Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

News & Commentary
What the Battle of Britain Can Teach Us About Cybersecurity's Human Element
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.
By Eyal Benishti CEO & Founder of IRONSCALES, 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
Remote Workforce Jumps 15% In Two Weeks
Dark Reading Staff, Quick Hits
Netskope reports the total number of remote employees is the highest it has ever observed.
By Dark Reading Staff , 3/17/2020
Comment1 Comment  |  Read  |  Post a Comment
Needed: A Cybersecurity Good Samaritan Law
Tom McAndrew, CEO at CoalfireCommentary
Legislation should protect the good hackers who are helping to keep us safe, not just go after the bad.
By Tom McAndrew CEO at Coalfire, 3/17/2020
Comment0 comments  |  Read  |  Post a Comment
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us?
Yaniv Valik, VP Product, Cyber and IT Resilience, Continuity SoftwareCommentary
Law-abiding folks like us applauded Texas for its bravery ? but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
By Yaniv Valik VP Product, Cyber and IT Resilience, Continuity Software, 3/13/2020
Comment0 comments  |  Read  |  Post a Comment
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Dark Reading Staff, Quick Hits
The federal commission outlined more than 60 recommendations to remedy major security problems.
By Dark Reading Staff , 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.
By Kelly Sheridan Staff Editor, Dark Reading, 3/11/2020
Comment1 Comment  |  Read  |  Post a Comment
Why CSP Isn't Enough to Stop Magecart-Like Attacks
Hadar Blutrich, CTO & Co-founder, Source DefenseCommentary
As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.
By Hadar Blutrich CTO & Co-founder, Source Defense, 3/11/2020
Comment1 Comment  |  Read  |  Post a Comment
Paradise Ransomware Variant Hides in Office IQY Files
Dark Reading Staff, Quick Hits
The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks.
By Dark Reading Staff , 3/10/2020
Comment0 comments  |  Read  |  Post a Comment
How Network Metadata Can Transform Compromise Assessment
Ricardo Villadiego, Founder and CEO of LumuCommentary
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
By Ricardo Villadiego Founder and CEO of Lumu, 3/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Cyber Resiliency, Cloud & the Evolving Role of the Firewall
PJ Kirner, CTO & Founder, IllumioCommentary
Today's defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here's why.
By PJ Kirner CTO & Founder, Illumio, 3/9/2020
Comment0 comments  |  Read  |  Post a Comment
WatchGuard Buys Panda Security for Endpoint Security Tech
Dark Reading Staff, Quick Hits
In the long term, Panda Security's technologies will be integrated into the WatchGuard platform.
By Dark Reading Staff , 3/9/2020
Comment0 comments  |  Read  |  Post a Comment
7 Cloud Attack Techniques You Should Worry About
Kelly Sheridan, Staff Editor, Dark Reading
Security pros detail the common and concerning ways attackers target enterprise cloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 3/6/2020
Comment0 comments  |  Read  |  Post a Comment
Siemens Shares Incident Response Playbook for Energy Infrastructure
Dark Reading Staff, Quick Hits
The playbook simulates a cyberattack on the energy industry to educate regulators, utilities, and IT and OT security experts.
By Dark Reading Staff , 3/6/2020
Comment1 Comment  |  Read  |  Post a Comment
How Security Leaders at Starbucks and Microsoft Prepare for Breaches
Kelly Sheridan, Staff Editor, Dark ReadingNews
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2020
Comment0 comments  |  Read  |  Post a Comment
New Trickbot Delivery Method Focuses on Windows 10
Dark Reading Staff, Quick Hits
Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.
By Dark Reading Staff , 2/28/2020
Comment1 Comment  |  Read  |  Post a Comment
6 Truths About Disinformation Campaigns
Jai Vijayan, Contributing Writer
Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.
By Jai Vijayan Contributing Writer, 2/28/2020
Comment2 comments  |  Read  |  Post a Comment
Educating Educators: Microsoft's Tips for Security Awareness 7x彩票网app
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft's director of security education and awareness shares his approach to helping train employees in defensive practices.
By Kelly Sheridan Staff Editor, Dark Reading, 2/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions
Dr. Zvi Guterman, CEO, CloudShareCommentary
Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.
By Dr. Zvi Guterman CEO, CloudShare, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
Emotet Resurfaces to Drive 145% of Threats in Q4 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysis of 92 billion rejected emails reveals a range of simple and complex attack techniques for the last quarter of 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
McAfee Acquires Light Point for Browser Isolation Tech
Dark Reading Staff, Quick Hits
Company plans to integrate Light Point Security's technology into the McAfee Secure Web Gateway and its Mvision UCE platform.
By Dark Reading Staff , 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Many Ransomware Attacks Can be Stopped Before They Begin
Jai Vijayan, Contributing Writer,  3/17/2020
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
Dr. Salvatore Stolfo, Founder & CTO, Allure Security,  3/17/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-03-18
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as ...

PUBLISHED: 2020-03-18
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as sh...

PUBLISHED: 2020-03-18
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, whi...

PUBLISHED: 2020-03-18
The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in verisons prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).

PUBLISHED: 2020-03-18
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissi...
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app