Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in January 2021
Is the Web Supply Chain Next in Line for State-Sponsored Attacks?
Commentary  |  1/29/2021  | 
Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.
Digital Identity Is the New Security Control Plane
Commentary  |  1/28/2021  | 
Simplifying the management of security systems helps provide consistent protection for the new normal.
Data Privacy Day 2021: Pandemic Response Data Must Align with Data Privacy Rules
Commentary  |  1/28/2021  | 
Amid a pandemic, Data Privacy Day this year brings forth expanded responsibilities for organizations in the response to COVID-19.
4 Clues to Spot a Bot Network
Commentary  |  1/27/2021  | 
Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods.
Security's Inevitable Shift to the Edge
Commentary  |  1/27/2021  | 
As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.
Fighting the Rapid Rise of Cyber Warfare in a Changing World
Commentary  |  1/26/2021  | 
Global cyber warfare is a grim reality, but strong public-private relationships and security frameworks can safeguard people, institutions, and businesses.
Mainframe Security Automation Is Not a Luxury
Commentary  |  1/26/2021  | 
As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.
2020's COVID Accelerated Digitalization Demands Stronger Cybersecurity in 2021
Commentary  |  1/25/2021  | 
As critical infrastructure faces increasing and sophisticated attacks, these trends will enable the energy sector to shore up its cybersecurity defenses.
Why North Korea Excels in Cybercrime
Commentary  |  1/22/2021  | 
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Commentary  |  1/21/2021  | 
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
Rethinking IoT Security: It's Not About the Devices
Commentary  |  1/21/2021  | 
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
Tips for a Bulletproof War Room Strategy
Commentary  |  1/20/2021  | 
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
The Most Pressing Concerns Facing CISOs Today
Commentary  |  1/19/2021  | 
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
A Security Practitioner's Guide to Encrypted DNS
Commentary  |  1/19/2021  | 
Best practices for a shifting visibility landscape.
How to Achieve Collaboration Tool Compliance
Commentary  |  1/15/2021  | 
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.
Vulnerability Management Has a Data Problem
Commentary  |  1/14/2021  | 
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
The Data-Centric Path to Zero Trust
Commentary  |  1/13/2021  | 
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
How to Boost Executive Buy-In for Security Investments
Commentary  |  1/12/2021  | 
Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite.
Bringing Zero Trust to Secure Remote Access
Commentary  |  1/12/2021  | 
Demand for secure remote access has skyrocketed during the pandemic. Here Omdia profiles more secure alternatives to virtual private network (VPN) technology.
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Commentary  |  1/12/2021  | 
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack
Commentary  |  1/11/2021  | 
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.
When It Comes To Security Tools, More Isn't More
Commentary  |  1/11/2021  | 
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
Top 5 'Need to Know' Coding Defects for DevSecOps
Commentary  |  1/8/2021  | 
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.
The 3 Most Common Types of BEC Attacks (And What You Can Do About Them)
Commentary  |  1/7/2021  | 
Always be skeptical and double check credentials.
How to Protect Your Organization's Digital Footprint
Commentary  |  1/6/2021  | 
As the digital risk landscape evolves and grows, organizations must stay vigilant against online threats.
What You Need to Know About California's New Privacy Rules
Commentary  |  1/5/2021  | 
Proposition 24 will change Californians' rights and business's responsibilities regarding consumer data protection.
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Commentary  |  1/4/2021  | 
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5669
PUBLISHED: 2021-10-26
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-40343
PUBLISHED: 2021-10-26
An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.
CVE-2021-40344
PUBLISHED: 2021-10-26
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.
CVE-2021-40345
PUBLISHED: 2021-10-26
An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.
CVE-2021-42343
PUBLISHED: 2021-10-26
An issue was discovered in Dask (aka python-dask) through 2021.09.1. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (ty...