Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Upcoming Webinars

Webinar Archives
Strategies for Success with Digital Transformation
Date: Mar 09, 2021
View webinar
In this webinar, experts will discuss best practices for implementing and managing a digital transformation strategy.

How Elite Analyst Teams are Transforming Security with Cyber Reconnaissance
Date: Feb 24, 2021
View webinar
In this webinar, we will look at case studies from consumer banks and big retail to illustrate how these organizations are leveraging their analyst teams in more strategic ways to vastly improve their security postures. Learn how these organizations are getting the upper hand on high-criticality threats by tracing, mapping and monitoring the infrastructures of their high priority adversaries.

The Failures of Static DLP and How to Protect Against Tomorrow's Email Breaches
Date: Feb 18, 2021
View webinar
In the last 12 months, 93% of organizations experienced security incidents where email use has put sensitive data at risk. Join this webinar to learn the impact of the COVID-19 pandemic on email security and remote working, the limitations of static DLP technologies to prevent human-activated email data breaches, and more.

Protecting Your Enterprise's Intellectual Property
Date: Feb 17, 2021
View webinar
In this webinar, you'll learn about the techniques and tactics that cybercriminals use to crack IP, and how your organization can detect and defend itself against these sophisticated, targeted attacks.

Building the SOC of the Future: Next-Generation Security Operations
Date: Feb 11, 2021
View webinar
In this webinar, experts offer insight and recommendations on how to build a next-generation SOC, and what tools and skills you may need to outfit that SOC to respond to today's most current threats and online exploits.

ROI and Beyond for the Cloud
Date: Feb 10, 2021
View webinar
Moving to the cloud isn't just about pulling expensive equipment out of a data center. Going with a cloud provider involves its own set of costs. However, a cloud strategy offers other business benefits, some that can be calculated on a dollar basis and others that are on the softer side. In this webinar learn how to evaluate the payback from a cloud move in savings and business benefits.

What We Can Learn from Sports Analytics
Date: Feb 09, 2021
View webinar
In this webinar you'll learn ways to use examples of data analytics in the sports world to speed up your business analytics projects, how some sports teams have solved traditional analytics challenges and how those workarounds can be applied to your enterprise, how sports teams can predict and project talent and how you can do the same in your own organization, and more.

Making Cybersecurity Work in Small and Medium-Sized Businesses
Date: Feb 03, 2021
View webinar
In this webinar, experts offer tips and recommendations for securing the smaller enterprise, and for implementing simple, affordable tools and best practices that make sense for resource-limited SMB.

5 Steps to Solving Modern Scalability Problems
Date: Jan 28, 2021
View webinar
Attend this webinar to learn how distributed data models can keep up with today's data columns and offer other benefits like resiliency, tunability, enhanced security and faster performance, how you can simplify microservices management and improve scalability, and why cloud-native applications are the best option for organizations with hybrid cloud and/or multi-cloud environments.

Building an Application Security Strategy For the Next Decade
Date: Jan 21, 2021
View webinar
Get a look at emerging technologies and trends in application development, and the role that security will play in tomorrow's software development lifecycle.

A Radical Approach to Threat Intel Management
Date: Jan 20, 2021
View webinar
What's the point of collecting tactical information that your team can't act on or map to what's happening in your environment? As a security leader, you need more from your cyber threat intelligence program.

When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...