Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in March 2013
On Security Awareness Training
Commentary  |  3/19/2013  | 
The focus on training obscures the failures of security design
Managing The Local Admin Password Headache
Commentary  |  3/15/2013  | 
Forcing and managing unique passwords on Windows systems in an enterprise network can be challenging, but many tools are out there to help
The Great Lie Of Compliance
Commentary  |  3/6/2013  | 
If you believe you are fully compliant, then you are not
Password Police Cite Evernote Mistakes
Commentary  |  3/7/2013  | 
Evernote used the wrong security method to store passwords, cryptography experts say. Unfortunately, it's a common error.
Kill Passwords: Hassle-Free Substitute Wanted
Commentary  |  3/1/2013  | 
Passwords keep proliferating, but do new technologies and approaches offer an alternative? Maybe.
Defending Local Administrator Accounts
Commentary  |  3/1/2013  | 
One compromised desktop is all is usually takes for complete network ownership by an attacker; local admin accounts are often the mechanism for that escalation
Arguments Against Security Awareness Are Shortsighted
Commentary  |  3/25/2013  | 
A counterpoint to Bruce Schneier's recent post on security awareness training for users
Got Attitude?
Commentary  |  3/31/2013  | 
Attack attitude: Does China really not care about attribution?
Defending Local Admin Against Physical Attacks
Commentary  |  3/13/2013  | 
Physical access usually spells game over, but protections can be put in place to help defend against local boot attacks
Spamhaus DDoS Attacks: What Business Should Learn
Commentary  |  3/28/2013  | 
What should your company take away from this week's attacks? Lock down unsecured DNS repeaters being exploited by attackers and prep DDoS response plans.
Cisco Reports Some IOS Passwords Weakly Hashed
Commentary  |  3/20/2013  | 
Type 4 plain-text user passwords on Cisco IOS and Cisco IOS XE devices are hashed not according to spec, but with no salt and just one SHA-256 iteration. Working around the problem can be clumsy
Database Security Restart
Commentary  |  3/25/2013  | 
How to restart your database security program
Putting Out Fires With Gasoline
Commentary  |  3/25/2013  | 
Spending for security and identity products is going up, but here is a sobering thought that should give you pause--our solutions may be part of the problem


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3633
PUBLISHED: 2021-02-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-20203
PUBLISHED: 2021-02-25
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS s...
CVE-2021-3406
PUBLISHED: 2021-02-25
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
CVE-2021-20327
PUBLISHED: 2021-02-25
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node....
CVE-2021-20328
PUBLISHED: 2021-02-25
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in inte...