Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in January 2018
Page 1 / 2   >   >>
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Commentary  |  1/31/2018  | 
Authentication security methods are getting better all the time, but they are still not infallible.
5 Questions to Ask about Machine Learning
Commentary  |  1/31/2018  | 
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Ransomware Shows There's no Honor Among Cyberthieves
Larry Loeb  |  1/31/2018  | 
Proofpoint has found that one group of cybercrooks is stealing from other gangs of cybercriminals by using a proxy Tor browser to steal Bitcoins used to pay off ransomware threats.
Data Encryption: 4 Common Pitfalls
Partner Perspectives  |  1/31/2018  | 
To maximize encryption effectiveness you must minimize adverse effects in network performance and complexity. Here's how.
Breach-Proofing Your Data in a GDPR World
Commentary  |  1/30/2018  | 
Here are six key measures for enterprises to prioritize over the next few months.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
Commentary  |  1/30/2018  | 
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
Cryptomining: Paying the Price for Cryptocurrency
Simon Marshall  |  1/30/2018  | 
The growing popularity of Bitcoin and other cryptocurrency has led to cryptomining, with enterprises and individuals running the software unknowingly. Here's a look at the underside of this new business model.
An Action Plan to Fill the Information Security Workforce Gap
Commentary  |  1/29/2018  | 
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
OilRig's Use of RGDoor Shows Sophistication of Nation-State Attacks
Larry Loeb  |  1/29/2018  | 
OilRig, a group linked to Iran, has been installing RGDoor, a secondary backdoor that can reopen a system even if it's been fixed. Its use shows how sophisticated nation-state attacks are becoming.
Security Spending Increasing, Along With Data Breaches
Larry Loeb  |  1/29/2018  | 
In one of those good news/bad news reports on the state of security, the amount of money being spent on security is expected to increase this year, but the number of data breaches is also rising.\r\n\r\n
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Commentary  |  1/26/2018  | 
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
Selling Cloud-Based Cybersecurity to a Skeptic
Partner Perspectives  |  1/26/2018  | 
When it comes to security, organizations dont need to look at cloud as an either/or proposition. But there are misconceptions that need to be addressed.
How Containers & Serverless Computing Transform Attacker Methodologies
Commentary  |  1/25/2018  | 
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Commentary  |  1/25/2018  | 
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
8 Personal & Professional Data Privacy Tips to Follow
Simon Marshall  |  1/25/2018  | 
With International Data Privacy Day coming later this month, Security Now offers a checklist to help protect personal and professional data.
Avoiding the Epidemic of Hospital Hacks
Partner Perspectives  |  1/25/2018  | 
Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
Security Automation: Time to Start Thinking More Strategically
Commentary  |  1/24/2018  | 
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
GDPR: Ready or Not, Here It Comes
Commentary  |  1/24/2018  | 
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
Linus Torvalds: Intel's Spectre Patch Is 'Complete & Utter Garbage'
Larry Loeb  |  1/24/2018  | 
In a scathing assessment of Intel's efforts to patch the Spectre flaw, Linux inventor Linus Torvalds offers no quarter for the chipmaker.
Meltdown, Spectre Patches, Performance & My Neighbor's Sports Car
Commentary  |  1/23/2018  | 
When a flaw in the engine of a data center server makes it run more like a Yugo than a Porsche, it's the lawyers who will benefit.
5 Steps to Better Security in Hybrid Clouds
Commentary  |  1/23/2018  | 
Following these tips can improve your security visibility and standardize management across hybrid environments.
9 Steps to More-Effective Organizational Security
Commentary  |  1/22/2018  | 
Too often security is seen as a barrier, but it's the only way to help protect the enterprise from threats. Here are tips on how to strengthen your framework.
SamSam Ransomware Continues Making Hospitals Sick
Larry Loeb  |  1/22/2018  | 
SamSam or Samas continues to surface in hospitals and other healthcare facilities. The way the ransomware works shows how vulnerable healthcare is to these particular types of attacks.
Thycotic's Joseph Carson: Government & Encryption Issues Will Be Huge
Simon Marshall  |  1/22/2018  | 
In the second part of his Q&A with Security Now, Thycotic Chief Security Scientist Joseph Carson talks about encryption and the role that governments play in security.
Understanding Supply Chain Cyber Attacks
Commentary  |  1/19/2018  | 
While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security.
Spectre Can Obfuscate Tracking Tools, Too
Larry Loeb  |  1/19/2018  | 
As the security community learns more about the Spectre vulnerability, clever coders are already finding other exploits. Here's looking at the first of many.
Tax Reform, Cybersecurity-Style
Commentary  |  1/18/2018  | 
How the security industry can be more effective and efficient by recognizing four hidden "taxes" in the buying and selling process.
