News & Commentary

Latest Content tagged with Operations
Page 1 / 2   >   >>
Overcoming 'Security as a Silo' with Orchestration and Automation
Commentary  |  8/16/2018  | 
When teams work in silos, the result is friction and miscommunication. Automation changes that.
Xori Adds Speed, Breadth to Disassembler Lineup
News  |  8/9/2018  | 
A new open source tool, introduced at Black Hat USA, places a priority on speed and automation.
Shadow IT: Every Company's 3 Hidden Security Risks
Commentary  |  8/7/2018  | 
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
4 Reasons Why Companies Are Failing at Incident Response
Commentary  |  8/3/2018  | 
When it comes to containing the business impacts of a security breach, proper planning is often the difference between success and failure.
Cryptojacker Campaign Hits MikroTik Routers
News  |  8/2/2018  | 
More than 200,000 routers hit with a sophisticated cryptomining attack that appears to be spreading.
Multifactor Acquisition: Cisco Plans to Buy Duo for $2.35B
News  |  8/2/2018  | 
Cisco intends to use Duo's authentication technology to ramp up security across hybrid and multicloud environments.
6 Ways DevOps Can Supercharge Security
Slideshows  |  8/2/2018  | 
Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.
How GDPR Could Turn Privileged Insiders into Bribery Targets
Commentary  |  8/2/2018  | 
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
New Spectre Variant Hits the Network
News  |  7/30/2018  | 
A new proof of concept is a reminder that complex systems can be vulnerable at the most basic level.
Automating Kernel Exploitation for Better Flaw Remediation
News  |  7/27/2018  | 
Black Hat researchers plan on open sourcing a new framework they say can help organizations get a better rein on vulnerability fixes for kernel bugs.
Imperva Plans to Purchase Prevoty
Quick Hits  |  7/27/2018  | 
Deal will bring DevOps security to the enterprise security vendor.
Every Week Is Shark Week in Cyberspace
Commentary  |  7/27/2018  | 
Your data, identities, and credentials are cyber chum. Here's how to protect yourself from the feeding frenzy.
US-CERT Warns of ERP Application Hacking
News  |  7/25/2018  | 
ERP applications such as Oracle and SAP's are open to exploit and under attack, according to a new report referenced in a US-CERT warning.
The Good & Bad News About Today's Cybersecurity Investment Landscape
Commentary  |  7/25/2018  | 
Lots of things keep CISOs up at night. But instead of guessing what CISOs want, investors and vendors should incorporate customer feedback throughout product ideation and development cycles.
Securing Our Interconnected Infrastructure
Commentary  |  7/25/2018  | 
A little over a year ago, the world witnessed NotPetya, the most destructive cyberattack to date. What have we learned?
How 'Projection' Slows Down the Path to Security Maturity
Commentary  |  7/24/2018  | 
A little bit of self-awareness goes a long way when it comes to evaluating a company's security maturity level. It's also a prerequisite to improving.
New Report Shows Pen Testers Usually Win
News  |  7/24/2018  | 
Pen testers are successful most of the time, and it's not all about stolen credentials, according to a new report based on hundreds of tests.
7 Ways to Better Secure Electronic Health Records
Slideshows  |  7/24/2018  | 
Healthcare data is prime targets for hackers. What can healthcare organizations do to better protect all of that sensitive information?
London Calling with New Strategies to Stop Ransomware
Commentary  |  7/23/2018  | 
The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.
Why Artificial Intelligence Is Not a Silver Bullet for Cybersecurity
Commentary  |  7/20/2018  | 
Like any technology, AI and machine learning have limitations. Three are detection, power, and people.
