Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in February 2018
Page 1 / 2   >   >>
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018  | 
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
How to Secure 'Permissioned' Blockchains
Commentary  |  2/28/2018  | 
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
OMG: Mirai Botnet Finds New Life, Again
Larry Loeb  |  2/28/2018  | 
The Mirai botnet refuses to die. This time, it has spawned a new bot called OMG, which Fortinet researchers have seen in the wild, and it's turning IoT devices into proxy servers.
Virtual Private Networks: Why Their Days Are Numbered
Partner Perspectives  |  2/28/2018  | 
As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.
GDPR: The New Price We Pay for Data Privacy
Simon Marshall  |  2/28/2018  | 
When the EU's GDPR regulations come into effect in May, the rules around how companies and individuals regard data privacy will change forever. Even for those outside Europe, this could be an expensive journey to take.
March Dark Reading Event Calendar Spans BlackOps to SecDevOps
Commentary  |  2/27/2018  | 
These upcoming webinars will help you comprehend the mysterious machinations inside the minds of hackers and in-house developers.
Security Starts with the User Experience
Commentary  |  2/27/2018  | 
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.
Incident 'Management': What IT Security Can Learn from Public Safety
Commentary  |  2/27/2018  | 
How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.
4 Steps to Make Your Website GDPR Compliant
Dawn Kawamoto  |  2/27/2018  | 
Three months remain to whip your website into shape before the May 25 GDPR compliance deadline. Here are several steps to help you get there.
Misleading Cyber Foes with Deception Technology
Partner Perspectives  |  2/27/2018  | 
Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks.
Attackers Sell Growing Number of Legitimate SSL Certificates
Dawn Kawamoto  |  2/27/2018  | 
Network security applications performing deep packet inspections are increasingly getting duped by these rogue legitimate certificates, according to a new report.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018  | 
Expect more as the year goes on: more breaches, more IoT attacks, more fines
US Government Leads World in Data Breaches
Larry Loeb  |  2/26/2018  | 
US government agencies are leading the world when it comes to data breaches, and the issue seems to be getting worse, according to a new report. However, a shift to cloud may help alleviate some problems.
GDPR Non-Compliance: Will Your Enterprise Get Busted?
Dawn Kawamoto  |  2/26/2018  | 
GDPR enforcement begins May 25 and regulators are likely to focus on particular industries and types of companies, according to attorneys and analysts.
Leveraging Security to Enable Your Business
Commentary  |  2/23/2018  | 
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
Equifax, Intel Help Spur SEC to Update Cybersecurity Regulations
Larry Loeb  |  2/23/2018  | 
The Equifax data breach, along with problems at Intel, has spurred the Securities and Exchange Commission to update its rules about the disclosing of cybersecurity incidents that now puts greater responsibility on CEOs and other company officers.
Enabling Better Risk Mitigation with Threat Intelligence
Partner Perspectives  |  2/23/2018  | 
In order to get the maximum benefit from threat intel you need to be able to operationalize it. Here's how.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Commentary  |  2/22/2018  | 
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
Anatomy of an Attack on the Industrial IoT
Commentary  |  2/22/2018  | 
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
GDPR Blackmail Looms as a Double-Dip Cyber Attack Plan
Dawn Kawamoto  |  2/22/2018  | 
Cybercriminals' targeted attacks may also include extortion fees to keep their breaches quiet and out of the view of GDPR enforcers, researchers find.
Security Liability in an 'Assume Breach' World
Partner Perspectives  |  2/22/2018  | 
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
Takeaways from the Russia-Linked US Senate Phishing Attacks
Commentary  |  2/21/2018  | 
The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.
Coldroot RAT Sends Mac Antivirus Down a Maze
Larry Loeb  |  2/21/2018  | 
A new blog by a Digita Security researchers finds that Coldroot RAT, which specifically targets Mac and macOS users, is still eluding detection from different antivirus engines, even though it's available on GitHub.
Getting Started with IoT Security in Healthcare
Partner Perspectives  |  2/21/2018  | 
Theres a hazard that comes with introducing any new element into patient care whether it's a new drug or a connected device. These four steps will help keep patients safe.
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Commentary  |  2/20/2018  | 
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
Proactive Threat Hunting: Taking the Fight to the Enemy
Partner Perspectives  |  2/20/2018  | 
Pulling together everything your security team needs to be effective at threat hunting is not easy but it's definitely worthwhile. Here's why.
Cryptocurrency Crime: The Internet's New Wild West
Simon Marshall  |  2/20/2018  | 
The popularity of Bitcoin and other cryptocurrencies has opened the floodgates to different cybercrimes, scams and outright theft. A pair of reports from Cisco and Digital Shadows paints a portrait of this new Wild West of the Internet.
