Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in November 2017
3 Ways to Retain Security Operations Staff
Commentary  |  11/20/2017  | 
Finding skilled security analysts is hard enough. Once you do, you'll need to fight to keep them working for you. These tips can help.
5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency
Partner Perspectives  |  11/2/2017  | 
With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.
Hiring Outside the Box in Cybersecurity
Commentary  |  11/7/2017  | 
Candidates without years of experience can still be great hires, as long as they are ready, willing, and able.
What the NFL Teaches Us about Fostering a Champion Security Team
Commentary  |  11/14/2017  | 
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
We're Still Not Ready for GDPR? What is Wrong With Us?
Commentary  |  11/17/2017  | 
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
Forget APTs: Let's Talk about Advanced Persistent Infrastructure
Commentary  |  11/16/2017  | 
Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.
'Reaper': The Professional Bot Herders Thingbot
Partner Perspectives  |  11/16/2017  | 
Is it malicious? So far it's hard to tell. For now it's a giant blinking red light in security researchers faces warning us that wed better figure out how to secure the Internet of Things.
Deception Technology: Prevention Reimagined
Commentary  |  11/15/2017  | 
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
When Ransomware Strikes: 7 Steps You Can Take Now to Prepare
Commentary  |  11/6/2017  | 
Ransomware is still on the rise. These operational tips can help lessen the blow if you're hit.
How Law Firms Can Make Information Security a Higher Priority
Commentary  |  11/8/2017  | 
Lawyers always have been responsible for protecting their clients' information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.
Cyber Forensics: The Next Frontier in Cybersecurity
Commentary  |  11/27/2017  | 
We can now recover evidence from the RAM on a cellphone, even if the account is locked, and use it to prosecute a case.
The Looming War of Good AI vs. Bad AI
Commentary  |  11/28/2017  | 
The rise of artificial intelligence, machine learning, hivenets, and next-generation morphic malware is leading to an arms race that enterprises must prepare for now.
Why Security Depends on Usability -- and How to Achieve Both
Commentary  |  11/29/2017  | 
Any initiative that reduces usability will have consequences that make security less effective.
Time to Pull an Uber and Disclose Your Data Breach Now
Commentary  |  11/22/2017  | 
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3633
PUBLISHED: 2021-02-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-20203
PUBLISHED: 2021-02-25
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS s...
CVE-2021-3406
PUBLISHED: 2021-02-25
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
CVE-2021-20327
PUBLISHED: 2021-02-25
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node....
CVE-2021-20328
PUBLISHED: 2021-02-25
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in inte...