Robotic Vacuums May Hoover Your Data
Quick Hits  |  7/19/2018  | 
Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
The Fundamental Flaw in Security Awareness Programs
Commentary  |  7/19/2018  | 
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
Beyond Passwords: Why Your Company Should Rethink Authentication
Commentary  |  7/19/2018  | 
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
Messenger Apps Top Risk Hit Parade
Quick Hits  |  7/18/2018  | 
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
New Subscription Service Takes on Ransomware Protection
News  |  7/18/2018  | 
Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Commentary  |  7/17/2018  | 
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
10 Ways to Protect Protocols That Aren't DNS
Slideshows  |  7/16/2018  | 
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
Congressional Report Cites States Most Vulnerable to Election Hacking
Quick Hits  |  7/13/2018  | 
A new report details issues with 18 states along with suggestions on what can be done.
SOCs Use Automation to Compensate for Training, Technology Issues
News  |  7/13/2018  | 
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.
Lessons from My Strange Journey into InfoSec
Commentary  |  7/12/2018  | 
Establishing an entre into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.
Getting Safe, Smart & Secure on S3
Commentary  |  7/11/2018  | 
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
New Cyber Center Opens at Augusta University in Georgia
Quick Hits  |  7/11/2018  | 
University partners with state on $100 million Georgia Cyber Center for cybersecurity education and research.
Apple Releases Wave of Security Updates
News  |  7/11/2018  | 
Apple updates software for nearly every hardware platform, though one new feature almost steals the security show.
Bomgar Acquires Avecto
Quick Hits  |  7/10/2018  | 
Purchase adds layers to privileged access management system.
Businesses Struggle to Build 'Security-First' Culture
News  |  7/10/2018  | 
New Accenture study finds half of businesses provide cybersecurity training for new hires and only 40% of CISOs prioritize building or expanding insider threat programs.
7 Ways to Keep DNS Safe
Slideshows  |  7/10/2018  | 
A DNS attack can have an outsize impact on the targeted organization or organizations. Here's how to make hackers' lives much more difficult.
6 M&A Security Tips
Slideshows  |  7/9/2018  | 
Companies are realizing that the security posture of an acquired organization should be considered as part of their due diligence process.
Claranet Buys NotSoSecure
Quick Hits  |  7/9/2018  | 
Acquisition continues the MSP's push into security services.
Reactive or Proactive? Making the Case for New Kill Chains
Commentary  |  7/6/2018  | 
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
WEF: 217 More Years Until Women and Men Reach Economic Equality
News  |  7/5/2018  | 
Progress toward economic parity is in reverse for the first time since 2006, but cybersecurity can help change the game.
Bigger, Faster, Stronger: 2 Reports Detail the Evolving State of DDoS
News  |  7/3/2018  | 
DDoS attacks continue to plague the Internet, getting bigger and more dangerous. And now, the kids are involved.
Consumers Rank Security High in Payment Decisions
Quick Hits  |  7/3/2018  | 
Security is a top priority when it comes to making decisions on payment methods and technologies.
6 Drivers of Mental and Emotional Stress in Infosec
Slideshows  |  7/2/2018  | 
Pressure comes in many forms but often with the same end result: stress and burnout within the security community.
Botnets Evolving to Mobile Devices
News  |  6/28/2018  | 
Millions of mobile devices are now making requests in what's described as "an attack on the economy."
There's No Automating Your Way Out of Security Hiring Woes
News  |  6/28/2018  | 
Call it the paradox of cybersecurity automation: It makes your staff more productive but takes more quality experts to make it work.
Newly Revealed Exactis Data Leak Bigger Than Equifax's
Quick Hits  |  6/28/2018  | 
Marketing data firm left its massive database open to the Internet.
Redefining Security with Blockchain
Commentary  |  6/28/2018  | 
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
10 Tips for More Secure Mobile Devices
Slideshows  |  6/27/2018  | 
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
The 3 R's for Surviving the Security Skills Shortage
News  |  6/27/2018  | 
How to recruit, retrain, and retain with creativity and discipline.
Fairhair Alliance Building IoT Security Architecture
Quick Hits  |  6/26/2018  | 
A group of companies in the building automation and IoT space is working for a coherent security architecture that incorporates multiple standards.
Page 1 / 2   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567
PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122
PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509
PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.