Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in October 2017
Page 1 / 2   >   >>
Ted Schlein: Interview With a Capitalist
Curt Franklin  |  10/31/2017  | 
Ted Schlein is a partner with the most storied venture capital fund in Silicon Valley. When Ted talks about cybersecurity, people listen.
Who Says Brilliant Security Engineers Can't Be Amazing People Managers?
Commentary  |  10/31/2017  | 
Don't let midcareer stagnation be an exit ramp from the cybersecurity industry. Use it as an opportunity to explore and to deepen your enthusiasm.
Stop Counting Vulnerabilities & Start Measuring Risk
Commentary  |  10/31/2017  | 
When security teams report on real risk, executive teams can gain a much better understanding of the company's security posture.
CAPTCHA Is Vulnerable
Larry Loeb  |  10/30/2017  | 
A group of researchers have demonstrated a vulnerability in the widely used CAPTCHA scheme – a vulnerability that may mean the end of CAPTCHA as we know it.
Screen Sharing: Dark Reading Caption Contest Winners
Commentary  |  10/30/2017  | 
It was a tough competition with more than 125 submissions, our largest field yet. And the winners are ...
Preventing Credential Theft: A Security Checklist for Boards
Commentary  |  10/30/2017  | 
Board members pose a unique risk for business, but proper planning helps.
Its Time to Change the Cybersecurity Conversation
Commentary  |  10/30/2017  | 
The IT security industry needs more balance between disclosure of threats and discussion of defense practices and greater sharing of ideas
Ted Schlein Hates Passwords
Curt Franklin  |  10/27/2017  | 
He hates user names, too, and thinks we should get rid of them. In a keynote address at Networking the Future in Tampa, Fla., he discussed why.
Kaspersky's US Gov Woes Continue
Simon Marshall  |  10/27/2017  | 
Kaspersky has admitted that its software grabbed a classified file from a private computer. Does it prove the US government's claims or prove that Kaspersky is a good global citizen?
3 Steps to Reduce Risk in Your Supply Chain
Commentary  |  10/27/2017  | 
Many companies have very limited visibility into their vendors' security posture -- and some may have thousands of vendors. Here are steps that every company should take to lock down their supply chains.
Is Your Security Military-Grade?
Curt Franklin  |  10/26/2017  | 
Simple civilian security won't cut it for most businesses. It's time to take your cybersecurity mil-spec.
Why Data Breach Stats Get It Wrong
Commentary  |  10/26/2017  | 
It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.
A Checklist for Securing the Internet of Things
Commentary  |  10/26/2017  | 
IoT devices promise endless benefits, but they also come with serious security issues. Use this checklist to make sure your company stays safe.
5 Reasons Why the CISO is a Cryptocurrency Skeptic
Partner Perspectives  |  10/26/2017  | 
If you think all you need is technology to defend against bad guys, you shouldnt be a CISO. But technology is all cryptocurrency is, starting with Bitcoin.
Bad Rabbit Breeds Ransomware Fears
Curt Franklin  |  10/25/2017  | 
A new breed of ransomware has hit Russia and Eastern Europe. Bad Rabbit could hop the Atlantic and wreak havoc on North American systems.
Advanced Analytics + Frictionless Security: What CISOS Need to Know
Commentary  |  10/25/2017  | 
Advances in analytics technologies promise to make identity management smarter and more transparent to users. But the process is neither straightforward nor easy.
Will Transparency Save Kaspersky?
Simon Marshall  |  10/25/2017  | 
Kaspersky is trying radical transparency to counter accusations that it acts as a front for Russian intelligence. Will it be enough to quiet the skeptics?
Why Patching Software Is Hard: Organizational Challenges
Commentary  |  10/25/2017  | 
The Equifax breach shows how large companies can stumble when it comes to patching. Organizational problems can prevent best practices from being enforced.
A New BotNet Is Growing: Are You Already Part of Its Army?
Curt Franklin  |  10/24/2017  | 
The IoT_Reaper botnet is new and growing. Are your IoT devices already part of a criminal system that will cripple the Internet?
Finding Your Appetite for Security Automation (and Why That's Important)
Commentary  |  10/24/2017  | 
Yes, automation is becoming increasingly critical. But before you go all-in, determine the level that's right for your company.
CNCF Adopts 2 Container Security Projects
Curt Franklin  |  10/24/2017  | 
A pair of new open source container security projects find a home at the CNCF. Enterprise Cloud News' Scott Ferguson reports the details.
Why Patching Software Is Hard: Technical Challenges
Commentary  |  10/24/2017  | 
Huge companies like Equifax can stumble over basic technical issues. Here's why.
You Must Know Blockchain
Curt Franklin  |  10/23/2017  | 
Even if you're not planning to use it any time soon, the signs are clear: You must know the technology of blockchain.
