Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in December 2017
Retail Security Threat Season is in Full Swing
Simon Marshall  |  12/29/2017  | 
Christmas shopping season is over, but shopping -- and threats to retailers and their customers -- is still going strong.
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Commentary  |  12/29/2017  | 
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
17 Things We Should Have Learned in 2017 But Probably Didn't
Commentary  |  12/29/2017  | 
The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn't already have known?
The Disconnect Between Cybersecurity & the C-Suite
Commentary  |  12/28/2017  | 
Most corporate boards are not taking tangible actions to shape their companies' security strategies or investment plans, a PwC study shows.
The Financial Impact of Cyber Threats
Commentary  |  12/27/2017  | 
Determining the financial impact of specific IT vulnerabilities is a good way to prioritize remediation and prevent attacks.
Nasties Abound: Symantec's Q3 Threat Report
Larry Loeb  |  12/27/2017  | 
Symantec's Threat Report from the 2017 Q3 shows that malware writers are busier than ever.
2017 Security Predictions through the Rear Window
Commentary  |  12/26/2017  | 
If you're going to forecast the future, go big.
Cloud Security Is a Shared Responsibility
Curt Franklin  |  12/26/2017  | 
In the answer to a question from a recent webinar, editor Curtis Franklin looks at who's responsible for data security in the cloud.
Block Threats Faster: Pattern Recognition in Exploit Kits
Commentary  |  12/22/2017  | 
When analysts investigate an indicator of compromise, our primary goal is to determine if it is malicious as quickly as possible. Identifying attack patterns helps you mitigate quicker.
Digital Forensics & the Illusion of Privacy
Commentary  |  12/21/2017  | 
Forensic examiners don't work for bounties. They do what is required to catch criminals, pedophiles, or corporate embezzlers, and now their important security research is finally being acknowledged.
The Hard Work of Pointing Fingers
Larry Loeb  |  12/21/2017  | 
Pointing the finger at a perpetrator is difficult. Pointing it at the right perpetrator is even harder. That doesn't stop many organizations from trying.
Why Network Visibility Is Critical to Removing Security Blind Spots
Commentary  |  12/21/2017  | 
You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.
Be a More Effective CISO by Aligning Security to the Business
Partner Perspectives  |  12/21/2017  | 
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
IoT Security Is a Matter of Life & Death
Simon Marshall  |  12/20/2017  | 
When the IoT enters the hospital room, its security becomes a matter of literal life and death.
Breach Reveals Data on All US Households
Curt Franklin  |  12/20/2017  | 
Information on every US household has now been stolen. What does that mean for IT security?
Security Worries? Let Policies Automate the Right Thing
Commentary  |  12/20/2017  | 
By programming 'good' cybersecurity practices, organizations can override bad behavior, reduce risk, and improve the bottom line.
Dirty Practices Make for Difficult Security
Simon Marshall  |  12/19/2017  | 
Data hygiene is low on the priority list for most IT users, and IT security departments end up cleaning up the mess.
Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence
Commentary  |  12/19/2017  | 
CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the "who, what, and why" of a cyber attack.
Picker Mentality Supercharges Malware
Larry Loeb  |  12/18/2017  | 
The picker mentality, reusing code and techniques that have worked before, is making malware stronger and more difficult to defend against.
Security for the Broken Business
Curt Franklin  |  12/18/2017  | 
What is the IT security's responsibility when the business itself is intrinsically secure? The first step may be to point out the obvious.
Advanced Deception: How It Works & Why Attackers Hate It
Commentary  |  12/18/2017  | 
While cyberattacks continue to grow, deception-based technology is providing accurate and scalable detection and response to in-network threats.
Is Your Security Workflow Backwards?
Commentary  |  12/15/2017  | 
The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.
Office 365 Flaw Could Lead to 'Stealthy Admin' Headaches
Simon Marshall  |  12/15/2017  | 
A recently discovered flaw in Microsoft's Office 365 suite could meant that a business's so-called "stealthy admins" could compromise security without even realizing it.
Russian DNS Gobbling Up Internet Traffic
Larry Loeb  |  12/15/2017  | 
BGPMON researchers have found that Russian DNS servers redirected Internet traffic through Russia several times earlier this month. The question is whether it's a test or a harbinger of things to come.
Why Hackers Are in Such High Demand, and How They're Affecting Business Culture
Commentary  |  12/14/2017  | 
White hat hackers bring value to organizations and help them defend against today's advanced threats.
