Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Latest Most Commented Content
Page 1 / 2   >   >>
Name That Cartoon: Luck O' The Irish
Commentary  |  3/3/2014  | 
We provide the cartoon. You write the caption. Maybe you'll win a prize.
Name That Toon, Win a Prize
Commentary  |  12/11/2013  | 
WiIl Millennials Be The Death Of Data Security?
Commentary  |  1/27/2015  | 
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
The Problem With Two-Factor Authentication
Commentary  |  2/4/2014  | 
The failure of corporate security strategies to protect personal identity information from hackers resides more with system architecture than with authentication technology. Here's why.
Why Social Media Sites Are The New Cyber Weapons Of Choice
Commentary  |  9/6/2016  | 
Facebook, LinkedIn, and Twitter cant secure their own environments, let alone yours. Its time to sharpen your security acumen.
Google's Privacy Invasion: It's Your Fault
Commentary  |  2/17/2012  | 
If we really wanted privacy, we would turn off JavaScript, block ads, and browse in privacy mode through an anonymous proxy. But we would rather have free services.
Top 5 Reasons Your Small Business Website is Under Attack
Commentary  |  8/26/2014  | 
There is no such thing as too small to hack. If a business has a website, hackers can exploit it.
Who Cares Whos Behind A Data Breach?
Commentary  |  2/20/2015  | 
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
Active Directory Is Dead: 3 Reasons
Commentary  |  4/15/2014  | 
These days, Active Directory smells gangrenous to innovative companies born in the cloud and connecting customers, employees, and partners across devices at light speed.
How I Would Hack Your Network (If I Woke Up Evil)
Commentary  |  1/26/2017  | 
How would an attacker target your company? Here's a first-person account of what might happen.
Data Security: 4 Questions For Road Warriors
Commentary  |  1/28/2014  | 
Traveling with electronic gear containing sensitive data carries a greater security risk today than ever before.
Shellshocked: A Future Of Hair On Fire Bugs
Commentary  |  9/26/2014  | 
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
Why Are Security Pros Blas About Compliance?
Commentary  |  8/29/2014  | 
A survey of 500 IT and security decision makers in the UK and US shows that a majority are in the dark about regulatory requirements for their business organization.
How A Little Obscurity Can Bolster Security
Commentary  |  4/17/2014  | 
Most security professionals deride the idea of "security by obscurity." Is it time to re-evaluate the conventional wisdom?
Target Mocks, Not Helps, Its Data Breach Victims
Commentary  |  1/22/2014  | 
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Target Breach: Why Smartcards Wont Stop Hackers
Commentary  |  1/24/2014  | 
"Chip and PIN" smartcard adoption in the United States is long overdue. But the security improvement wouldn't have stopped Targets BlackPOS malware attackers.
Internet Of Things & The Platform Of Parenthood
Commentary  |  6/23/2016  | 
A new fathers musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up.
How We Can Prevent Another Anthem Breach
Commentary  |  2/18/2015  | 
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
Should You Buy From Huawei?
Commentary  |  10/15/2012  | 
Congress says U.S. companies should not purchase products from Chinese firms Huawei and ZTE, citing national security concerns. I say Congress is dealing more in fear than facts.
Gmail Is Not A Privacy Problem
Commentary  |  8/14/2013  | 
Is there really informed consent among Gmail users? The real privacy issue is we're all getting by on a lot of trust.
How Diversity Can Bridge The Talent Gap
Commentary  |  8/18/2016  | 
Women and minorities in the security industry share some hard truths about the security industrys hiring traditions and practices.
What Government Can (And Cant) Do About Cybersecurity
Commentary  |  1/22/2015  | 
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
A Fathers Perspective On The Gender Gap In Cybersecurity
Commentary  |  9/30/2015  | 
There are multiple reasons for the dearth of women in infosec when the field is so rich with opportunity. The big question is what the industry is going to do about it.
Why China Wants Your Sensitive Data
Commentary  |  6/24/2015  | 
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
Looking For A Security Job? You Don't Need To Be Bo Derek
Commentary  |  10/30/2013  | 
7 tips to convince a hiring manager that you're a perfect fit.
