Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in February 2015
Cyber Intelligence: Defining What You Know
Commentary  |  2/27/2015  | 
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
How to Strengthen Enterprise Defenses against Ransomware
Partner Perspectives  |  2/26/2015  | 
Eight essential ways that companies can enforce their borders.
How To Reduce Spam & Phishing With DMARC
Commentary  |  2/26/2015  | 
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
Five Easiest Ways to Get Hacked Part 2
Partner Perspectives  |  2/25/2015  | 
Continuing a conversation with principal security consultant Amit Bagree
Customers Arent the Only Victims: 5 Stages Of Data Breach Grief
Commentary  |  2/25/2015  | 
What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.
From Hacking Systems To Hacking People
Commentary  |  2/24/2015  | 
New low-tech attack methods like visual hacking demand an information security environment that values data privacy and a self-policing culture.
Blackhat, The Movie: Good, Bad & Ridiculous
Commentary  |  2/23/2015  | 
It didnt take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
Who Cares Whos Behind A Data Breach?
Commentary  |  2/20/2015  | 
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
Our Governments Are Making Us More Vulnerable
Commentary  |  2/19/2015  | 
Stuxnet opened Pandoras box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
Five Easiest Ways to Get Hacked Part 1
Partner Perspectives  |  2/18/2015  | 
A conversation with principal security consultant Amit Bagree.
How We Can Prevent Another Anthem Breach
Commentary  |  2/18/2015  | 
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
How To Get More Involved In The IT Security Community
Commentary  |  2/18/2015  | 
Dark Reading Radio offers tips on how to network with your IT security peers, learn more about the industry and the profession, and participate in community outreach
Cyberespionage: Youre Not Paranoid, Someone Is Spying on Your Company
Partner Perspectives  |  2/17/2015  | 
Its time for all of your counter-espionage tools to work together.
Why The USA Hacks
Commentary  |  2/17/2015  | 
The U.S. government views cyberspace as just another theater of war akin to air, land and sea, and it operates in the domain for one basic reason: national defense.
Sony Hack: Poster Child For A New Era Of Cyber Attacks
Commentary  |  2/13/2015  | 
What made the Sony breach unique is the combination of four common tactics into a single orchestrated campaign designed to bend a victim to the will of the attackers.
Five Techniques to Keep Employees Computing Secure
Partner Perspectives  |  2/12/2015  | 
With BYOD on the rise, these tips can help IT staff mitigate security risks, from mobile devices to data centers.
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Commentary  |  2/11/2015  | 
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
How Malware Bypasses Our Most Advanced Security Measures
Commentary  |  2/10/2015  | 
We unpack three common attack vectors and five evasion detection techniques.
Bridging the Cybersecurity Skills Gap: 3 Big Steps
Commentary  |  2/9/2015  | 
The stakes are high. Establishing clear pathways into the industry, standardizing jobs, and assessing skills will require industry-wide consensus and earnest collaboration.
Why Israel Hacks
Commentary  |  2/5/2015  | 
Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran.
Shifting Paradigms: The Case for Cyber Counter-Intelligence
Commentary  |  2/4/2015  | 
Cyber Counter-Intelligence and traditional information security share many aspects. But CCI picks up where infosec ends -- with an emphasis on governance, automation, timeliness, and reporting.
Banking Trojan Lurks Inside Innocent Fax Messages, Bitdefender Warns
Partner Perspectives  |  2/3/2015  | 
Threat uses server-side polymorphism technique to bypass antivirus software.
Proposed Federal Data Breach Law Is Nice Gesture But No Panacea
Commentary  |  2/3/2015  | 
President Obamas SOTU proposal demonstrates the growing importance of data protection for individuals but does little to address compliance complexities for business.
The Complicated Relationship Among Security, Privacy & Legislation
Partner Perspectives  |  2/2/2015  | 
The pace and advances in technology are greatly outstripping the capacity of government to effectively regulate.


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31607
PUBLISHED: 2021-04-23
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function...
CVE-2021-31597
PUBLISHED: 2021-04-23
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
CVE-2021-2296
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2297
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2298
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...