype & Type
Dark Reading Videos  |  8/25/2017  | 
Don't let your fingers do the talking in a Skype session. The callers on the other end could know what you're writing, researcher Daniele Lain explains.
Insecure IoT Devices Pose Physical Threat to General Public
Insecure IoT Devices Pose Physical Threat to General Public
Dark Reading Videos  |  8/24/2017  | 
At the car wash, look out for attack robots. Billy Rios discusses how IoT devices could be hacked to physically attack people -- not just on factory floors, but in everyday public settings.
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dark Reading Videos  |  8/23/2017  | 
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Why Most Security Awareness Training Fails (And What To Do About It)
Why Most Security Awareness Training Fails (And What To Do About It)
Dark Reading Videos  |  8/22/2017  | 
Arun Vishwanath discusses why awareness training shouldn't apply the same cure to every ailment then blame the patient when the treatment doesn't work.
The Benefits of Exploiting Attackers' Favorite Tools
The Benefits of Exploiting Attackers' Favorite Tools
Dark Reading Videos  |  8/22/2017  | 
Symantec senior threat researcher Waylon Grange explains that attackers write vulnerable code, too.
How To Avoid Legal Trouble When Protecting Client Data
How To Avoid Legal Trouble When Protecting Client Data
Dark Reading Videos  |  8/21/2017  | 
Attorneys discuss how cybersecurity consultants can manage conflicts between e-discovery demands and client agreements.
ShieldFS Hits 'Rewind' on Ransomware
ShieldFS Hits 'Rewind' on Ransomware
Dark Reading Videos  |  8/18/2017  | 
Federico Maggi and Andrea Continella discuss a new tool to protect filesystems by disrupting and undoing ransomware's encryption activities.
How Bad Teachers Ruin Good Machine Learning
How Bad Teachers Ruin Good Machine Learning
Dark Reading Videos  |  8/18/2017  | 
Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
The Shadow Brokers: How They Changed 'Cyber Fear'
The Shadow Brokers: How They Changed 'Cyber Fear'
Dark Reading Videos  |  8/17/2017  | 
At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.
Behind the Briefings: How Black Hat Sessions Get Chosen
Behind the Briefings: How Black Hat Sessions Get Chosen
Dark Reading Videos  |  8/17/2017  | 
Daniel Cuthbert and Stefano Zanero explain what the Black Hat review board is looking for in an abstract submission for the Briefings.
Optimizing Online Defenses Through Crowdsourcing
Optimizing Online Defenses Through Crowdsourcing
Dark Reading Videos  |  8/7/2017  | 
With limited time and money, many organizations are hamstrung when it comes to cyber defense. AlienVaults CTO Roger Thornton discusses how the companys crowdsourced, open-source community product, the Open Threat Exchange (OTX), can help.
Three Steps to Strong Enterprise Security
Three Steps to Strong Enterprise Security
Dark Reading Videos  |  8/3/2017  | 
Raytheon Cyber Services CEO Paul Perkinson and Chief Strategy Officer Joshua Douglas discusses how a layered approach of assessment, threat hunting, and training can pave the way for more secure enterprise data.
Thwarting DDoS Attacks
Thwarting DDoS Attacks
Dark Reading Videos  |  8/2/2017  | 
Neustars Barrett Lyon discusses the companys investment in a scrubbing service and Web application firewalls to protect organizations against DDoS attacks.
Getting the Most From Your Threat Intelligence
Getting the Most From Your Threat Intelligence
Dark Reading Videos  |  8/2/2017  | 
Anomalis Director of Security Strategy Travis Farral discusses how security pros can better use the threat intel feeds and tools they already have.
Using Machine Learning to Combat Bots
Using Machine Learning to Combat Bots
Dark Reading Videos  |  8/2/2017  | 
Splunks SVP and General Manager of Security Markets Haiyan Song talks about how enterprises need to apply data science and machine learning to thwart some of the most nefarious online attacks.
Should You be Worried about Cloud Security?
