Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in October 2020
Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach
Commentary  |  10/30/2020  | 
As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
How Healthcare Organizations Can Combat Ransomware
Commentary  |  10/29/2020  | 
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
Analysis: Forcepoint Can Still Succeed, but It Needs Committed Ownership
Commentary  |  10/29/2020  | 
Raytheon intends to sell Forcepoint to PE firm Francisco Partners. Despite a solid product portfolio and bold strategy, Forcepoint's future is now even more uncertain.
How to Increase Voter Turnout & Reduce Fraud
Commentary  |  10/29/2020  | 
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
Is Your Encryption Ready for Quantum Threats?
Commentary  |  10/29/2020  | 
Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.
Rethinking Security for the Next Normal -- Under Pressure
Commentary  |  10/28/2020  | 
By making a commitment to a unified approach to security, then doing what's necessary to operationalize it, organizations can establish a better security model for the next normal.
Physical Security Has a Lot of Catching Up to Do
Commentary  |  10/28/2020  | 
The transformation we need: merging the network operations center with the physical security operations center.
MITRE Shield Matrix Highlights Deception & Concealment Technology
Commentary  |  10/27/2020  | 
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
5 Human Factors That Affect Secure Software Development
Commentary  |  10/27/2020  | 
With the move to remote work, it's especially important to understand how to support, discourage, and monitor conditions for development teams.
Microsoft's Kubernetes Threat Matrix: Here's What's Missing
Commentary  |  10/26/2020  | 
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
A Pause to Address 'Ethical Debt' of Facial Recognition
Commentary  |  10/23/2020  | 
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
Commentary  |  10/22/2020  | 
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
Implementing Proactive Cyber Controls in OT: Myths vs. Reality
Commentary  |  10/22/2020  | 
Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
Dealing With Insider Threats in the Age of COVID
Commentary  |  10/21/2020  | 
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Commentary  |  10/21/2020  | 
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Commentary  |  10/21/2020  | 
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Commentary  |  10/20/2020  | 
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
Building the Human Firewall
Commentary  |  10/20/2020  | 
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
Trickbot, Phishing, Ransomware & Elections
Commentary  |  10/19/2020  | 
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
A New Risk Vector: The Enterprise of Things
Commentary  |  10/19/2020  | 
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
Cybercrime Losses Up 50%, Exceeding $1.8B
Commentary  |  10/16/2020  | 
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
Overcoming the Challenge of Shorter Certificate Lifespans
Commentary  |  10/15/2020  | 
We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.
The Ruthless Cyber Chaos of Business Recovery
Commentary  |  10/15/2020  | 
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.
Assuring Business Continuity by Reducing Malware Dwell Time
Commentary  |  10/14/2020  | 
Here's how CISOs and IT security operations teams can best address key challenges to network monitoring that could increase malware dwell time.
NIST Quantum Cryptography Program Nears Completion
Commentary  |  10/14/2020  | 
The National Institute of Standards and Technology's first post-quantum cryptography standard will address key issues, approaches, an arms race, and the technology's uncertain future.
Where Are the 'Great Exits' in the Data Security Market?
Commentary  |  10/13/2020  | 
If data security were a student, its report card would read "Not performing to potential." Here's why.
Trickbot Botnet Response Highlights Partnerships Preventing US Election Interference
Commentary  |  10/13/2020  | 
Recent efforts by USCYBERCOM and Microsoft to disrupt the Trickbot botnet highlight the importance of partnerships in successful malware botnet disruption.
Online Voting Is Coming, but How Secure Will It Be?
Commentary  |  10/13/2020  | 
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
Security Officers, Are Your Employees Practicing Good Habits from Home?
Commentary  |  10/12/2020  | 
Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.
Why MSPs Are Hacker Targets, and What To Do About It
Commentary  |  10/9/2020  | 
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.
Scale Up Threat Hunting to Skill Up Analysts
Commentary  |  10/8/2020  | 
Security operation centers need to move beyond the simplicity of good and bad software to having levels of "badness," as well as better defining what is good. Here's why.
Key Considerations & Best Practices for Establishing a Secure Remote Workforce
Commentary  |  10/8/2020  | 
Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.
The New War Room: Cybersecurity in the Modern Era
Commentary  |  10/7/2020  | 
The introduction of the virtual war room is a new but necessary shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.
What the Sci-Fi Hit Altered Carbon Teaches Us About Virtualization Security
Commentary  |  10/7/2020  | 
The Netflix show may be fantastical, but it has real-world lessons about virtualization.
Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance
Commentary  |  10/6/2020  | 
Too many organizations fail to enact the baseline payment security controls, according to the Verizon 2020 Payment Security Report.
10 Years Since Stuxnet: Is Your Operational Technology Safe?
Commentary  |  10/6/2020  | 
The destructive worm may have debuted a decade ago, but Stuxnet is still making its presence known. Here are steps you can take to stay safer from similar attacks.
Do's and Don'ts for School Cybersecurity Awareness
Commentary  |  10/6/2020  | 
Remote learning has introduced an array of new cyberthreats to American families and schools, but this can be an educational moment for all involved.
3 Ways Data Breaches Accelerate the Fraud Supply Chain
Commentary  |  10/5/2020  | 
The battle's just beginning as bad actors glean more personal information from victims and use that data to launch larger attacks.
Truncated URLs Look to Make Big Dent in Phishing
Commentary  |  10/2/2020  | 
The approach is a long time in coming and will test the premise that users can more easily detect a suspicious domain from the name alone.
'It Won't Happen to Me': Employee Apathy Prevails Despite Greater Cybersecurity Awareness
Commentary  |  10/1/2020  | 
To protect your organization from all emerging file-borne threats, the security and leadership teams must align to develop a streamlined approach to file security.
Cryptojacking: The Unseen Threat
Commentary  |  10/1/2020  | 
Mining malware ebbs and flows with the price of cryptocurrencies, and given the momentum on price is upward, cryptojacking is a very present threat.


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVE-2017-15684
PUBLISHED: 2020-11-27
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.