Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in March 2016
Tell DR: What Are Your Biggest Unanswered Security Questions?
Commentary  |  3/19/2016  | 
Fill us in, Dark Reading community. What challenges and mysteries leave you scratching your heads and throwing up your hands?
Better Locks Than Back Doors: Why Apple Is Right About Encryption
Commentary  |  3/1/2016  | 
What the landmark privacy case and a new documentary about Stuxnet both have to say about the encryption versus government oversight debate.
Security Lessons From The Gluten Lie
Commentary  |  3/10/2016  | 
How faith healers and security vendors have learned what lies work.
Why Your Security Tools Are Exposing You to Added Risks
Commentary  |  3/2/2016  | 
The big lesson from 12 months of security product vulnerabilities: theres no foundation of trust in any piece of software. They all represent a potential new attack vector.
Machine Learning In Security: Seeing the Nth Dimension in Signatures
Commentary  |  3/31/2016  | 
How adding supervised machine learning to the development of n-dimensional signature engines is moving the detection odds back to the defender.
Dark Reading Radio: When Will Passwords Finally Die?
Commentary  |  3/14/2016  | 
Join us this Wednesday, March 16, at 1pm EDT/10am PDT, for the next episode of Dark Reading Radio.
Why Security & DevOps Cant Be Friends
Commentary  |  3/9/2016  | 
Legacy applications are a brush fire waiting to happen. But retrofitting custom code built in the early 2000s is just a small part of the application security problem.
No Place For Tor In The Secured Workplace
Commentary  |  3/18/2016  | 
When it comes to corporate security, anonymity does not necessarily ensure protection of ones private information nor that of your employer.
Vuln Disclosure: Why Security Vendors & Researchers Dont Trust Each Other
Commentary  |  3/22/2016  | 
The security industry doesnt need a one-size-fits all vulnerability disclosure policy. It needs a culture change. Getting everyone to the table is the first step.
Mobile Security: Why App Stores Dont Keep Users Safe
Commentary  |  3/24/2016  | 
In a preview of his Black Hat Asia Briefing next week, a security researcher offers more proof of trouble in the walled gardens of the Apple and Google App stores.
IoT Security Checklist: Get Ahead Of The Curve
Commentary  |  3/3/2016  | 
The security industry needs to take a Consumer Reports approach to Internet of Things product safety, including rigorous development practices and both physical and digital testing.
Cloud Survival Guide: 3 Tips For CISOs
Commentary  |  3/7/2016  | 
To thrive in the cloud era, CISOs must refashion their roles as business enablers, adopt automation wherever possible, and go back to the basics on security hygiene.
Forgot My Password: Caption Contest Winners Announced
Commentary  |  3/8/2016  | 
Sticky notes, clouds and authentication jokes. And the winning caption is...
Data In The Cloud: What Everyone Should Know
Partner Perspectives  |  3/10/2016  | 
When vetting a cloud or SaaS provider, it is imperative that you find out how they handle data security and privacy. Here are some key questions to ask.
Who Took The Cookies From The Cookie Jar?
Partner Perspectives  |  3/11/2016  | 
The indictment of five Iranian hackers three years after the fact raises the question: Is naming them a worthwhile part of the threat defense lifecycle, or is it a meaningless distraction?
Understanding The 2 Sides Of Application Security Testing
Commentary  |  3/14/2016  | 
Everybody likes to focus on the top 10 vulnerabilities, but I've never found a company with a top 10 vulnerabilities problem. Every company has a different top 10.
'FBiOS' Case Heading For A New Firestorm
Commentary  |  3/30/2016  | 
The surprise developments in the FBI v Apple case offer little reason to celebrate for encryption and privacy advocates.
When It Comes To Cyberthreat Intelligence, Sharing Is Caring
Partner Perspectives  |  3/31/2016  | 
Shared cyberthreat intelligence will soon be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats.
Security Lessons From My Stock Broker
Commentary  |  3/17/2016  | 
Or, how to lie with metrics.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.
CVE-2020-24119
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
CVE-2020-27833
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...