Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in May 2018
Want Your Daughter to Succeed in Cyber? Call Her John
Commentary  |  5/16/2018  | 
It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.
Bridging the Cybersecurity Talent Gap
Commentary  |  5/25/2018  | 
There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.
Boosting Security Effectiveness with 'Adjuvants'
Partner Perspectives  |  5/17/2018  | 
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
20 Signs You Are Heading for a Retention Problem
Commentary  |  5/9/2018  | 
If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
Properly Framing the Cost of a Data Breach
Commentary  |  5/8/2018  | 
The expenses and actions typically associated with a cyberattack are not all created equal. Here's how to explain what's important to the C-suite and board.
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Commentary  |  5/14/2018  | 
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
The Risks of Remote Desktop Access Are Far from Remote
Commentary  |  5/17/2018  | 
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
The Good News about Cross-Domain Identity Management
Commentary  |  5/31/2018  | 
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Is Threat Intelligence Garbage?
Commentary  |  5/23/2018  | 
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
How to Empower Today's 'cISOs'
Commentary  |  5/29/2018  | 
Although many security leaders have a C in their title, not all are true capital-C "Chiefs." Here are three ways to live up to the job description.
The Good & Bad News about Blockchain Security
Commentary  |  5/23/2018  | 
Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
Commentary  |  5/30/2018  | 
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
An Industry In Transition: Key Tech Trends In 2018
Partner Perspectives  |  5/29/2018  | 
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
Commentary  |  5/31/2018  | 
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Commentary  |  5/21/2018  | 
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
Why Isn't Integrity Getting the Attention It Deserves?
Commentary  |  5/17/2018  | 
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
Commentary  |  5/1/2018  | 
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
Spring Clean Your Security Systems: 6 Places to Start
Commentary  |  5/2/2018  | 
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.