Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Latest Most Commented Content
<<   <   Page 2 / 2
DDoS And The Internet's Liability Problem
Commentary  |  11/18/2015  | 
It's past time for an improved liability model to disrupt DDoS.
Time To Broaden CompSci Curriculum Beyond STEM
Commentary  |  8/13/2014  | 
Having a visual arts background may not be the traditional path for a career in infosec, but its a skill that makes me no less effective in analyzing malware patterns -- and often faster.
Has Security Ops Outlived Its Purpose?
Commentary  |  3/13/2015  | 
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
Deconstructing The Sony Hack: What I Know From Inside The Military
Commentary  |  1/6/2015  | 
Don't get caught up in the guessing game on attribution. The critical task is to understand the threat data and threat actor tactics to ensure you are not vulnerable to the same attack.
Talking Cyber-Risk with Executives
Partner Perspectives  |  6/23/2017  | 
Explaining risk can be difficult since CISOs and execs dont speak the same language. The key is to tailor your message for the audience.
It's Time To Address The Cybersecurity Gender Gap Before It's Too Late
Commentary  |  11/2/2016  | 
It will take years to substantively raise the percentage of women in cybersecurity, so the tech industry better start working at it now.
Preparing For The Future Of Online Threats
Commentary  |  11/14/2016  | 
Gaze into the crystal balls of a panel of forward-thinking security experts during Dark Readings virtual event Nov. 15.
Threat Intelligence Sharing: The New Normal?
Commentary  |  6/23/2017  | 
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Commentary  |  8/24/2017  | 
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
Time To Rethink Patching Strategies
Commentary  |  12/19/2014  | 
In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset.
Why Cyber Security Starts At Home
Commentary  |  11/17/2014  | 
Even the grandmas on Facebook need to know and practice basic security hygiene, because what happens anywhere on the Internet can eventually affect us all.
Cyber Security Needs Its Ralph Nader
Commentary  |  11/24/2014  | 
It took thousands of unnecessary traffic fatalities to create an environment for radical transformation of the auto industry. What will it take for a similar change to occur in data security?
Internet of Things: 4 Security Tips From The Military
Commentary  |  7/25/2014  | 
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. Its time to take a page from their battle plan.
Celeb Hack: Is Apple Telling All It Knows?
Commentary  |  9/3/2014  | 
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? Youre darn tootin'!
The New Security Architecture
Commentary  |  11/20/2013  | 
Recent high profile attacks reflect a new reality in which perimeter-based security models are increasingly less effective in protecting key corporate assets and information.
The State of IT Security: Its Broken
Commentary  |  12/16/2013  | 
Its time to move past the hyperbole of next-gen security and look to new approaches that show enterprises how to understand and assess their unique risks.
Flying Naked: Why Most Web Apps Leave You Defenseless
Commentary  |  3/28/2014  | 
Even the best-funded and "mature" corporate AppSec programs aren't testing all their web applications and services. That leaves many applications with no real security in place.
Cloud & The Fuzzy Math of Shadow IT
Commentary  |  7/10/2014  | 
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
NSAs Big Surprise: Govt Agency Is Actually Doing Its Job
Commentary  |  4/4/2014  | 
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
Why Threat Intelligence Is Like Teenage Sex
Commentary  |  5/7/2014  | 
Everyone thinks everyone else is doing it, and most of the few people who are actually doing it aren't doing it all that well.
Application Security: We Still Have A Long Way To Go
Commentary  |  11/21/2013  | 
The past decade shows only trivial progress in improving web app security, according to new vulnerability guidelines in the OWASP Top Ten 2013.
Be Careful Beating Up Target
Commentary  |  4/1/2014  | 
Target was actually better prepared than most retailers. The real problem lies with the current state of industry threat intelligence and IR practices.
Yes, In The Internet Of Everything, Things Will Have Passwords
Commentary  |  12/20/2013  | 
Things would have no problem remembering passwords like "[email protected]" But even for things, passwords are less than ideal.
Target Breach: 5 Unanswered Security Questions
Commentary  |  1/22/2014  | 
Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers.
Google Wardriving: How Engineering Trumped Privacy
Commentary  |  5/1/2012  | 
Blame the Street View data collection practices on a "more is more" engineering mindset. And rethink your notions about privacy for unencrypted Wi-Fi data.
5 Myths: Why We Are All Data Security Risks
Commentary  |  9/15/2014  | 
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
Phishing: What Once Was Old Is New Again
Commentary  |  7/30/2014  | 
I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!
