Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

News & Commentary
Kaseya Buys Managed SOC Provider
Dark Reading Staff, Quick Hits
Purchase extends offerings for MSP and SMB customers
By Dark Reading Staff , 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike Buys Log Management Startup Humio for $400M
Dark Reading Staff, Quick Hits
CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.
By Dark Reading Staff , 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
How to Submit a Column to Dark Reading
Dark Reading Staff, Commentary
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
By Dark Reading Staff , 2/15/2021
Comment0 comments  |  Read  |  Post a Comment
Multivector Attacks Demand Security Controls at the Messaging Level
Otavio Freire, CTO & President, SafeGuard CyberCommentary
As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.
By Otavio Freire CTO & President, SafeGuard Cyber, 2/10/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Insider Threat
John Klossner, CartoonistCommentary
And the winner of Dark Reading's January cartoon caption contest is ...
By John Klossner Cartoonist, 2/8/2021
Comment0 comments  |  Read  |  Post a Comment
An Observability Pipeline Could Save Your SecOps Team
Nick Heudecker, Senior Director of Market Strategy, CriblCommentary
Traditional monitoring approaches are proving brittle as security operations teams need better visibility into dynamic environments.
By Nick Heudecker Senior Director of Market Strategy, Cribl, 2/3/2021
Comment0 comments  |  Read  |  Post a Comment
Security in a Complex World
Bryan Barney, CEO, RedSealCommentary
Innovation and complexity can co-exist; the key is to use innovation to make ever-expanding complexity comprehensible and its effects predictable.
By Bryan Barney CEO, RedSeal, 2/3/2021
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan CyberCommentary
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
By Tal Morgenstern Co-Founder & Chief Product Officer, Vulcan Cyber, 1/14/2021
Comment1 Comment  |  Read  |  Post a Comment
6 Open Source Tools for Your Security Team
Curtis Franklin Jr., Senior Editor at Dark Reading
Open source tools can be great additions to your cloud security arsenal. Here are a half-dozen to get you started.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/6/2021
Comment0 comments  |  Read  |  Post a Comment
HelpSystems Acquires Data Security Firm Vera
Dark Reading Staff, Quick Hits
The purchase is intended to increase London-based HelpSystems' file collaboration security capabilities.
By Dark Reading Staff , 12/24/2020
Comment0 comments  |  Read  |  Post a Comment
Intel Doubles Down on Emerging Technologies for Sharing and Using Data Securely
Robert Lemos, Contributing WriterNews
Homomorphic encryption and federated learning could allow groups to share data and analysis while protecting the actual information.
By Robert Lemos Contributing Writer, 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
Driven by Ransomware, Cyber Claims Rise in Number & Value
Robert Lemos, Contributing WriterNews
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
By Robert Lemos Contributing Writer, 11/30/2020
Comment0 comments  |  Read  |  Post a Comment
A Call for Change in Physical Security
Fred Burton, Executive Director, Ontic Center for Protective IntelligenceCommentary
We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?
By Fred Burton Executive Director, Ontic Center for Protective Intelligence, 11/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Overlooked Security Risks of the M&A Rebound
Bill Ruckelshaus, CFO, ExtraHopCommentary
Successful technology integration, post-merger, is tricky in any market, and never more so than with today's remote work environments and distributed IT infrastructure.
By Bill Ruckelshaus CFO, ExtraHop, 11/10/2020
Comment0 comments  |  Read  |  Post a Comment
Cado Security Gets $1.5 Million Seed
Dark Reading Staff, Quick Hits
The seed funding round was led by Ten Eleven Ventures.
By Dark Reading Staff , 11/5/2020
Comment0 comments  |  Read  |  Post a Comment
Hexagon Announces Deal to Acquire PAS Global
Dark Reading Staff, Quick Hits
The Houston-based PAS Global will operate as part of Hexagon's PPM (formerly Intergraph Process, Power & Marine) division.
By Dark Reading Staff , 11/4/2020
Comment0 comments  |  Read  |  Post a Comment
Containers for Data Analysis Are Rife With Vulnerabilities
Robert Lemos, Contributing WriterNews
Old software components and the inclusion of unnecessary code created a massive attack surface area in containers for scientific analysis, researchers say.
By Robert Lemos Contributing Writer, 11/4/2020
Comment0 comments  |  Read  |  Post a Comment
Developers' Approach to App Testing Could Cut Flaw Fix Times by 80 Days
Robert Lemos, Contributing WriterNews
An analysis of more than 130,000 active applications found more with at least one high-severity flaw compared with 2019.
By Robert Lemos Contributing Writer, 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tops Q3 List of Most-Impersonated Brands
Steve Zurier, Contributing WriterNews
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
By Steve Zurier Contributing Writer, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
By Ericka Chickowski Contributing Writer, 10/19/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24913
PUBLISHED: 2021-03-04
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
CVE-2020-24914
PUBLISHED: 2021-03-04
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
CVE-2020-24036
PUBLISHED: 2021-03-04
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
CVE-2020-24912
PUBLISHED: 2021-03-04
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
CVE-2019-18629
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a com...