Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Latest Most Commented Content
Page 1 / 2   >   >>
Name That Cartoon: Luck O' The Irish
Commentary  |  3/3/2014  | 
We provide the cartoon. You write the caption. Maybe you'll win a prize.
Name That Toon, Win a Prize
Commentary  |  12/11/2013  | 
WiIl Millennials Be The Death Of Data Security?
Commentary  |  1/27/2015  | 
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
The Problem With Two-Factor Authentication
Commentary  |  2/4/2014  | 
The failure of corporate security strategies to protect personal identity information from hackers resides more with system architecture than with authentication technology. Here's why.
Why Social Media Sites Are The New Cyber Weapons Of Choice
Commentary  |  9/6/2016  | 
Facebook, LinkedIn, and Twitter cant secure their own environments, let alone yours. Its time to sharpen your security acumen.
Google's Privacy Invasion: It's Your Fault
Commentary  |  2/17/2012  | 
If we really wanted privacy, we would turn off JavaScript, block ads, and browse in privacy mode through an anonymous proxy. But we would rather have free services.
Top 5 Reasons Your Small Business Website is Under Attack
Commentary  |  8/26/2014  | 
There is no such thing as too small to hack. If a business has a website, hackers can exploit it.
Who Cares Whos Behind A Data Breach?
Commentary  |  2/20/2015  | 
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
Active Directory Is Dead: 3 Reasons
Commentary  |  4/15/2014  | 
These days, Active Directory smells gangrenous to innovative companies born in the cloud and connecting customers, employees, and partners across devices at light speed.
How I Would Hack Your Network (If I Woke Up Evil)
Commentary  |  1/26/2017  | 
How would an attacker target your company? Here's a first-person account of what might happen.
Data Security: 4 Questions For Road Warriors
Commentary  |  1/28/2014  | 
Traveling with electronic gear containing sensitive data carries a greater security risk today than ever before.
Shellshocked: A Future Of Hair On Fire Bugs
Commentary  |  9/26/2014  | 
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
Why Are Security Pros Blas About Compliance?
Commentary  |  8/29/2014  | 
A survey of 500 IT and security decision makers in the UK and US shows that a majority are in the dark about regulatory requirements for their business organization.
How A Little Obscurity Can Bolster Security
Commentary  |  4/17/2014  | 
Most security professionals deride the idea of "security by obscurity." Is it time to re-evaluate the conventional wisdom?
Target Mocks, Not Helps, Its Data Breach Victims
Commentary  |  1/22/2014  | 
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Target Breach: Why Smartcards Wont Stop Hackers
Commentary  |  1/24/2014  | 
"Chip and PIN" smartcard adoption in the United States is long overdue. But the security improvement wouldn't have stopped Targets BlackPOS malware attackers.
Internet Of Things & The Platform Of Parenthood
Commentary  |  6/23/2016  | 
A new fathers musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up.
How We Can Prevent Another Anthem Breach
Commentary  |  2/18/2015  | 
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
Should You Buy From Huawei?
Commentary  |  10/15/2012  | 
Congress says U.S. companies should not purchase products from Chinese firms Huawei and ZTE, citing national security concerns. I say Congress is dealing more in fear than facts.
Gmail Is Not A Privacy Problem
Commentary  |  8/14/2013  | 
Is there really informed consent among Gmail users? The real privacy issue is we're all getting by on a lot of trust.
How Diversity Can Bridge The Talent Gap
Commentary  |  8/18/2016  | 
Women and minorities in the security industry share some hard truths about the security industrys hiring traditions and practices.
What Government Can (And Cant) Do About Cybersecurity
Commentary  |  1/22/2015  | 
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
A Fathers Perspective On The Gender Gap In Cybersecurity
Commentary  |  9/30/2015  | 
There are multiple reasons for the dearth of women in infosec when the field is so rich with opportunity. The big question is what the industry is going to do about it.
Why China Wants Your Sensitive Data
Commentary  |  6/24/2015  | 
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
Looking For A Security Job? You Don't Need To Be Bo Derek
Commentary  |  10/30/2013  | 
7 tips to convince a hiring manager that you're a perfect fit.
Malware: More Hype Than Reality
Commentary  |  1/17/2014  | 
Sure, malware exists, but is it really as bad as the news suggests?