Malware: More Hype Than Reality
Commentary  |  1/17/2014  | 
Sure, malware exists, but is it really as bad as the news suggests?
Security's #1 Problem: Economic Incentives
Commentary  |  9/25/2017  | 
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
Passwords & The Future Of Identity: Payment Networks?
Commentary  |  7/16/2014  | 
The solution to the omnipresent and enduring password problem may be closer than you think.
Whats Worse: Credit Card Or Identity Theft?
Commentary  |  4/9/2014  | 
When it comes to data loss, its time for the conversation to shift from credit cards to personal information like Social Security numbers, home addresses, and your favorite flavor of ice cream.
Google Drive: Hands-On Winner
Commentary  |  4/24/2012  | 
Google's new online storage service represents the natural evolution of Google Docs, and another transformation for the world of collaborative file management.
Infographic: Mobile Security Run Amok
Commentary  |  2/3/2014  | 
Where is your organization in the battle over mobile device management and security?
Healthcare Information Security: Still No Respect
Commentary  |  2/10/2014  | 
More than a decade after publication of HIPAAs security rule, healthcare information security officers still struggle to be heard.
Closing The Skills Gap Between Hackers & Defenders: 4 Steps
Commentary  |  8/11/2014  | 
Improvements in security education, budgets, tools, and methods will help our industry avoid more costly and dangerous attacks and data breaches in the future.
Why Russia Hacks
Commentary  |  1/23/2015  | 
Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.
It's Time To Address The Cybersecurity Gender Gap Before It's Too Late
Commentary  |  11/2/2016  | 
It will take years to substantively raise the percentage of women in cybersecurity, so the tech industry better start working at it now.
What Scares Me About Healthcare & Electric Power Security
Commentary  |  10/28/2014  | 
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
Weak Password Advice From Microsoft
Commentary  |  7/28/2014  | 
Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
How I Hacked My Home, IoT Style
Commentary  |  8/27/2014  | 
It didnt take long to find a score of vulnerabilities in my home entertainment, gaming, and network storage systems.
Apple Pay: A Necessary Push To Transform Consumer Payments
Commentary  |  9/11/2014  | 
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
Why Email Is Worth Saving
Commentary  |  9/12/2014  | 
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
Future Shock: The Internet of Compromised Things
Commentary  |  1/23/2014  | 
Its doubtful that the average consumer would be aware that his or her refrigerator was participating in a DDoS attack. Even fewer would have any idea how to stop it.
2013: Rest In Peace, Passwords
Commentary  |  12/10/2013  | 
In the future, we will look back on 2013 as the year two-factor authentication killed passwords.
2013: The Year Of Security Certification Bashing
Commentary  |  12/26/2013  | 
As security professionals argued among themselves about how useless certifications are, organizations that needed security services had no place to turn for good advice.
SOPA: Stop Grandstanding, Start Crafting An Alternative
Commentary  |  1/20/2012  | 
If Congress is so clueless about Internet dynamics, it's up to SOPA opponents to create a workable alternative for stopping online content piracy.
A Roadmap for CIOs & CSOs After the Year of the Mega Breach
Commentary  |  6/16/2014  | 
The journey starts with three steps: Engage the C-suite, think like a hacker, and look at the big picture.
Data Security Decisions In A World Without TrueCrypt
Commentary  |  6/18/2014  | 
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
Why Network Visibility Is Critical to Removing Security Blind Spots
Commentary  |  12/21/2017  | 
You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.
Privacy: Do We Need a National Data Breach Disclosure Law?
Commentary  |  3/27/2018  | 
Some say we need a more consistent approach, while others worry a national law might supersede and water down some state laws already on the books.
Security Analysts Are Only Human
Commentary  |  2/21/2019  | 
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
CIO Vs. CSO: Allies Or Enemies?
Commentary  |  4/14/2014  | 
In the wake of the Target breach it's clear that the CIO and CSO must have clear boundaries of responsibility and equal representation in the board room.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12777
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVE-2020-12778
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE-2020-12779
PUBLISHED: 2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVE-2020-12780
PUBLISHED: 2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVE-2020-12781
PUBLISHED: 2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.