Is a Good Offense the Best Defense Against Hackers?
Partner Perspectives  |  12/14/2017  | 
A proposed new law could make it legal for companies to hack back against attacker. But will it work?
Automation Could Be Widening the Cybersecurity Skills Gap
Commentary  |  12/13/2017  | 
Sticking workers with tedious jobs that AI can't do leads to burnout, but there is a way to achieve balance.
How Good Privacy Practices Help Protect Your Company Brand
Commentary  |  12/12/2017  | 
Follow these five guidelines to keep your organization's data protected.
Kaspersky Names WannaCry 'Vulnerability of the Year'
Simon Marshall  |  12/12/2017  | 
Of all the breaches, malware and ransomware that security researchers saw this year, WannaCry had the greatest effect, according to Kaspersky Labs.
enSilo Researchers: Your NTFS Transactions Belong to Us
Larry Loeb  |  12/11/2017  | 
A pair of researchers from enSilo have disclosed how they created a new vulnerability within Windows-based systems that can compromise NTFS transactions, and the worst part is that security vendors are not prepared.
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Commentary  |  12/11/2017  | 
The number of unfilled jobs in our industry continues to grow. Here's why.
What Slugs in a Garden Can Teach Us About Security
Commentary  |  12/8/2017  | 
Design principles observed in nature serve as a valuable model to improve organizations' security approaches.
Startup Attivo Advocates for 'Deceptive' Security Protection
Simon Marshall  |  12/8/2017  | 
When it comes to security, how deceptive should enterprises be to thwart cybercriminals? Attivo Networks and a number of other security startups are advocating a different approach.
Ransomware Meets 'Grey's Anatomy'
Commentary  |  12/7/2017  | 
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
Equifax Breach Points to Similar Security Concerns Report
Simon Marshall  |  12/7/2017  | 
The Equifax breach earlier this year exposed more than 140 million personal records, shocking many people. However, a new Fortinet report shows that the vulnerabilities used in that attack are becoming more common.
Why Third-Party Security Is your Security
Partner Perspectives  |  12/7/2017  | 
Managing third-party risk isn't just a good idea, in many cases, it's the law. This security framework can help you minimize the threat.
Cyberattack: It Can't Happen to Us (Until It Does)
Commentary  |  12/6/2017  | 
Just because your small or medium-sized business isn't as well known as Equifax or Yahoo doesn't mean you're immune to becoming a cybercrime victim.
Crypto Wars: The Show That Never Ends
Larry Loeb  |  12/6/2017  | 
The German Interior Ministry is spearheading an effort to create a new law that would require tech companies to provide backdoors for a range of devices. It's the latest salvo in the war over encryption.
Improve Signal-to-Noise Ratio with 'Content Curation:' 5 Steps
Commentary  |  12/5/2017  | 
By intelligently managing signatures, correlation rules, filters and searches, you can see where your security architecture falls down, and how your tools can better defend the network.
The Security Risk Lurking in the Board of Directors
Simon Marshall  |  12/5/2017  | 
Corporate boards are a significant security concern, according to new research from Palo Alto Networks. However, there are ways for CSOs to mitigate this internal threat.
The Rising Dangers of Unsecured IoT Technology
Commentary  |  12/4/2017  | 
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
Device Servers May Have Leaked Telnet Passwords for Years
Larry Loeb  |  12/4/2017  | 
A security researcher has found that servers that connect older, industrial hardware to the Internet have been leaking Telnet passwords, possibly for years.
Wearables Bring Privacy & Security Headaches to the Enterprise
Curt Franklin  |  12/1/2017  | 
A new generation of wearables is creating a new level of vulnerability for business networks.
Identity Issues: A Friday Haiku
Curt Franklin  |  12/1/2017  | 
Identity matters; the real question is how to figure out who you really are.
Email Bug Shows Flaws in Reporting System
Larry Loeb  |  12/1/2017  | 
When one of the world's most commonly used email applications doesn't have a bug-reporting system, things get very public very quickly.
Deception: Why It's Not Just Another Honeypot
Commentary  |  12/1/2017  | 
The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7700
PUBLISHED: 2020-08-14
All versions of phpjs are vulnerable to Prototype Pollution via parse_str.
CVE-2020-7701
PUBLISHED: 2020-08-14
madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue.
CVE-2020-9228
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2020-9229
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2019-19643
PUBLISHED: 2020-08-14
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.