Security's #1 Problem: Economic Incentives
Commentary  |  9/25/2017  | 
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
Passwords & The Future Of Identity: Payment Networks?
Commentary  |  7/16/2014  | 
The solution to the omnipresent and enduring password problem may be closer than you think.
Whats Worse: Credit Card Or Identity Theft?
Commentary  |  4/9/2014  | 
When it comes to data loss, its time for the conversation to shift from credit cards to personal information like Social Security numbers, home addresses, and your favorite flavor of ice cream.
Google Drive: Hands-On Winner
Commentary  |  4/24/2012  | 
Google's new online storage service represents the natural evolution of Google Docs, and another transformation for the world of collaborative file management.
Infographic: Mobile Security Run Amok
Commentary  |  2/3/2014  | 
Where is your organization in the battle over mobile device management and security?
Healthcare Information Security: Still No Respect
Commentary  |  2/10/2014  | 
More than a decade after publication of HIPAAs security rule, healthcare information security officers still struggle to be heard.
Closing The Skills Gap Between Hackers & Defenders: 4 Steps
Commentary  |  8/11/2014  | 
Improvements in security education, budgets, tools, and methods will help our industry avoid more costly and dangerous attacks and data breaches in the future.
Why Russia Hacks
Commentary  |  1/23/2015  | 
Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.
It's Time To Address The Cybersecurity Gender Gap Before It's Too Late
Commentary  |  11/2/2016  | 
It will take years to substantively raise the percentage of women in cybersecurity, so the tech industry better start working at it now.
What Scares Me About Healthcare & Electric Power Security
Commentary  |  10/28/2014  | 
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
Weak Password Advice From Microsoft
Commentary  |  7/28/2014  | 
Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
How I Hacked My Home, IoT Style
Commentary  |  8/27/2014  | 
It didnt take long to find a score of vulnerabilities in my home entertainment, gaming, and network storage systems.
Apple Pay: A Necessary Push To Transform Consumer Payments
Commentary  |  9/11/2014  | 
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
Why Email Is Worth Saving
Commentary  |  9/12/2014  | 
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
Future Shock: The Internet of Compromised Things
Commentary  |  1/23/2014  | 
Its doubtful that the average consumer would be aware that his or her refrigerator was participating in a DDoS attack. Even fewer would have any idea how to stop it.
2013: Rest In Peace, Passwords
Commentary  |  12/10/2013  | 
In the future, we will look back on 2013 as the year two-factor authentication killed passwords.
2013: The Year Of Security Certification Bashing
Commentary  |  12/26/2013  | 
As security professionals argued among themselves about how useless certifications are, organizations that needed security services had no place to turn for good advice.
SOPA: Stop Grandstanding, Start Crafting An Alternative
Commentary  |  1/20/2012  | 
If Congress is so clueless about Internet dynamics, it's up to SOPA opponents to create a workable alternative for stopping online content piracy.
A Roadmap for CIOs & CSOs After the Year of the Mega Breach
Commentary  |  6/16/2014  | 
The journey starts with three steps: Engage the C-suite, think like a hacker, and look at the big picture.
Data Security Decisions In A World Without TrueCrypt
Commentary  |  6/18/2014  | 
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
Why Network Visibility Is Critical to Removing Security Blind Spots
Commentary  |  12/21/2017  | 
You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.
Privacy: Do We Need a National Data Breach Disclosure Law?
Commentary  |  3/27/2018  | 
Some say we need a more consistent approach, while others worry a national law might supersede and water down some state laws already on the books.
Security Analysts Are Only Human
Commentary  |  2/21/2019  | 
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
CIO Vs. CSO: Allies Or Enemies?
Commentary  |  4/14/2014  | 
In the wake of the Target breach it's clear that the CIO and CSO must have clear boundaries of responsibility and equal representation in the board room.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10287
PUBLISHED: 2020-07-15
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default cre...
CVE-2020-10288
PUBLISHED: 2020-07-15
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.
CVE-2020-15780
PUBLISHED: 2020-07-15
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
CVE-2019-17639
PUBLISHED: 2020-07-15
In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This...
CVE-2019-20908
PUBLISHED: 2020-07-15
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.