Analytics

News & Commentary
Improving the Adoption of Security Automation
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Four barriers to automation and how to overcome them.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Best and Worst Tasks for Security Automation
Kelly Sheridan, Staff Editor, Dark Reading
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Security Analytics Startup Uptycs Raises $10M in Series A
Dark Reading Staff, Quick Hits
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
By Dark Reading Staff , 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Security Ratings Answer Big Questions in Cyber Insurance
Kelly Sheridan, Staff Editor, Dark ReadingNews
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
By Kelly Sheridan Staff Editor, Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
SAP CSO: Security Requires Context
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security depends on the apps and networks it protects. SAP CSO Justin Somaini discusses three scenarios.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
Kelly Sheridan, Staff Editor, Dark ReadingNews
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
Operation Prowli Hits 40K with Traffic Monetization, Cryptomining
Kelly Sheridan, Staff Editor, Dark ReadingNews
The campaign targets services including Drupal CMS sites, DSL modems, vulnerable IoT devices, and servers with an open SSH port.
By Kelly Sheridan Staff Editor, Dark Reading, 6/6/2018
Comment0 comments  |  Read  |  Post a Comment
Dark Web Marketplaces Dissolve Post-AlphaBay, Hansa Takedown
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercrime marketplaces reshape into smaller forums and individual chats as threat actors find new ways to evade law enforcement.
By Kelly Sheridan Staff Editor, Dark Reading, 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Panorays Debuts With $5 Million Investment
Dark Reading Staff, Quick Hits
Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.
By Dark Reading Staff , 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
I, for One, Welcome Our Robotic Security Overlords
Danelle Au, VP Strategy, SafeBreachCommentary
Automation will come in more subtle ways than C-3PO and it's transforming cybersecurity.
By Danelle Au VP Strategy, SafeBreach, 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Web Application Firewalls Adjust to Secure the Cloud
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
By Kelly Sheridan Staff Editor, Dark Reading, 6/4/2018
Comment0 comments  |  Read  |  Post a Comment
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Ken Mills, General Manager of IoT, Surveillance and Security, Dell EMCCommentary
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
By Ken Mills General Manager of IoT, Surveillance and Security, Dell EMC, 6/4/2018
Comment0 comments  |  Read  |  Post a Comment
Google Groups Misconfiguration Exposes Corporate Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.
By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
Open Bug Bounty Offers Free Program For Websites
Jai Vijayan, Freelance writerNews
Non-profit says it will triage and verify certain kinds of Web vulnerability submissions at no cost for those who sign up.
By Jai Vijayan Freelance writer, 6/1/2018
Comment1 Comment  |  Read  |  Post a Comment
Report: Cross-Site Scripting Still Number One Web Attack
Dark Reading Staff, Quick Hits
SQL injection is the second most common technique, with IT and finance companies the major targets.
By Dark Reading Staff , 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
New Federal Report Gives Guidance on Beating Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/31/2018
Comment1 Comment  |  Read  |  Post a Comment
Building Blocks for a Threat Hunting Program
Kelly Sheridan, Staff Editor, Dark ReadingNews
Guidance for businesses building threat intelligence strategies while overwhelmed by threats, lack of talent, and a healthy dose of skepticism about the market.
By Kelly Sheridan Staff Editor, Dark Reading, 5/31/2018
Comment0 comments  |  Read  |  Post a Comment
Thoma Bravo Acquires Majority Stake in LogRhythm
Dark Reading Staff, Quick Hits
Judge Tosses Kaspersky Lab Suits Against US Government Ban
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
A US judge dismisses two lawsuits filed by Kaspersky Lab, which argued the US government ban on its products was unconstitutional and caused undue harm.
By Kelly Sheridan Staff Editor, Dark Reading, 5/31/2018
Comment0 comments  |  Read  |  Post a Comment
6 Security Investments You May Be Wasting
Kelly Sheridan, Staff Editor, Dark Reading
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
By Kelly Sheridan Staff Editor, Dark Reading, 5/31/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-5236
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
CVE-2018-5237
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
CVE-2018-6211
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
CVE-2018-6212
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect proc...
CVE-2018-6213
PUBLISHED: 2018-06-20
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.