Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in March 2017
Phishing Your Employees for Schooling & Security
Commentary  |  3/22/2017  | 
Your education program isn't complete until you test your users with fake phishing emails.
Commercial IoT: Big Trouble in Small Devices
Commentary  |  3/28/2017  | 
There are endless scenarios where hackers could wreak havoc on the industrial Internet of Things. Theres also a readily available solution called HIP.
Prioritizing Threats: Why Most Companies Get It Wrong
Commentary  |  3/24/2017  | 
To stay safer, focus on multiple-threat attack chains rather than on individual threats.
Ethical Hacking: The Most Important Job No One Talks About
Commentary  |  3/16/2017  | 
If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.
Mobile (In)security: Dark Reading Cartoon Caption Contest Winners
Commentary  |  3/9/2017  | 
Clever word play on mobile ransomware, cloud and the Internet of Things. And the winners are
Data Visualization: Keeping an Eye on Security
Commentary  |  3/27/2017  | 
Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
How Identity Deception Increases the Success of Ransomware
Commentary  |  3/28/2017  | 
As scammers hone their skills, their handiwork looks more credible to intended victims, making a successful ransomware scam more likely.
In a Cybersecurity Vendor War, the End User Loses
Commentary  |  3/8/2017  | 
When vulnerability information is disclosed without a patch available, users are the ones really being punished.
A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
Commentary  |  3/7/2017  | 
A researcher gives us a glimpse into what happened when he found a problem with an IoT device.
To Gain Influence, CISOs Must Get Security's Human Element Right
Commentary  |  3/29/2017  | 
Focusing on certain elements of security in isolation can cause a false sense of security.
Adware vs. Ad Fraud: Viva la Difference!
Partner Perspectives  |  3/6/2017  | 
Both earn their money in the advertising trade but they each have very different means of operation and targets.
Googles SHA-1 Countdown Clock Could Undermine Enterprise Security
Commentary  |  3/7/2017  | 
In the wake of a recently documented 'collision' attack, Google researchers should consider delaying the release of the code behind the crack until companies can roll out adequate patches. Here's why
Securing Todays 'Elastic Attack Surface'
Commentary  |  3/9/2017  | 
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
Privacy Babel: Making Sense of Global Privacy Regulations
Commentary  |  3/29/2017  | 
Countries around the world are making their own privacy laws. How can a global company possibly keep up?
This Week On Dark Reading: Events Calendar
Commentary  |  3/13/2017  | 
How to become a threat hunter, how to build a cybersecurity architecture that actually defends against today's risks, and much more...
Debunking 5 Myths About DNS
Commentary  |  3/14/2017  | 
From the boardroom to IT and the end user, the Domain Name System is often misunderstood, which can leave organizations vulnerable to attacks.
The Business of Security: How your Organization Is Changing beneath You
Commentary  |  3/30/2017  | 
And why its your job to change with it and skate where the puck is headed.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27184
PUBLISHED: 2021-05-14
The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks.
CVE-2020-27185
PUBLISHED: 2021-05-14
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.
CVE-2021-32613
PUBLISHED: 2021-05-14
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.
CVE-2021-24192
PUBLISHED: 2021-05-14
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers insta...
CVE-2021-24193
PUBLISHED: 2021-05-14
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, wh...