Why John McAfee Is Paranoid About Mobile
Commentary  |  8/19/2014  | 
Mobile apps are posing expanding risks to both enterprises and their customers. But maybe being paranoid about mobile is actually healthy for security.
Can We Talk? Finding A Common Security Language
Commentary  |  9/29/2014  | 
How engineers can get beyond the crippling vocabulary and semantic barrier of infosec and actually communicate about cyber risk with bosses and business colleagues.
Could The Sony Attacks Happen Again? Join The Conversation
Commentary  |  1/21/2015  | 
Check out Dark Reading Radio's interview and live chat with CrowdStrike founder and CEO George Kurtz and Shape Security executive Neal Mueller.
The Global CISO: Why U.S. Leaders Must Think Beyond Borders
Commentary  |  10/28/2015  | 
To compete for the top cybersecurity jobs on a world stage, home-grown CISOs need to take a more international approach to professional development.
Tell DR: What Are Your Biggest Unanswered Security Questions?
Commentary  |  3/19/2016  | 
Fill us in, Dark Reading community. What challenges and mysteries leave you scratching your heads and throwing up your hands?
The Problem With Patching: 7 Top Complaints
Commentary  |  4/22/2016  | 
Is your security team suffering from patching fatigue? Check out these tips and eliminate critical vulnerabilities in your IT environment.
Malvertising Trends: Dont Talk Ad Standards Without Ad Security
Commentary  |  10/19/2016  | 
How malvertising marries the strengths and weaknesses of the complex digital advertising ecosystem perfectly and what online publishers and security leaders need to do about it.
How To Stay Safe On The Black Hat Network: Dont Connect To It
Commentary  |  7/28/2016  | 
Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and theres no better place to do it than Black Hat.
Snowden: Hollywood Highlights 2 Persistent Privacy Threats
Commentary  |  9/22/2016  | 
Oliver Stones movie shows us that while most of us have nothing to hide, we all have information worth protecting both technically and constitutionally.
Security Lessons From My Doctor
Commentary  |  2/25/2016  | 
Why its hard to change risky habits like weak passwords and heavy smoking, even when advice is clear.
Phishing Your Employees for Schooling & Security
Commentary  |  3/22/2017  | 
Your education program isn't complete until you test your users with fake phishing emails.
Cyber Threat Analysis: A Call for Clarity
Commentary  |  5/22/2015  | 
The general public deserves less hyperbole and more straight talk
Security News No One Saw Coming In 2014
Commentary  |  12/22/2014  | 
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
Deconstructing The Cyber Kill Chain
Commentary  |  11/18/2014  | 
As sexy as it is, the Cyber Kill Chain model can actually be detrimental to network security because it reinforces old-school, perimeter-focused, malware-prevention thinking.
Moving Beyond 2-Factor Authentication With Context
Commentary  |  12/5/2014  | 
2FA isnt cheap or infallible -- in more ways than two.
How The Skills Shortage Is Killing Defense in Depth
Commentary  |  1/30/2015  | 
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely looks nifty, but I dont have the staff to deploy it.
Does Hollywood Have The Answer To The Security Skills Question?
Commentary  |  3/6/2015  | 
The Oscar-winning biopic about famed WWII cryptanalyst Alan Turing -- the father of modern computing -- was long overdue. But a lot more needs to be done to inspire the next generation of computer scientists.
Second Look: Data Security In A Hybrid Cloud
Commentary  |  3/9/2015  | 
Todays big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
Infographic: The Many Faces of Todays Hackers
Commentary  |  10/29/2014  | 
How many of these hacker personas are you dueling with in your organization?
Workplace Privacy: Big Brother Is Watching
Commentary  |  11/4/2014  | 
Companies may have the right to monitor employees who are checking their bank balances or shopping online on corporate networks. The real question is, should they?
In Defense Of Passwords
Commentary  |  9/16/2014  | 
Long live the password (as long as you use it correctly along with something else).
Data Breach Notifications: Time For Tough Love
Commentary  |  2/7/2014  | 
Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.
Spamhaus Shows What's Next For Block Listing
Commentary  |  11/22/2013  | 
The broad, silent acceptance of a recent Spamhaus blocking action is a strong indicator that the rules have changed in the battle over spam and other kinds of email abuse.
<<   <   Page 2 / 2


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23534
PUBLISHED: 2021-02-25
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter.
CVE-2021-27330
PUBLISHED: 2021-02-25
Triconsole Datepicker Calendar &lt;3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
CVE-2021-3124
PUBLISHED: 2021-02-25
Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.
CVE-2021-21064
PUBLISHED: 2021-02-25
Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which...
CVE-2021-21065
PUBLISHED: 2021-02-25
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.