The Simplicity of a Wordpress Hack
Larry Loeb  |  10/23/2017  | 
The latest Wordpress hack is serious, but it's not part of some grand conspiracy among hackers.
Security Training & Awareness: 3 Big Myths
Commentary  |  10/23/2017  | 
The once-overwhelming consensus that security awareness programs are invaluable is increasingly up for debate.
Financial Institutions Lack Confidence in Their Own Defenses
Curt Franklin  |  10/20/2017  | 
Financial institutions are fighting fraud with tools that aren't completely up to the task, according to the results of a new survey out this week.
How to Talk to the C-Suite about Malware Trends
Commentary  |  10/20/2017  | 
There is no simple answer to the question 'Are we protected against the latest brand-name malware attack?' But there is a smart one.
Contesting Control of Container Security
Simon Marshall  |  10/20/2017  | 
Who should control container security? It's a question that is gaining importance as containers become a favored mechanism for enterprise development.
How Can You Beat the Widespread ROCA?
Curt Franklin  |  10/19/2017  | 
ROCA is a vulnerability hitting millions of devices. How can you tell if yours are affected and what can you do if they are?
What's Next after the SEC 'Insider Trading' Breach?
Commentary  |  10/19/2017  | 
Last month's hack of the Securities and Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.
CISOs: Striving Toward Proactive Security Strategies
Partner Perspectives  |  10/19/2017  | 
A new survey paints a compelling picture of the modern security executive, how they succeed, and how much power they wield.
GDPR Pressure Begins on US Multinationals
Simon Marshall  |  10/19/2017  | 
GDPR may be an EU regulation but it will have a significant impact on US companies doing business with any European customer, and the impact will start soon.
Necurs Malware Wants a Selfie With Your Desktop
Curt Franklin  |  10/18/2017  | 
Necurs has returned and this time it's carrying a payload that takes a picture of your desktop.
McAfee Brings AI to Security With New Products
Curt Franklin  |  10/18/2017  | 
McAfee has announced new products at MPOWER products that bring AI and machine learning to security analytics.
What's Next After HTTPS: A Fully Encrypted Web?
Commentary  |  10/18/2017  | 
As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.
KRACK Attack: How Enterprises Can Protect Their WiFi
Curt Franklin  |  10/17/2017  | 
A flaw in the WPA2 protocol means that most WiFi networks worldwide are open to successful attack.
Attivo Goes On the Attack Against Hackers
Simon Marshall  |  10/17/2017  | 
Attivo gets $21 million in new funding to take the fight to hackers through advanced deception.
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Commentary  |  10/17/2017  | 
The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.
HONEST Poll Results: How Much Should You Encrypt?
Curt Franklin  |  10/16/2017  | 
What is the 'Goldilocks Zone' when it comes to encryption? Security Now community members speak out in our latest poll.
CoinHive Mines New Malware Potential
Larry Loeb  |  10/16/2017  | 
Some websites have developed a new revenue stream. Unfortunately, it involves placing malware on visitors' computers.
20 Questions to Ask Yourself before Giving a Security Conference Talk
Commentary  |  10/16/2017  | 
As cybersecurity continues to become more of a mainstream concern, those of us who speak at industry events must learn how to truly connect with our audience.
Cisco Talos Team Tackles Top-Tier TXT Threat
Simon Marshall  |  10/13/2017  | 
Talos researchers have taken down an attack aimed at the Securities and Exchange Commission.
Risk & Reality Take Different Paths in Cybersecurity
Curt Franklin  |  10/13/2017  | 
A new study by Barracuda shows once again that the reality and perception of cyberrisks are two very different things.
Getting the Most Out of Cyber Threat Intelligence
Commentary  |  10/13/2017  | 
How security practitioners can apply structured analysis and move from putting out fires to fighting the arsonists.
ShiftLeft Secures Code Pre-Threat
Simon Marshall  |  10/12/2017  | 
Startup ShiftLeft is moving security forward in the software development lifecycle.
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Commentary  |  10/12/2017  | 
With social media, gathering information has never been easier, making Business Email Compromise the land of milk and honey for cybercriminals.
6 Steps to Finding Honey in the OWASP
Partner Perspectives  |  10/12/2017  | 
The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
Final Decision in Dreamhost Battle With DOJ
Curt Franklin  |  10/11/2017  | 
In the legal battle between the Department of Justice and Dreamhost, a resolution and a victory.
Can Machine Learning Outsmart Malware?
Partner Perspectives  |  10/11/2017  | 
Using machine learning in the cybersecurity domain is a growing trend with many advantages, but it also has its risks.
Rowhammer Attack Pounds With Precision
Larry Loeb  |  10/11/2017  | 
A new variant of the Rowhammer attack can work around every known defense.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27652
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27653
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27654
PUBLISHED: 2020-10-29
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
CVE-2020-27655
PUBLISHED: 2020-10-29
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
CVE-2020-27656
PUBLISHED: 2020-10-29
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.