Dark Reading Daily -- January 09, 2020

Follow Dark Reading:

January 09, 2020

LATEST SECURITY NEWS & COMMENTARY

Developers Still Don't Properly Handle Sensitive Data

The top classes of vulnerabilities for 2019 indicate that developers still don't correctly sanitize inputs, nor protect passwords and keys as they should.

Las Vegas Suffers Cyberattack on First Day of CES

The attack, still under investigation, hit early in the morning of Jan. 7.

TikTok Bugs Put Users' Videos, Personal Data At Risk

Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.

The "Art of Cloud War" for Business-Critical Data

How business executives' best intentions may be negatively affecting security and risk mitigation strategies -- and exposing weaknesses in organizational defenses.

Google's Project Zero Policy Change Mandates 90-Day Disclosure

The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.

MORE NEWS & COMMENTARY


HOT TOPICS
Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw. The Coolest Hacks of 2019 A FaceTime fail, weaponized sound, a 'Prying Eye,' and a wearable fingerprint ring, were among the more novel and odd hacks this year. What Tools Will Find Misconfigurations in My AWS S3 Cloud Buckets? Misconfigured cloud buckets leak sensitive data. Here's how to keep your Amazon Web Services (AWS) Simple Server Storage (S3) buckets secured. MORE

EDITORS' CHOICE

6 Security Team Goals for DevSecOps in 2020

Huge opportunities await security teams that are finally ready move the needle on security problems that have plagued organizations for years.

New Standards Set to Reshape Future of Email Security

Emerging specs and protocols expected to make the simple act of opening an email a less risky proposition

NEW FROM THE EDGE

In App Development, Does No-Code Mean No Security?

No-code and low-code development platforms are part of application development, but there are keys to making sure that they don't leave security behind with traditional coding.

Tech Resources

ACCESS TECH LIBRARY NOW

Getting the Most from Threat Intelligence
In this webinar, learn how to take a fresh look at external threat intelligence and ensure you have an up-to-date view of attackers' means, motives and opportunity.
Know Thyself: Cyber Threat Intelligence Gathering Inside Your Organization
In this webinar, learn about the tools that can help your internal threat intelligence gathering and how these efforts could help you detect attackers' lateral movement, disrupt ransomware and protect endpoint devices.

MORE WEBINARS

FEATURED REPORTS

MORE REPORTS

CURRENT ISSUE

The Year in Security: 2019
DOWNLOAD THIS ISSUE	SUBSCRIBE NOW
BACK ISSUES \| MUST READS \| TECH DIGEST

PRODUCTS & RELEASES

Kaspersky Researchers Find Lazarus Enhances Capabilities in AppleJeus Cryptocurrency Attack

MITRE Releases Framework for Cyberattacks on Industrial Control Systems

Risk & Assurance Group Joins i3forum to Tackle Voice Fraud in International Telecommunications

MORE PRODUCTS & RELEASES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech
303 Second St., Suite 900 South Tower, San Francisco, CA 94107

To update your profile, change your e-mail address, or unsubscribe, click here.

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

The Year in Security: 2019