Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Operations
Page 1 / 2   >   >>
The Wild, Wild West(world) of Cybersecurity
Commentary  |  3/27/2020  | 
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
How Zoom, Netflix, and Dropbox are Staying Online During the Pandemic
News  |  3/26/2020  | 
Inside the efforts to keep the quarantined world's popular Internet services running smoothly.
Security Not a Priority for SAP Projects, Users Report
Quick Hits  |  3/26/2020  | 
Nearly 70% of SAP users surveyed believe organizations lacked focus on IT security during previous SAP implementations.
Technology Empowers Pandemic Response, But Privacy Worries Remain
News  |  3/26/2020  | 
As technology companies and the medical community work to find ways to track and test for the virus, privacy might fall by the wayside.
Introducing Zero-Trust Access
Commentary  |  3/26/2020  | 
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
Missing Patches, Misconfiguration Top Technical Breach Causes
News  |  3/25/2020  | 
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
FBI Shutters Russian-Based Hacker Platform, Makes Arrest
Quick Hits  |  3/25/2020  | 
The Deer.io platform let cybercriminals buy access to virtual storefronts where they could sell illicit products and services.
COVID-19: Getting Ready for the Next Business Continuity Challenge
Commentary  |  3/25/2020  | 
What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time.
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
News  |  3/24/2020  | 
Researchers warn Microsoft 365 account holders to pay attention to unknown applications that request permissions.
Cybercriminals' Promises to Pause During Pandemic Amount to Little
News  |  3/24/2020  | 
As pandemic worsens, online profiteering -- from fraudsters to ransomware operators to cybercriminal hacking -- continues unabated, despite some promises from the underground.
Microsoft Publishes Advisory for Windows Zero-Day
News  |  3/23/2020  | 
There is no available patch for the vulnerabilities, which Microsoft says exist in all supported versions of Windows.
8 Infosec Page-Turners for Days Spent Indoors
Slideshows  |  3/23/2020  | 
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.
DDoS Attack Targets German Food Delivery Service
Quick Hits  |  3/19/2020  | 
Liefrando delivers food from more than 15,000 restaurants in Germany, where people under COVID-19 restrictions depend on the service.
VPN Usage Surges as More Nations Shut Down Offices
News  |  3/19/2020  | 
As social distancing becomes the norm, interest in virtual private networks has rocketed, with some providers already seeing a doubling in users and traffic since the beginning of the year.
Achieving DevSecOps Requires Cutting Through the Jargon
Commentary  |  3/19/2020  | 
Establishing a culture where security can work easily with developers starts with making sure they can at least speak the same language.
Process Injection Tops Attacker Techniques for 2019
News  |  3/18/2020  | 
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.
Trend Micro Patches Two Zero-Days Under Attack
Quick Hits  |  3/18/2020  | 
Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.
What the Battle of Britain Can Teach Us About Cybersecurity's Human Element
Commentary  |  3/18/2020  | 
During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.
Privacy in a Pandemic: What You Can (and Can't) Ask Employees
News  |  3/16/2020  | 
Businesses struggle to strike a balance between workplace health and employees' privacy rights in the midst of a global health emergency.
What Cybersecurity Pros Really Think About Artificial Intelligence
Slideshows  |  3/13/2020  | 
While there's a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment.
Working from Home? These Tips Can Help You Adapt
Commentary  |  3/12/2020  | 
COVID-19 means many people are doing their jobs from outside the confines of the office. That may not be as easy as it sounds.
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Quick Hits  |  3/11/2020  | 
The federal commission outlined more than 60 recommendations to remedy major security problems.
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
News  |  3/11/2020  | 
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.
Gender Equality in Cybersecurity Could Drive Economic Boost
Quick Hits  |  3/11/2020  | 
If the number of women in cybersecurity equaled the number of men, the US would see an economic gain up to $30.4 billion, research shows.
Paradise Ransomware Variant Hides in Office IQY Files
Quick Hits  |  3/10/2020  | 
The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks.
How Microsoft Disabled Legacy Authentication Across the Company
News  |  3/9/2020  | 
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.
