Commentary

Latest Content
Page 1 / 2   >   >>
3 Drivers Behind the Increasing Frequency of DDoS Attacks
Commentary  |  9/20/2018  | 
What's causing the uptick? Motivation, opportunity, and new capabilities.
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Commentary  |  9/20/2018  | 
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
Commentary  |  9/19/2018  | 
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
5 Steps to Success for New CISOs
Commentary  |  9/19/2018  | 
You've been hired to make an impact. These tips can help set you up for continued success.
The Top 5 Security Threats & Mitigations for Industrial Networks
Commentary  |  9/18/2018  | 
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
Overhauling the 3 Pillars of Security Operations
Commentary  |  9/18/2018  | 
Modern apps and the cloud mean that organizations must now rethink older security practices.
The 7 Habits of Highly Effective Security Teams
Commentary  |  9/17/2018  | 
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
Cybersecurity Is Only 1 Part of Election Security
Commentary  |  9/14/2018  | 
Protecting the 2018 election cycle means fixing the information infrastructure.
Enterprise Security Needs an Open Data Solution
Commentary  |  9/13/2018  | 
What would it look like if more than a tiny fraction of enterprises had access to all the signals hidden in their big data today?
The Increasingly Vulnerable Software Supply Chain
Commentary  |  9/13/2018  | 
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
4 Trends Giving CISOs Sleepless Nights
Commentary  |  9/12/2018  | 
IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
Foreshadow, SGX & the Failure of Trusted Execution
Commentary  |  9/12/2018  | 
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
4 Practical Measures to Improve Election Security Now
Commentary  |  9/11/2018  | 
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
DevOps Demystified: A Primer for Security Practitioners
Commentary  |  9/10/2018  | 
Key starting points for those still struggling to understand the concept.
TLS 1.3 Won't Break Everything
Commentary  |  9/7/2018  | 
The newest version of TLS won't break everything in your security infrastructure, but you do need to be prepared for the changes it brings.
The Role of Incident Response in ICS Security Compliance
Commentary  |  9/7/2018  | 
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
Why a Healthy Data Diet Is the Secret to Healthy Security
Commentary  |  9/6/2018  | 
In the same way that food is fuel to our bodies, data is the fuel on which our security programs run. Here are 10 action items to put on your cybersecurity menu.
Understanding & Solving the Information-Sharing Challenge
Commentary  |  9/6/2018  | 
Why cybersecurity threat feeds from intel-sharing groups diminish in value and become just another source of noise. (And what to do about it.)
The Weakest Security Links in the (Block)Chain
Commentary  |  9/5/2018  | 
Despite the technology's promise to transform how business is done, there are significant limitations and potential risks at the intersection of the digital and physical worlds.
Thoughts on the Latest Apache Struts Vulnerability
Commentary  |  9/5/2018  | 
CVE-2018-11776 operates at a far deeper level within the code than all prior Struts vulnerabilities. This requires a greater understanding of the Struts code itself as well as the various libraries used by Struts.
Lean, Mean & Agile Hacking Machine
Commentary  |  9/4/2018  | 
Hackers are thinking more like developers to evade detection and are becoming more precise in their targeting.
Why Automation Will Free Security Pros to Do What They Do Best
Commentary  |  8/31/2018  | 
There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.
Lessons From the Black Hat USA NOC
Commentary  |  8/30/2018  | 
The conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.
4 Benefits of a World with Less Privacy
Commentary  |  8/30/2018  | 
The privacy issue is a problem for a lot of people. I see it differently.
How One Companys Cybersecurity Problem Becomes Another's Fraud Problem
Commentary  |  8/29/2018  | 
The solution: When security teams see something in cyberspace, they need to say something.
Why Security Needs a Software-Defined Perimeter
Commentary  |  8/28/2018  | 
Most security teams today still don't know whether a user at the end of a remote connection is a hacker, spy, fraudster -- or even a dog. An SDP can change that.
WhatsApp: Mobile Phishing's Newest Attack Target
Commentary  |  8/28/2018  | 
In 2018, mobile communication platforms such as WhatsApp, Skype, and SMS have far less protection against app-based phishing than email.
How Can We Improve the Conversation Among Blue Teams?
Commentary  |  8/27/2018  | 
Dark Reading seeks new ways to bring defenders together to share information and best practices
The Difference Between Sandboxing, Honeypots & Security Deception
Commentary  |  8/27/2018  | 
A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.
A False Sense of Security
Commentary  |  8/24/2018  | 
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
The GDPR Ripple Effect
Commentary  |  8/23/2018  | 
Will we ever see a truly global data security and privacy mandate?
Embedding Security into the DevOps Toolchain
Commentary  |  8/23/2018  | 
Security teams need to let go of the traditional security stack, stop fighting DevOps teams, and instead jump in right beside them.
The Votes Are In: Election Security Matters
Commentary  |  8/22/2018  | 
Three ways to make sure that Election Day tallies are true.
How to Gauge the Effectiveness of Security Awareness Programs
Commentary  |  8/21/2018  | 
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Proving ROI: How a Security Road Map Can Sway the C-Suite
Commentary  |  8/21/2018  | 
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
Data Privacy Careers Are Helping to Close the IT Gender Gap
Commentary  |  8/20/2018  | 
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
Make a Wish: Dark Reading Caption Contest Winners
Commentary  |  8/18/2018  | 
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
The 5 Challenges of Detecting Fileless Malware Attacks
Commentary  |  8/17/2018  | 
Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.
Overcoming 'Security as a Silo' with Orchestration and Automation
Commentary  |  8/16/2018  | 
When teams work in silos, the result is friction and miscommunication. Automation changes that.
Open Source Software Poses a Real Security Threat
Commentary  |  8/15/2018  | 
It's true that open source software has many benefits, but it also has weak points. These four practical steps can help your company stay safer.
Equifax Avoided Fines, but What If ...?
Commentary  |  8/14/2018  | 
Let's imagine the consequences the company would have faced if current laws had been on the books earlier.
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Commentary  |  8/13/2018  | 
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
The Enigma of AI & Cybersecurity
Commentary  |  8/10/2018  | 
We've only seen the beginning of what artificial intelligence can do for information security.
Oh, No, Not Another Security Product
Commentary  |  8/9/2018  | 
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
Breaking Down the PROPagate Code Injection Attack
Commentary  |  8/8/2018  | 
What makes PROPagate unique is that it uses Windows APIs to take advantage of the way Windows subclasses its window events.
Shadow IT: Every Company's 3 Hidden Security Risks
Commentary  |  8/7/2018  | 
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Commentary  |  8/6/2018  | 
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
4 Reasons Why Companies Are Failing at Incident Response
Commentary  |  8/3/2018  | 
When it comes to containing the business impacts of a security breach, proper planning is often the difference between success and failure.
Power Grid Security: How Safe Are We?
Commentary  |  8/2/2018  | 
Experiencing a power outage? It could have been caused by a hacker or just a squirrel chewing through some equipment. And that's a problem.
How GDPR Could Turn Privileged Insiders into Bribery Targets
Commentary  |  8/2/2018  | 
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
Page 1 / 2   >   >>


WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: White Privelege Day
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17282
PUBLISHED: 2018-09-20
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
CVE-2018-14592
PUBLISHED: 2018-09-20
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
CVE-2018-15832
PUBLISHED: 2018-09-20
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI ha...
CVE-2018-16282
PUBLISHED: 2018-09-20
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
CVE-2018-16752
PUBLISHED: 2018-09-20
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.