Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Most Commented Content posted in May 2018
Want Your Daughter to Succeed in Cyber? Call Her John
Commentary  |  5/16/2018  | 
It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.
Bridging the Cybersecurity Talent Gap
Commentary  |  5/25/2018  | 
There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.
Boosting Security Effectiveness with 'Adjuvants'
Partner Perspectives  |  5/17/2018  | 
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
The Risks of Remote Desktop Access Are Far from Remote
Commentary  |  5/17/2018  | 
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
20 Signs You Are Heading for a Retention Problem
Commentary  |  5/9/2018  | 
If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
Properly Framing the Cost of a Data Breach
Commentary  |  5/8/2018  | 
The expenses and actions typically associated with a cyberattack are not all created equal. Here's how to explain what's important to the C-suite and board.
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Commentary  |  5/14/2018  | 
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
The Good News about Cross-Domain Identity Management
Commentary  |  5/31/2018  | 
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Is Threat Intelligence Garbage?
Commentary  |  5/23/2018  | 
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
How to Empower Today's 'cISOs'
Commentary  |  5/29/2018  | 
Although many security leaders have a C in their title, not all are true capital-C "Chiefs." Here are three ways to live up to the job description.
The Good & Bad News about Blockchain Security
Commentary  |  5/23/2018  | 
Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
Commentary  |  5/30/2018  | 
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
An Industry In Transition: Key Tech Trends In 2018
Partner Perspectives  |  5/29/2018  | 
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
Commentary  |  5/31/2018  | 
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Commentary  |  5/21/2018  | 
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
Commentary  |  5/1/2018  | 
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
Spring Clean Your Security Systems: 6 Places to Start
Commentary  |  5/2/2018  | 
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?
Why Isn't Integrity Getting the Attention It Deserves?
Commentary  |  5/17/2018  | 
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.