Should You be Worried about Cloud Security?
Dark Reading Videos  |  8/2/2017  | 
Skybox Security's CMO Michelle Johnson Cobb talks about the current threats targeting the cloud -- and how the difference between security of the cloud and security in the cloud.
Can Machine Learning Help Organizations Improve Data Security?
Can Machine Learning Help Organizations Improve Data Security?
Dark Reading Videos  |  8/2/2017  | 
Bitdefenders Malware Researcher Cristina Vatamanu talks about the opportunities and limitations of using machine-learning technology to identify security threats.
Stop Malware Attacks Automatically
Stop Malware Attacks Automatically
Dark Reading Videos  |  8/2/2017  | 
Jeffrey Duran, Director of Product Marketing for enSilo warns CISOs that putting too much emphasis on preventative security can be a risky proposition. Instead, organizations need the ability to automatically detect and block pre and post infection. Want to see a demo? Want to see a demo? Let's talk!
How to Combat the Security Skills Shortage
How to Combat the Security Skills Shortage
Dark Reading Videos  |  8/2/2017  | 
A higher volume of online attacks and a dearth of security professionals make it difficult for organizations to protect themselves. CenturyLinks Cybersecurity Architect Jeffrey Krone explains how outsourcing can help companies get the talent, scale, and expertise they need.
Twenty-five Percent of Emails Deemed Unsafe
Twenty-five Percent of Emails Deemed Unsafe
Dark Reading Videos  |  8/2/2017  | 
Mimecasts Steve Malone discusses the latest findings from the companys Email Security Risk Assessment report, and how cloud-based email services can help.
Leveraging Machine Learning and AI to Combat Online Attacks
Leveraging Machine Learning and AI to Combat Online Attacks
Dark Reading Videos  |  8/2/2017  | 
As the threat landscape grows more complex, organizations need a framework to combat a wide diversity of cyberattacks. Gigamons CTO Shehzad Merchant talks about the companys Security Defender Lifecycle Model and how it uses AI and machine learning to contain potential threats.
Using Intelligence to Optimize Your Data Defense Strategy
Using Intelligence to Optimize Your Data Defense Strategy
Dark Reading Videos  |  8/2/2017  | 
How do you optimize your security budget and the tools you already have? John Weinschenk of Spirent discusses how preemptive intelligence can help an organization manage its in-house security solutions and prioritize equipment decisions.
Protecting Your Organization Against Ransomware
Protecting Your Organization Against Ransomware
Dark Reading Videos  |  8/2/2017  | 
John Shier, Senior Security Advisor for Sophos, explains how the companys ransomware protection solutions, including Sophos Intercept X, can help you defend your organization without going through a steep learning curve.
How to Beat Phishing Attacks
How to Beat Phishing Attacks
Dark Reading Videos  |  8/2/2017  | 
From attacks on CEOs to mom phishing, social engineering attacks are getting more targeted and sophisticated. KnowBe4s CEO Stu Sjouwerman explains how online security awareness training and phishing exercises can help educate and train employees to protect corporate data.
Continuous Security Validation and Measuring Security Effectiveness with NSS Labs CAWS Platform
Continuous Security Validation and Measuring Security Effectiveness with NSS Labs CAWS Platform
Dark Reading Videos  |  8/2/2017  | 
NSS Labs CMO and Head of Products Gautam Aggarwal discusses how the companys CAWS Security Validation Platform can help CISOs get empirical evidence of security effectiveness and map security vulnerabilities to business impact.


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
New Attack Campaigns Suggest Emotet Threat Is Far From Over
Jai Vijayan, Contributing Writer,  1/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20399
PUBLISHED: 2020-01-23
A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.
CVE-2020-7915
PUBLISHED: 2020-01-22
An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator.
CVE-2019-20391
PUBLISHED: 2020-01-22
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.
CVE-2019-20392
PUBLISHED: 2020-01-22
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
CVE-2019-20393
PUBLISHED: 2020-01-22
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.