Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in December 2014
Time To Rethink Patching Strategies
Commentary  |  12/19/2014  | 
In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset.
Security News No One Saw Coming In 2014
Commentary  |  12/22/2014  | 
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
Moving Beyond 2-Factor Authentication With Context
Commentary  |  12/5/2014  | 
2FA isnt cheap or infallible -- in more ways than two.
Poll: The Perimeter Has Shattered!
Commentary  |  12/8/2014  | 
The traditional corporate network perimeter is not dead, but its amorphous shape is something new and indescribable.
4 Infosec Resolutions For The New Year
Commentary  |  12/30/2014  | 
Dont look in the crystal ball, look in the mirror to protect data and defend against threats in 2015.
How PCI DSS 3.0 Can Help Stop Data Breaches
Commentary  |  12/23/2014  | 
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Commentary  |  12/10/2014  | 
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
Internet Of Things: 3 Holiday Gifts That Will Keep CISOs Up At Night
Commentary  |  12/9/2014  | 
If you think BYOD policies will protect your infrastructure from the January influx of mobile hotspots, fitness trackers, and Bluetooth, think again.
5 Pitfalls to Avoid When Running Your SOC
Commentary  |  12/18/2014  | 
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
Why Digital Forensics In Incident Response Matters More Now
Commentary  |  12/24/2014  | 
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
Dear Cyber Criminals: Were Not Letting Our Guard Down in 2015
Commentary  |  12/31/2014  | 
Next year, youll keep exploiting vulnerabilities, and well make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
A 2014 Lookback: Predictions vs. Reality
Commentary  |  12/29/2014  | 
It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.
The Case for Compelling Executive Dashboards
Partner Perspectives  |  12/2/2014  | 
How to make security relevant upstairs in the C-suites.
Open Source Encryption Must Get Smarter
Commentary  |  12/8/2014  | 
When it comes to cryptography, there are quite a few myths in the age-old debate about proprietary versus open source application security.
Why Regin Malware Changes Threatscape Economics
Commentary  |  12/4/2014  | 
Never before have attackers been able to deploy a common malware platform and configure it as necessary with low-cost, quick-turnaround business logic apps.
Dark Reading Radio: How To Become A CISO
Commentary  |  12/15/2014  | 
Find out what employers are really looking for in a chief information security officer.
Cyber Security Practices Insurance Underwriters Demand
Commentary  |  12/11/2014  | 
Insurance underwriters arent looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks.
Securing the Internet of Things
Partner Perspectives  |  12/11/2014  | 
Factors specific to IoT devices make them a unique security risk.
Shadow IT: Not The Risk You Think
Commentary  |  12/12/2014  | 
Enterprise cloud services such as Box, Office 365, Salesforce, and Google Apps can make a better case for being called sanctioned than many legacy, on-premises, IT-provisioned applications.
The New Target for State-Sponsored Cyber Attacks: Applications
Commentary  |  12/17/2014  | 
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
2014: The Year of Shaken Trust
Partner Perspectives  |  12/9/2014  | 
We can rebuild that trust.
How Startups Can Jumpstart Security Innovation
Commentary  |  12/3/2014  | 
One of the best places for CISOs to turn for a cutting-edge cyber security strategy is the burgeoning world of startups. Heres how to find them.
Breaking the Code: The Role of Visualization in Security Research
Commentary  |  12/1/2014  | 
In todays interconnected, data rich IT environments, passive inspection of information is not enough.
Leveraging The Kill Chain For Awesome
Commentary  |  12/2/2014  | 
There are good reasons the Kill Chain is being used by some of the most successful information security teams around. Here are three.
The Internet's Winter Of Discontent
Commentary  |  12/19/2014  | 
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the worlds connected economy is that the hits just keep on coming.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.
CVE-2020-24119
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
CVE-2020-27833
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...