Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in December 2014
Time To Rethink Patching Strategies
Commentary  |  12/19/2014  | 
In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset.
Security News No One Saw Coming In 2014
Commentary  |  12/22/2014  | 
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
Moving Beyond 2-Factor Authentication With Context
Commentary  |  12/5/2014  | 
2FA isnt cheap or infallible -- in more ways than two.
Poll: The Perimeter Has Shattered!
Commentary  |  12/8/2014  | 
The traditional corporate network perimeter is not dead, but its amorphous shape is something new and indescribable.
4 Infosec Resolutions For The New Year
Commentary  |  12/30/2014  | 
Dont look in the crystal ball, look in the mirror to protect data and defend against threats in 2015.
How PCI DSS 3.0 Can Help Stop Data Breaches
Commentary  |  12/23/2014  | 
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Commentary  |  12/10/2014  | 
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
Internet Of Things: 3 Holiday Gifts That Will Keep CISOs Up At Night
Commentary  |  12/9/2014  | 
If you think BYOD policies will protect your infrastructure from the January influx of mobile hotspots, fitness trackers, and Bluetooth, think again.
5 Pitfalls to Avoid When Running Your SOC
Commentary  |  12/18/2014  | 
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
Why Digital Forensics In Incident Response Matters More Now
Commentary  |  12/24/2014  | 
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
Dear Cyber Criminals: Were Not Letting Our Guard Down in 2015
Commentary  |  12/31/2014  | 
Next year, youll keep exploiting vulnerabilities, and well make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
A 2014 Lookback: Predictions vs. Reality
Commentary  |  12/29/2014  | 
It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.
The Case for Compelling Executive Dashboards
Partner Perspectives  |  12/2/2014  | 
How to make security relevant upstairs in the C-suites.
Open Source Encryption Must Get Smarter
Commentary  |  12/8/2014  | 
When it comes to cryptography, there are quite a few myths in the age-old debate about proprietary versus open source application security.
Why Regin Malware Changes Threatscape Economics
Commentary  |  12/4/2014  | 
Never before have attackers been able to deploy a common malware platform and configure it as necessary with low-cost, quick-turnaround business logic apps.
Dark Reading Radio: How To Become A CISO
Commentary  |  12/15/2014  | 
Find out what employers are really looking for in a chief information security officer.
Cyber Security Practices Insurance Underwriters Demand
Commentary  |  12/11/2014  | 
Insurance underwriters arent looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks.
Securing the Internet of Things
Partner Perspectives  |  12/11/2014  | 
Factors specific to IoT devices make them a unique security risk.
Shadow IT: Not The Risk You Think
Commentary  |  12/12/2014  | 
Enterprise cloud services such as Box, Office 365, Salesforce, and Google Apps can make a better case for being called sanctioned than many legacy, on-premises, IT-provisioned applications.
The New Target for State-Sponsored Cyber Attacks: Applications
Commentary  |  12/17/2014  | 
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
2014: The Year of Shaken Trust
Partner Perspectives  |  12/9/2014  | 
We can rebuild that trust.
How Startups Can Jumpstart Security Innovation
Commentary  |  12/3/2014  | 
One of the best places for CISOs to turn for a cutting-edge cyber security strategy is the burgeoning world of startups. Heres how to find them.
Breaking the Code: The Role of Visualization in Security Research
Commentary  |  12/1/2014  | 
In todays interconnected, data rich IT environments, passive inspection of information is not enough.
Leveraging The Kill Chain For Awesome
Commentary  |  12/2/2014  | 
There are good reasons the Kill Chain is being used by some of the most successful information security teams around. Here are three.
The Internet's Winter Of Discontent
Commentary  |  12/19/2014  | 
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the worlds connected economy is that the hits just keep on coming.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.