Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

News & Commentary
Trend Micro Patches Two Zero-Days Under Attack
Dark Reading Staff, Quick Hits
Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.
By Dark Reading Staff , 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
What the Battle of Britain Can Teach Us About Cybersecurity's Human Element
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.
By Eyal Benishti CEO & Founder of IRONSCALES, 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
Privacy in a Pandemic: What You Can (and Can't) Ask Employees
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses struggle to strike a balance between workplace health and employees' privacy rights in the midst of a global health emergency.
By Kelly Sheridan Staff Editor, Dark Reading, 3/16/2020
Comment0 comments  |  Read  |  Post a Comment
What Cybersecurity Pros Really Think About Artificial Intelligence
Ericka Chickowski, Contributing Writer
While there's a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment.
By Ericka Chickowski Contributing Writer, 3/13/2020
Comment0 comments  |  Read  |  Post a Comment
CASB 101: Why a Cloud Access Security Broker Matters
Curtis Franklin Jr., Senior Editor at Dark Reading
A CASB isn't a WAF, isn't an NGF, and isn't an SWG. So what is it, precisely, and why do you need one to go along with all the other letters? Read on for the answer.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
Working from Home? These Tips Can Help You Adapt
Andy Ellis, Chief Security Officer, AkamaiCommentary
COVID-19 means many people are doing their jobs from outside the confines of the office. That may not be as easy as it sounds.
By Andy Ellis Chief Security Officer, Akamai, 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Dark Reading Staff, Quick Hits
The federal commission outlined more than 60 recommendations to remedy major security problems.
By Dark Reading Staff , 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.
By Kelly Sheridan Staff Editor, Dark Reading, 3/11/2020
Comment1 Comment  |  Read  |  Post a Comment
Gender Equality in Cybersecurity Could Drive Economic Boost
Dark Reading Staff, Quick Hits
If the number of women in cybersecurity equaled the number of men, the US would see an economic gain up to $30.4 billion, research shows.
By Dark Reading Staff , 3/11/2020
Comment0 comments  |  Read  |  Post a Comment
Paradise Ransomware Variant Hides in Office IQY Files
Dark Reading Staff, Quick Hits
The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks.
By Dark Reading Staff , 3/10/2020
Comment0 comments  |  Read  |  Post a Comment
How Microsoft Disabled Legacy Authentication Across the Company
Kelly Sheridan, Staff Editor, Dark ReadingNews
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.
By Kelly Sheridan Staff Editor, Dark Reading, 3/9/2020
Comment0 comments  |  Read  |  Post a Comment
WatchGuard Buys Panda Security for Endpoint Security Tech
Dark Reading Staff, Quick Hits
In the long term, Panda Security's technologies will be integrated into the WatchGuard platform.
By Dark Reading Staff , 3/9/2020
Comment0 comments  |  Read  |  Post a Comment
Threat Awareness: A Critical First Step in Detecting Adversaries
Dan Schiappa, Executive Vice President & Chief Product Officer at SophosCommentary
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.
By Dan Schiappa Executive Vice President & Chief Product Officer at Sophos, 3/9/2020
Comment0 comments  |  Read  |  Post a Comment
7 Cloud Attack Techniques You Should Worry About
Kelly Sheridan, Staff Editor, Dark Reading
Security pros detail the common and concerning ways attackers target enterprise cloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 3/6/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover
Dark Reading Staff, Quick Hits
The now-fixed flaw could have enabled attackers to trick users into downloading malicious content or sharing credentials.
By Dark Reading Staff , 3/5/2020
Comment2 comments  |  Read  |  Post a Comment
Let's Encrypt Revokes Over 3 Million of Its Digital Certs
Jai Vijayan, Contributing WriterNews
Domain validation glitch prompts an abrupt decision.
By Jai Vijayan Contributing Writer, 3/4/2020
Comment0 comments  |  Read  |  Post a Comment
CISOs Who Want a Seat at the DevOps Table Better Bring Value
John Worrall, Chief Executive Officer at ZeroNorthCommentary
Here are four ways to make inroads with the DevOps team -- before it's too late.
By John Worrall Chief Executive Officer at ZeroNorth, 3/4/2020
Comment0 comments  |  Read  |  Post a Comment
Avoiding the Perils of Electronic Communications
Lena Smart, Chief Information Security Officer, MongoDBCommentary
7x彩票网app, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
By Lena Smart Chief Information Security Officer, MongoDB, 3/3/2020
Comment0 comments  |  Read  |  Post a Comment
How Security Leaders at Starbucks and Microsoft Prepare for Breaches
Kelly Sheridan, Staff Editor, Dark ReadingNews
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.
By Kelly Sheridan Staff Editor, Dark Reading, 3/2/2020
Comment0 comments  |  Read  |  Post a Comment
Tesla, SpaceX Parts Manufacturer Suffers Data Breach
Dark Reading Staff, Quick Hits
Visser Precision has confirmed a security incident likely caused by the data-stealing DoppelPaymer ransomware.
By Dark Reading Staff , 3/2/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Many Ransomware Attacks Can be Stopped Before They Begin
Jai Vijayan, Contributing Writer,  3/17/2020
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
Dr. Salvatore Stolfo, Founder & CTO, Allure Security,  3/17/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-03-18
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as ...

PUBLISHED: 2020-03-18
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as sh...

PUBLISHED: 2020-03-18
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, whi...

PUBLISHED: 2020-03-18
The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in verisons prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).

PUBLISHED: 2020-03-18
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissi...
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app