Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in January 2021
Is the Web Supply Chain Next in Line for State-Sponsored Attacks?
Commentary  |  1/29/2021  | 
Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.
Digital Identity Is the New Security Control Plane
Commentary  |  1/28/2021  | 
Simplifying the management of security systems helps provide consistent protection for the new normal.
Data Privacy Day 2021: Pandemic Response Data Must Align with Data Privacy Rules
Commentary  |  1/28/2021  | 
Amid a pandemic, Data Privacy Day this year brings forth expanded responsibilities for organizations in the response to COVID-19.
4 Clues to Spot a Bot Network
Commentary  |  1/27/2021  | 
Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods.
Security's Inevitable Shift to the Edge
Commentary  |  1/27/2021  | 
As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.
Fighting the Rapid Rise of Cyber Warfare in a Changing World
Commentary  |  1/26/2021  | 
Global cyber warfare is a grim reality, but strong public-private relationships and security frameworks can safeguard people, institutions, and businesses.
Mainframe Security Automation Is Not a Luxury
Commentary  |  1/26/2021  | 
As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.
2020's COVID Accelerated Digitalization Demands Stronger Cybersecurity in 2021
Commentary  |  1/25/2021  | 
As critical infrastructure faces increasing and sophisticated attacks, these trends will enable the energy sector to shore up its cybersecurity defenses.
Why North Korea Excels in Cybercrime
Commentary  |  1/22/2021  | 
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Commentary  |  1/21/2021  | 
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
Rethinking IoT Security: It's Not About the Devices
Commentary  |  1/21/2021  | 
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
Tips for a Bulletproof War Room Strategy
Commentary  |  1/20/2021  | 
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
The Most Pressing Concerns Facing CISOs Today
Commentary  |  1/19/2021  | 
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
A Security Practitioner's Guide to Encrypted DNS
Commentary  |  1/19/2021  | 
Best practices for a shifting visibility landscape.
How to Achieve Collaboration Tool Compliance
Commentary  |  1/15/2021  | 
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.
Vulnerability Management Has a Data Problem
Commentary  |  1/14/2021  | 
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
The Data-Centric Path to Zero Trust
Commentary  |  1/13/2021  | 
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
How to Boost Executive Buy-In for Security Investments
Commentary  |  1/12/2021  | 
Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite.
Bringing Zero Trust to Secure Remote Access
Commentary  |  1/12/2021  | 
Demand for secure remote access has skyrocketed during the pandemic. Here Omdia profiles more secure alternatives to virtual private network (VPN) technology.
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Commentary  |  1/12/2021  | 
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack
Commentary  |  1/11/2021  | 
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.
When It Comes To Security Tools, More Isn't More
Commentary  |  1/11/2021  | 
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
Top 5 'Need to Know' Coding Defects for DevSecOps
Commentary  |  1/8/2021  | 
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.
The 3 Most Common Types of BEC Attacks (And What You Can Do About Them)
Commentary  |  1/7/2021  | 
Always be skeptical and double check credentials.
How to Protect Your Organization's Digital Footprint
Commentary  |  1/6/2021  | 
As the digital risk landscape evolves and grows, organizations must stay vigilant against online threats.
What You Need to Know About California's New Privacy Rules
Commentary  |  1/5/2021  | 
Proposition 24 will change Californians' rights and business's responsibilities regarding consumer data protection.
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Commentary  |  1/4/2021  | 
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.


Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.