Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in March 2015
Has Security Ops Outlived Its Purpose?
Commentary  |  3/13/2015  | 
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
Does Hollywood Have The Answer To The Security Skills Question?
Commentary  |  3/6/2015  | 
The Oscar-winning biopic about famed WWII cryptanalyst Alan Turing -- the father of modern computing -- was long overdue. But a lot more needs to be done to inspire the next generation of computer scientists.
Second Look: Data Security In A Hybrid Cloud
Commentary  |  3/9/2015  | 
Todays big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
Educating The Cyberwarriors Of The Future
Commentary  |  3/24/2015  | 
If I have to choose between hiring a university-educated CompSci grad or an IT specialist strong in sysadmin, networking or programming, I will pick the IT specialist every time.
Cyber Hunting: 5 Tips To Bag Your Prey
Commentary  |  3/26/2015  | 
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
Why Security Awareness Alone Wont Stop Hackers
Commentary  |  3/2/2015  | 
End-user training is a noble pursuit but its no defense against low and slow attacks that take months and years to carry out.
The Clinton Email Kerfuffle & Shadow IT
Commentary  |  3/20/2015  | 
For security pros the issue is not government transparency. It's the fact that users, regardless of seniority, will always pick convenience over security.
Context: Finding The Story Inside Your Security Operations Program
Commentary  |  3/23/2015  | 
Whats missing in todays chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
A Building Code For Internet of Things Security, Privacy
Commentary  |  3/4/2015  | 
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
6 Ways The Sony Hack Changes Everything
Commentary  |  3/11/2015  | 
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Commentary  |  3/31/2015  | 
Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Heres proof.
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Commentary  |  3/19/2015  | 
Keeping tabs on open source code used in your organizations applications and infrastructure is daunting, especially if you are relying solely on manual methods.
CryptoWall Makes a Comeback via Malicious Help Files
Partner Perspectives  |  3/9/2015  | 
Hackers use .chm attachments to execute malware on unsuspecting users.
No Silver Bullets for Security
Partner Perspectives  |  3/2/2015  | 
A quick-fix security solution for cyberphysical systems doesnt exist.
Dark Reading Radio: Security Pros At Risk Of Being Criminalized
Commentary  |  3/16/2015  | 
ICYMI: Check out Dark Reading Radio's recent broadcast and discussion about the pitfalls of new government efforts to fight bad hackers that could ultimately hurt the good guys.
5 Things CISOs Can Learn From The Best GMs In Baseball
Commentary  |  3/10/2015  | 
A MLB team has many goals and objectives: to win, be profitable, have a solid strategy and understand the people whom they serve. Sound familiar?
Which Apps Should You Secure First? Wrong Question.
Commentary  |  3/5/2015  | 
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Commentary  |  3/2/2015  | 
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.
Raising the Stakes: When Software Attacks Hardware
Partner Perspectives  |  3/11/2015  | 
Beware the risks of cyberattacks on your computer hardware.
The End of Pen Testing As We Know It?
Commentary  |  3/17/2015  | 
It's time to expand the scope of penetration tests beyond the periphery of the enterprise network.
7 Deadly Sins Of Security Policy Change Management
Commentary  |  3/16/2015  | 
Mitigating these deadly sins requires process, visibility and automation. Its an effort that will improve security and increase business agility.
The Internet Of Bring-Your-Own Things
Commentary  |  3/25/2015  | 
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.