Applying Defense-in-Depth to the Digital Battlefield
Partner Perspectives  |  1/18/2018  | 
How a layered security strategy can minimize the threat and impact of a data breach.
How to Keep Blue Teams Happy in an Automated Security World
Commentary  |  1/18/2018  | 
The creativity and intuition of your team members must be developed and nurtured.
The Startup Challenge: Safe in the Cloud from Day One
Partner Perspectives  |  1/18/2018  | 
How a Seattle travel company built a rock-solid mobile app without sacrificing performance or security.
Living with Risk: Where Organizations Fall Short
Commentary  |  1/17/2018  | 
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
How AI Would Have Caught the Forever 21 Breach
Commentary  |  1/17/2018  | 
Companies must realize that the days of the desktop/server model are over and focus on "nontraditional" devices.
Google Chrome Extensions Hide Malice
Larry Loeb  |  1/17/2018  | 
Researchers from ICEBEG found malicious code hiding in four popular Google Chrome extensions. The search giant is working to fix the problem.
In Security & Life, Busy Is Not a Badge of Honor
Commentary  |  1/16/2018  | 
All security teams are busy, but not all security teams are productive. The difference between the two is huge.
Thycotic's Joseph Carson: Hackers Will Soon Read Your Mind
Simon Marshall  |  1/16/2018  | 
In the first part of his Q&A with Security Now, Thycotic's Joseph Carson talks privacy in an interconnected world and how hackers will soon read minds.
Mental Models & Security: Thinking Like a Hacker
Commentary  |  1/16/2018  | 
These seven approaches can change the way you tackle problems.
Top 3 Pitfalls of Securing the Decentralized Enterprise
Partner Perspectives  |  1/16/2018  | 
Doubling down on outdated security practices while the number of users leveraging your enterprise network grows is a race to the bottom for businesses moving to distributed workflows.
After Spectre & Meltdown, Intel Faces an 'Evil Maid' Problem
Larry Loeb  |  1/16/2018  | 
In a rough start to 2018, Intel is dealing with the Spectre and Meltdown vulnerabilities in its CPUs, and now the chip maker is confronting reports of a flaw that leaves chips open to an 'Evil Maid' attack.
What Can We Learn from Counterterrorism and National Security Efforts?
Commentary  |  1/12/2018  | 
The best practices and technologies that originated in the intelligence realm can help businesses stay safer, too.
Security Warning: Intel Inside
Larry Loeb  |  1/12/2018  | 
At CES, Intel CEO Brian Krzanich looked to reassure the whole industry that the chip maker would ensure that its processors were secure following the Meltdown and Spectre disclosures.
Privacy: The Dark Side of the Internet of Things
Commentary  |  1/11/2018  | 
Before letting an IoT device into your business or home, consider what data is being collected and where it is going.
AI in Cybersecurity: Where We Stand & Where We Need to Go
Commentary  |  1/11/2018  | 
How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.
Why Facebook Security Questions Are no Substitute for MFA
Partner Perspectives  |  1/11/2018  | 
If identity is established based on one thing you know and one thing you have, the latter should not also be a thing you know because in the sharing economy, we share everything.
'Shift Left': Codifying Intuition into Secure DevOps
Commentary  |  1/10/2018  | 
Shifting left is more than a catchy phrase. It's a mindset that emphasizes the need to think about security in all phases of the software development life cycle.
Smaller Financial Firms Preparing for New Ransomware Threats
Simon Marshall  |  1/10/2018  | 
Nearly a year after WannaCry and other ransomware attacks that targeted financial institutions, smaller firms are looking to prepare. Here's what the CISO of Texas-based Real Time Resolutions is doing to fight back.
'Back to Basics' Might Be Your Best Security Weapon
Commentary  |  1/10/2018  | 
A company's ability to successfully reduce risk starts with building a solid security foundation.
WPA3 Standard Teased at CES Following KRACK Attack
Larry Loeb  |  1/10/2018  | 
A few months after the KRACK attack, the Wi-Fi Alliance unveiled a few details about the upcoming WPA3 standards, with an emphasis on security and encryption.
'Tis the Season: Dark Reading Caption Contest Winners
Commentary  |  1/9/2018  | 
Bricked devices, penetration tests, and virtual reality were among the themes submitted in our latest holiday caption competition. And the winners are ...
CISOs' Cyber War: How Did We Get Here?
Commentary  |  1/9/2018  | 
We're fighting the good fight -- but, ultimately, losing the war.
Dell EMC, VMware Race to Plug Virtual Appliance Security Hole
Larry Loeb  |  1/9/2018  | 
Dell EMC, along with VMware, are hard at work plugging a zero-day exploit that targets the companies' virtual appliance gear.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15703
PUBLISHED: 2020-10-31
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivile...
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.