Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in October 2015
The Global CISO: Why U.S. Leaders Must Think Beyond Borders
Commentary  |  10/28/2015  | 
To compete for the top cybersecurity jobs on a world stage, home-grown CISOs need to take a more international approach to professional development.
Youve Been Attacked. Now What?
Commentary  |  10/23/2015  | 
The five steps you take in the first 48 hours after a breach will go a long way towards minimizing your organizations exposure and liability.
Machine Learning Is Cybersecuritys Latest Pipe Dream
Commentary  |  10/29/2015  | 
Rather than waste money on the unproven promises of ML and AI, invest in your experts, and in tools that enhance their ability to search for and identify components of a new attack.
Youre Doing BYOD Wrong: These Numbers Prove It
Partner Perspectives  |  10/5/2015  | 
Almost 40% of users who connect personal mobile devices to corporate networks have no lock-screen mechanism set in place.
Cybersecurity Insurance: 4 Practical Considerations
Commentary  |  10/12/2015  | 
There can't be reliable cybersecurity insurance until companies can identify who is responsible for the continuous exploitation of stolen data, long-lasting attacks, and hardly-detectable APTs.
Why DevOps Fails At Application Security
Commentary  |  10/13/2015  | 
In a recent survey of developers, nearly half of respondents admit to releasing applications with known vulnerabilities at least 80 percent of the time.
Bad News is Good News For Security Budgets But Not Skills
Commentary  |  10/27/2015  | 
Cybersecurity is finally getting the attention and dollars it deserves from the C-Suite. The challenge now is finding the talent to take full advantage of these technology investments.
Automating Breach Detection For The Way Security Professionals Think
Commentary  |  10/1/2015  | 
The missing ingredient in making a real difference in the cumbersome process of evaluating a flood of alerts versus a small, actionable number is context.
The Evolution Of Malware
Commentary  |  10/2/2015  | 
Like the poor in the famous Biblical verse, malware will always be with us. Heres a 33-year history from Elk Cloner to Cryptolocker. What will be next?
Chipping Away At Credit Card Fraud With EMV
Commentary  |  10/8/2015  | 
As of October 1, so-called chip-and-pin technology is now the law of the land for electronic payments in the US. But its not the silver bullet that will instantly stop all cybercrime.
Jailbreaking Mobile Devices: Thats Not The Real Problem
Commentary  |  10/9/2015  | 
Despite what mobile operating system vendors say, its the OS flaws that put everyone at risk.
The Internet of Things: Its All About Trust
Commentary  |  10/16/2015  | 
As billions of devices come online, it will be critical to protect the keys and certificates we use for authentication, validation, and privileged access control.
Next On Dark Reading Radio: Endpoint Security Transformed
Commentary  |  10/19/2015  | 
Modern endpoint security technology is all about focusing on the client as both patient 0 and as a treasure trove of attack forensics intelligence.
Building A Winning Security Team From The Top Down
Commentary  |  10/20/2015  | 
Dropbox security chief Patrick Heim dishes about the need for strong industry leaders, the 'unique' cybersecurity personality and why successful organizations need 'cupcake.'
To Find The Needle, Chop Down the Haystack: 5 Steps For Effective Threat Monitoring
Commentary  |  10/22/2015  | 
Would bank security screen everyone entering the building then leave the vault door open with no one watching the money? Of course not!
New Technology Won't Remove Endpoint From The Bullseye
Commentary  |  10/22/2015  | 
Dark Reading Radio guests from endpoint security vendor Tanium and Intel Security/McAfee may have different product views, but they concur on the problems plaguing end user machines.
Endpoint Security: Putting The Focus On What Matters
Partner Perspectives  |  10/29/2015  | 
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program.
The Dawn of Lights-Out Security
Commentary  |  10/30/2015  | 
In the future, the role of humans will focus on the architecture, design and automation of security, not in the actual testing or operational management.


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3633
PUBLISHED: 2021-02-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-20203
PUBLISHED: 2021-02-25
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS s...
CVE-2021-3406
PUBLISHED: 2021-02-25
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
CVE-2021-20327
PUBLISHED: 2021-02-25
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node....
CVE-2021-20328
PUBLISHED: 2021-02-25
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in inte...