Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in October 2014
Financial Breaches Show Trust Model Is Broken
Commentary  |  10/31/2014  | 
Its a full-blown crisis when a dozen major financial services firms admit to having their networks probed by the same attackers as those behind the JPMorgan Chase breach.
The Performance Penalties of Bloatware-Based Next-Gen Firewalls
Partner Perspectives  |  10/31/2014  | 
Why some organizations turn off critical security features to maintain network QoS.
Welcome To My Cyber Security Nightmare
Commentary  |  10/30/2014  | 
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.
Infographic: The Many Faces of Todays Hackers
Commentary  |  10/29/2014  | 
How many of these hacker personas are you dueling with in your organization?
What Scares Me About Healthcare & Electric Power Security
Commentary  |  10/28/2014  | 
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
A Simple Formula For Usable Risk Intelligence
Commentary  |  10/27/2014  | 
How infosec can cut through the noise and gain real value from cyberdata.
Poll: Patching Is Primary Response to Shellshock
Commentary  |  10/24/2014  | 
As potential threats mount, Dark Reading community members home in on patching infrastructure but not devices, according to our latest poll.
Incident Response: Is Your IR Plan A Glorified Phone Tree?
Commentary  |  10/23/2014  | 
Training internal security teams to be first responders can drastically improve an organization's effectiveness in the wake of a data breach. Here's why.
Enterprise Security: Why You Need a Digital Immune System
Partner Perspectives  |  10/23/2014  | 
Treating enterprise security like the human body's response to illness or injury is more effective than just a barrier approach
Cyber Threats: Information vs. Intelligence
Commentary  |  10/22/2014  | 
Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it?
Digital Security: Taking an Uncompromising Stand
Partner Perspectives  |  10/21/2014  | 
How to improve digital immunity by sharing Indicators of Attack.
Insider Threats: Breaching The Human Barrier
Commentary  |  10/20/2014  | 
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Commentary  |  10/17/2014  | 
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
Third-Party Code: Fertile Ground For Malware
Commentary  |  10/15/2014  | 
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
Stolen Medical Data Is Now A Hot Commodity
Commentary  |  10/14/2014  | 
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Heres why.
In AppSec, Fast Is Everything
Commentary  |  10/13/2014  | 
The world has shifted. The SAST and DAST tools that were invented over a decade ago are no longer viable approaches to application security.
Dont Get Caught in a Compromising Position
Partner Perspectives  |  10/13/2014  | 
Relying on Indicators of Compromise is necessary, but not sufficient.
Security Education K Through Life
Commentary  |  10/10/2014  | 
InfoSec professionals of the future need access to the right education and tools early on and throughout their entire work life.
How Retail Can Win Back Consumer Trust
Commentary  |  10/9/2014  | 
Customer loyalty to their favorite brands is all about trust, which today has everything to do with security and privacy.
Good Job, Facebook: The Intersection Of Privacy, Identity & Security
Commentary  |  10/8/2014  | 
Birth names and legal names arent always the names people are best known by, concedes Facebook in the wake of a real-name policy usage flap.
Tokenization: 6 Reasons The Card Industry Should Be Wary
Commentary  |  10/7/2014  | 
VISAs new token service aims to provide consumers a simple, fraud-free digital payment experience. Its a worthy goal, but one that may prove to be more aspirational than functional.
How Cookie-Cutter Cyber Insurance Falls Short
Commentary  |  10/6/2014  | 
Many off-the-shelf cyber liability policies feature a broad range of exclusions that wont protect your company from a data breach or ransomware attack.
How Retro Malware Feeds the New Threat Wave
Commentary  |  10/3/2014  | 
Old-school exploits used in new ways are placing fresh demands for intel-sharing among infosec pros and their time-tested and next-gen security products.
Poll: Employees Clueless About Social Engineering
Commentary  |  10/2/2014  | 
Not surprisingly, our latest poll confirms that threats stemming from criminals hacking humans are all too frequently ignored.
5 New Truths To Teach Your CIO About Identity
Commentary  |  10/1/2014  | 
When CIOs talk security they often use words like "firewall" and "antivirus." Heres why todays technology landscape needs a different vocabulary.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34761
PUBLISHED: 2021-10-27
A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete v...
CVE-2021-34762
PUBLISHED: 2021-10-27
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to ins...
CVE-2021-34763
PUBLISHED: 2021-10-27
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this adv...
CVE-2021-34764
PUBLISHED: 2021-10-27
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this adv...
CVE-2021-34781
PUBLISHED: 2021-10-27
A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper err...