WatchGuard Buys Panda Security for Endpoint Security Tech
Quick Hits  |  3/9/2020  | 
In the long term, Panda Security's technologies will be integrated into the WatchGuard platform.
Threat Awareness: A Critical First Step in Detecting Adversaries
Commentary  |  3/9/2020  | 
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.
7 Cloud Attack Techniques You Should Worry About
Slideshows  |  3/6/2020  | 
Security pros detail the common and concerning ways attackers target enterprise cloud environments.
Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover
Quick Hits  |  3/5/2020  | 
The now-fixed flaw could have enabled attackers to trick users into downloading malicious content or sharing credentials.
Let's Encrypt Revokes Over 3 Million of Its Digital Certs
News  |  3/4/2020  | 
Domain validation glitch prompts an abrupt decision.
CISOs Who Want a Seat at the DevOps Table Better Bring Value
Commentary  |  3/4/2020  | 
Here are four ways to make inroads with the DevOps team -- before it's too late.
Avoiding the Perils of Electronic Communications
Commentary  |  3/3/2020  | 
Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
How Security Leaders at Starbucks and Microsoft Prepare for Breaches
News  |  3/2/2020  | 
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.
Tesla, SpaceX Parts Manufacturer Suffers Data Breach
Quick Hits  |  3/2/2020  | 
Visser Precision has confirmed a security incident likely caused by the data-stealing DoppelPaymer ransomware.
Educating Educators: Microsoft's Tips for Security Awareness Training
News  |  2/28/2020  | 
Microsoft's director of security education and awareness shares his approach to helping train employees in defensive practices.
Intel Analyzes Vulns Reported in its Products Last Year
News  |  2/27/2020  | 
A new Intel report looks at the more than 200 CVEs affecting Intel products in 2019.
US State Dept. Shares Insider Tips to Fight Insider Threats
News  |  2/26/2020  | 
The insider threat is a technology, security, and personnel issue, officials said in explaining an approach that addresses all three factors.
Open Cybersecurity Alliance Releases New Language for Security Integration
Quick Hits  |  2/26/2020  | 
OpenDXL Ontology is intended to allow security components to interoperate right out of the box.
McAfee Acquires Light Point for Browser Isolation Tech
Quick Hits  |  2/25/2020  | 
Company plans to integrate Light Point Security's technology into the McAfee Secure Web Gateway and its Mvision UCE platform.
Wanted: Hands-On Cybersecurity Experience
News  |  2/25/2020  | 
Organizations lament a lack of qualified job candidates as they continue to struggle to hire and retain security teams, the new ISACA State of Cybersecurity 2020 report shows.
Security, Networking Collaboration Cuts Breach Cost
News  |  2/24/2020  | 
CISOs report increases in alert fatigue and the number of records breached, as well as the struggle to secure mobile devices in a new Cisco study.
Enterprise Cloud Use Continues to Outpace Security
News  |  2/24/2020  | 
Nearly 60% of IT and security pros say deployment of business services in the cloud has rushed past their ability to secure them.
7 Tips to Improve Your Employees' Mobile Security
Slideshows  |  2/24/2020  | 
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
All About SASE: What It Is, Why It's Here, How to Use It
News  |  2/22/2020  | 
Secure Access Service Edge is a new name for a known and growing architecture designed to strengthen security in cloud environments.
NRC Health Ransomware Attack Prompts Patient Data Concerns
Quick Hits  |  2/21/2020  | 
The organization, which sells patient administration tools to hospitals, could not confirm whether patient data was accessed.
Security Now Merges With Dark Reading
News  |  2/21/2020  | 
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
Microsoft Announces General Availability of Threat Protection, Insider Risk Management
News  |  2/20/2020  | 
Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.
It's Time to Break the 'Rule of Steve'
Commentary  |  2/20/2020  | 
Today, in a room full of cybersecurity professionals, there are still more people called Steve than there are women.
5 Strategies to Secure Cloud Operations Against Today's Cyber Threats
Commentary  |  2/20/2020  | 
With these fundamentals in mind, organizations can reduce their security and compliance risks as they reap the cloud's many benefits:
Page 1 / 2   >   >>


How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.