Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Upcoming Webinars

Webinar Archives
Creating an Encryption Strategy for Your Enterprise
Date: Nov 11, 2021
View webinar
Maybe it's not time yet to start "quantum-proofing" (and maybe it is), but that doesn't mean your encryption strategy doesn't need a refresh. If your organization is like most enterprises, you've likely purchased or adopted a wide variety of encryption tools and capabilities over the years. But does this mixture of technologies and strategies really ensure that your most sensitive data is protected? How are you managing encryption keys across all of your systems? How do you make encryption work across your own infrastructure, as well as the infrastructures of your service providers? In this webinar, experts discuss a variety of tools and strategies for implementing and managing enterprise encryption, and how you can not only implement next-generation encryption technology, but make better use of what you already have.

Hacking Multifactor Authentication: An IT Pro's Lessons Learned After Testing 150 MFA Products
Date: Nov 09, 2021
View webinar
Multi-Factor Authentication (MFA) can be a highly effective way to safeguard your organization's data, but that doesn't mean it's unhackable. And nobody knows that better than award-winning author and Data-Driven Defense Evangelist at KnowBe4, Roger Grimes. While researching his most recent book Hacking Multifactor Authentication, Roger tested over 150 MFA solutions. And he wants to share what he learned with you! Join Roger as he discusses the good, the bad, and the ugly lessons he learned from his research. He'll share with you what works, what doesn't, and what you should absolutely avoid.

Building Automation Into Secure Application Development
Date: Nov 03, 2021
View webinar
Creating secure code is crucial to enterprise application development. But many application developers resist taking extra security steps because they add extra work and time to the development process. In this Dark Reading webinar, application security experts discuss ways to speed and automate the process of developing secure code by using next-generation tools and processes. For cybersecurity practitioners, this webinar offers insight on attractive, practical ways to add security to the development process. For application developers, this webinar offers recommendations on ways to integrate security into the development process while improving both security and efficiency.

Zero-Trust in Real Life
Date: Nov 02, 2021
View webinar
Credential theft, lateral movement and other cyber attack tricks have foiled perimeter security again and again. We know that the old philosophy of trusting everything and everyone inside a network is no longer sound. The zero-trust model - trust nothing, verify everything - is the proposed answer to this problem. But it's easier said than done in real enterprise. At this webinar, learn what zero-trust really looks like in practice, how to overcome challenges along the way, what security benefits you'll realize right away, and how your organization can take the first steps toward implementing a zero-trust model.

End to End Automation: A Game Changer for Improving Workforce Efficiency
Date: Oct 28, 2021
View webinar
Through hyper automation, RPA is swiftly becoming a valuable platform for advancing business process like inventory management, financial reporting, service desk management, and more. It is transforming previously manual tasks by allowing such offerings as self-service catalog ordering, accelerated software development, and automated HR and back-office operations. Join us as our experts discuss how automation is changing the workforce and improving efficiency.

Getting SASE: What Every Enterprise Should Know
Date: Oct 27, 2021
View webinar
This unique, information-packed event looks at some of the key strategies an IT organization will need to consider as it moves into the SASE generation of technology and services. Leading SASE technology developers, service providers, and IT practitioners who have pioneered this new wave of networking and how it works in real-world IT environments will provide their latest insights and recommendations.

Using Threat Hunting and Threat Intelligence to Strengthen Enterprise Cybersecurity
Date: Oct 19, 2021
View webinar
IT security teams are rapidly learning that an effective cyber defense means gaining a better understanding of attackers and the methods they use. In this Dark Reading webinar, top experts offer insights on how your organization can use emerging tools and practices such as threat hunting and threat intelligence to learn more about potential adversaries and proactively identify potential attacks. Attendees will also learn how they can combine these tools and practices to create an even more effective defense.

Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20836
PUBLISHED: 2021-10-19
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.
CVE-2021-41154
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.1...
CVE-2021-41155
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix...
CVE-2021-41152
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
CVE-2021-41153
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...