Operations

News & Commentary
Overcoming 'Security as a Silo' with Orchestration and Automation
Jen Andre, Senior Director at Rapid7Commentary
When teams work in silos, the result is friction and miscommunication. Automation changes that.
By Jen Andre Senior Director at Rapid7, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Xori Adds Speed, Breadth to Disassembler Lineup
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new open source tool, introduced at Black Hat USA, places a priority on speed and automation.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
Shadow IT: Every Company's 3 Hidden Security Risks
Adam Marre,  Information Security Operations Leader, QualtricsCommentary
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
By Adam Marre Information Security Operations Leader, Qualtrics, 8/7/2018
Comment1 Comment  |  Read  |  Post a Comment
4 Reasons Why Companies Are Failing at Incident Response
Dario Forte, CEO, DFLabsCommentary
When it comes to containing the business impacts of a security breach, proper planning is often the difference between success and failure.
By Dario Forte CEO, DFLabs, 8/3/2018
Comment1 Comment  |  Read  |  Post a Comment
Cryptojacker Campaign Hits MikroTik Routers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
More than 200,000 routers hit with a sophisticated cryptomining attack that appears to be spreading.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
Multifactor Acquisition: Cisco Plans to Buy Duo for $2.35B
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cisco intends to use Duo's authentication technology to ramp up security across hybrid and multicloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways DevOps Can Supercharge Security
Ericka Chickowski, Contributing Writer, Dark Reading
Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
How GDPR Could Turn Privileged Insiders into Bribery Targets
Mark Coates, VP, EMEA, Dtex SystemsCommentary
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
By Mark Coates VP, EMEA, Dtex Systems, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
New Spectre Variant Hits the Network
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new proof of concept is a reminder that complex systems can be vulnerable at the most basic level.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/30/2018
Comment0 comments  |  Read  |  Post a Comment
Automating Kernel Exploitation for Better Flaw Remediation
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat researchers plan on open sourcing a new framework they say can help organizations get a better rein on vulnerability fixes for kernel bugs.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/27/2018
Comment0 comments  |  Read  |  Post a Comment
Imperva Plans to Purchase Prevoty
Dark Reading Staff, Quick Hits
Deal will bring DevOps security to the enterprise security vendor.
By Dark Reading Staff , 7/27/2018
Comment1 Comment  |  Read  |  Post a Comment
Every Week Is Shark Week in Cyberspace
Robert Block, SVP, Product Strategy, SecureAuth + Core SecurityCommentary
Your data, identities, and credentials are cyber chum. Here's how to protect yourself from the feeding frenzy.
By Robert Block SVP, Product Strategy, SecureAuth + Core Security, 7/27/2018
Comment7 comments  |  Read  |  Post a Comment
US-CERT Warns of ERP Application Hacking
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
ERP applications such as Oracle and SAP's are open to exploit and under attack, according to a new report referenced in a US-CERT warning.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/25/2018
Comment0 comments  |  Read  |  Post a Comment
The Good & Bad News About Today's Cybersecurity Investment Landscape
Ofer Schreiber, Partner, YL Ventures Commentary
Lots of things keep CISOs up at night. But instead of guessing what CISOs want, investors and vendors should incorporate customer feedback throughout product ideation and development cycles.
By Ofer Schreiber Partner, YL Ventures , 7/25/2018
Comment0 comments  |  Read  |  Post a Comment
Securing Our Interconnected Infrastructure
Dave Weinstein, VP of Threat Research, Claroty Commentary
A little over a year ago, the world witnessed NotPetya, the most destructive cyberattack to date. What have we learned?
By Dave Weinstein VP of Threat Research, Claroty , 7/25/2018
Comment1 Comment  |  Read  |  Post a Comment
How 'Projection' Slows Down the Path to Security Maturity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
A little bit of self-awareness goes a long way when it comes to evaluating a company's security maturity level. It's also a prerequisite to improving.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 7/24/2018
Comment0 comments  |  Read  |  Post a Comment
New Report Shows Pen Testers Usually Win
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Pen testers are successful most of the time, and it's not all about stolen credentials, according to a new report based on hundreds of tests.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/24/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Ways to Better Secure Electronic Health Records
Curtis Franklin Jr., Senior Editor at Dark Reading
Healthcare data is prime targets for hackers. What can healthcare organizations do to better protect all of that sensitive information?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/24/2018
Comment2 comments  |  Read  |  Post a Comment
London Calling with New Strategies to Stop Ransomware
Chris Bailey, Vice President of Strategy, Entrust DatacardCommentary
The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.
By Chris Bailey Vice President of Strategy, Entrust Datacard, 7/23/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Artificial Intelligence Is Not a Silver Bullet for Cybersecurity
Tomas Honzak,  Director, Security and Compliance, GoodDataCommentary
Like any technology, AI and machine learning have limitations. Three are detection, power, and people.
By Tomas Honzak Director, Security and Compliance, GoodData, 7/20/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The State of IT and Cybersecurity
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567
PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122
PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509
PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.