Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in February 2019
Security Analysts Are Only Human
Commentary  |  2/21/2019  | 
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
Why Cybersecurity Burnout Is Real (and What to Do About It)
Commentary  |  2/21/2019  | 
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
IoT Security's Coming of Age Is Overdue
Commentary  |  2/4/2019  | 
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.
Making the Case for a Cybersecurity Moon Shot
Commentary  |  2/19/2019  | 
There are severe and unsolved problems in our industry that justify a sustained effort and substantial investment. It's worth picking one.
Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service
Commentary  |  2/6/2019  | 
How much do companies really gain from offloading security duties to the cloud? Let's do the math.
Taming the Wild, West World of Security Product Testing
Commentary  |  2/5/2019  | 
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
The Anatomy of a Lazy Phish
Commentary  |  2/20/2019  | 
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
When 911 Goes Down: Why Voice Network Security Must Be a Priority
Commentary  |  2/7/2019  | 
When there's a DDoS attack against your voice network, are you ready to fight against it?
Cybersecurity and the Human Element: We're All Fallible
Commentary  |  2/12/2019  | 
We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.
Diversity Is Vital to Advance Security
Commentary  |  2/14/2019  | 
Meet five female security experts who are helping to propel our industry forward.
What the Government Shutdown Teaches Us about Cybersecurity
Commentary  |  2/11/2019  | 
As lawmakers face a Friday deadline to prevent the federal government from closing a second time, we examine the cost to the digital domain, both public and private.
Privacy Ops: The New Nexus for CISOs & DPOs
Commentary  |  2/18/2019  | 
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
4 Practical Questions to Ask Before Investing in AI
Commentary  |  2/6/2019  | 
A pragmatic, risk-based approach can help CISOs plan for an efficient, effective, and economically sound implementation of AI for cybersecurity.
9 Years After: From Operation Aurora to Zero Trust
Commentary  |  2/20/2019  | 
How the first documented nation-state cyberattack is changing security today.
Solving Security: Repetition or Redundancy?
Commentary  |  2/28/2019  | 
To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27184
PUBLISHED: 2021-05-14
The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks.
CVE-2020-27185
PUBLISHED: 2021-05-14
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.
CVE-2021-32613
PUBLISHED: 2021-05-14
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.
CVE-2021-24192
PUBLISHED: 2021-05-14
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers insta...
CVE-2021-24193
PUBLISHED: 2021-05-14
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, wh...