Microsoft Vulnerabilities More Than Doubled in 2017 Report
Larry Loeb  |  2/19/2018  | 
A comprehensive exam by security vendor Avecto found that the number of vulnerabilities in Microsoft's products increased from 234 to 685 between 2016 and 2017.
DDoS Today: No Safety Inside the Perimeter
Naim Falandino  |  2/19/2018  | 
For years, protecting the perimeter was believed to be the safest way to guard against DDoS. However, the cloud, IoT and new botnets have changed that thinking. Here's how CISOs and security pros should respond.
DoubleDoor IoT Botnet Is a Harbinger of Exploits to Come
Larry Loeb  |  2/16/2018  | 
NewSky researchers are looking into DoubleDoor, a new type of IoT botnet that combines two exploits together. It also shows what kind of security challenges lie ahead for the enterprise.
Rise of the 'Hivenet': Botnets That Think for Themselves
Commentary  |  2/16/2018  | 
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
UK Accuses Russia of Launching NotPetya Attacks
Dawn Kawamoto  |  2/16/2018  | 
The Kremlin and the Russian military used the NotPetya ransomware attack to target Ukrainian financial, energy and government centers, according to allegations the UK government made this week.
Democracy & DevOps: What Is the Proper Role for Security?
Commentary  |  2/15/2018  | 
Security experts need a front-row seat in the application development process but not at the expense of the business.
Kaspersky: Phishing Attack Attempts Soared 59% in 2017
Dawn Kawamoto  |  2/15/2018  | 
There has been dramatic, year-over-year growth in phishing attacks, following only a slight increase in 2016 and a two-digit decline in 2015, according to a report released by Kaspersky Lab.
From DevOps to DevSecOps: Structuring Communication for Better Security
Commentary  |  2/15/2018  | 
A solid approach to change management can help prevent problems downstream.
Mobile Malware Increases, While Hiding in Porn Sites
Simon Marshall  |  2/15/2018  | 
Porn and other adult content sites are helping to disguise an increase in mobile malware, which is targeting users embarrassed by their online browsing habits, according to new information from Kaspersky Labs.
The Mirai Botnet Is Attacking Again
Partner Perspectives  |  2/15/2018  | 
And the spinoff bots and all their command and control hostnames buried in the morass of digital data are hilarious.
3 Tips to Keep Cybersecurity Front & Center
Commentary  |  2/14/2018  | 
In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.
Fileless Malware: Not Just a Threat, but a Super-Threat
Commentary  |  2/14/2018  | 
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
Mozilla Leads the Way to Safer Browser Development
Larry Loeb  |  2/14/2018  | 
Mozilla is looking to make web browsers safer by adding new developer features into Firefox that should make the HTTPS protocol a must-have way to transmit for websites.
The GDPR Clock Is Running Out. Now What?
Partner Perspectives  |  2/14/2018  | 
Many organizations impacted by new European Union data privacy rules that go into effect May 25 are still blind to some of the basics.
Equifax Taps Former Home Depot Security Chief as New CISO
Dawn Kawamoto  |  2/14/2018  | 
Equifax, the embattled credit monitoring company is hoping the former Home Depot CISO can turn the beleaguered company's security around. After all, he's previously played cleanup man.
Can Android for Work Redefine Enterprise Mobile Security?
Commentary  |  2/13/2018  | 
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Commentary  |  2/13/2018  | 
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
Better Security Analytics? Clean Up the Data First!
Commentary  |  2/12/2018  | 
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
Tracking Bitcoin Wallets as IOCs for Ransomware
Commentary  |  2/12/2018  | 
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
Windows 10 Bypassing Passwords With Fujitu's PalmSecure Biometrics
Larry Loeb  |  2/12/2018  | 
Microsoft is looking to overcome the password dilemma by incorporating Fujitsu's PalmSecure biometric technology into Windows 10.
Back to Basics: AI Isn't the Answer to What Ails Us in Cyber
Commentary  |  2/9/2018  | 
The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.
Forcepoint Finds New Malware Hiding in PoS Machines
Larry Loeb  |  2/9/2018  | 
The malware, which resembles a LogMeIn service pack, can capture data from credit cards and then reproduce the card or other information. However, Forcepoint believes this strain of malware is still under development.
20 Signs You Need to Introduce Automation into Security Ops
Commentary  |  2/8/2018  | 
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
Page 1 / 2   >   >>


7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26649
PUBLISHED: 2020-10-22
AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php
CVE-2020-26650
PUBLISHED: 2020-10-22
AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php
CVE-2020-27533
PUBLISHED: 2020-10-22
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
CVE-2020-24033
PUBLISHED: 2020-10-22
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escala...
CVE-2020-27560
PUBLISHED: 2020-10-22
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.