Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in March 2017
Customized Malware: Confronting an Invisible Threat
Commentary  |  3/31/2017  | 
Hackers are gaining entry to networks through a targeted approach. It takes a rigorous defense to keep them out.
The Business of Security: How your Organization Is Changing beneath You
Commentary  |  3/30/2017  | 
And why its your job to change with it and skate where the puck is headed.
Payment Card Industry Security Compliance: What You Need to Know
Commentary  |  3/30/2017  | 
A quick refresher on all the different PCI SSC security standards that are relevant for organizations that accept electronic payments.
Privacy Babel: Making Sense of Global Privacy Regulations
Commentary  |  3/29/2017  | 
Countries around the world are making their own privacy laws. How can a global company possibly keep up?
To Gain Influence, CISOs Must Get Security's Human Element Right
Commentary  |  3/29/2017  | 
Focusing on certain elements of security in isolation can cause a false sense of security.
Network Operations Filled With Unplanned Activity
Curt Franklin  |  3/28/2017  | 
Network operations spends vast amounts of time reacting to events. What does that mean for your organization and its people?
Commercial IoT: Big Trouble in Small Devices
Commentary  |  3/28/2017  | 
There are endless scenarios where hackers could wreak havoc on the industrial Internet of Things. Theres also a readily available solution called HIP.
Exploit Kits: Winter 2017 Review
Partner Perspectives  |  3/28/2017  | 
We take another look at the current EK scene by going over RIG, Sundown, Neutrino and Magnitude.
How Identity Deception Increases the Success of Ransomware
Commentary  |  3/28/2017  | 
As scammers hone their skills, their handiwork looks more credible to intended victims, making a successful ransomware scam more likely.
This Week On Dark Reading: Event Calendar
Commentary  |  3/27/2017  | 
Ransomware remediation and recovery this week, with clouds on the horizon.
Data Visualization: Keeping an Eye on Security
Commentary  |  3/27/2017  | 
Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
Prioritizing Threats: Why Most Companies Get It Wrong
Commentary  |  3/24/2017  | 
To stay safer, focus on multiple-threat attack chains rather than on individual threats.
5 Ways CISOs Could Work Better with Their Cyber Insurers
Commentary  |  3/23/2017  | 
Risk management has become increasingly important, making it crucial companies have good relationships with their insurance company.
Security Takes the Stage at Oracle Industry Connect
Curt Franklin  |  3/22/2017  | 
Security is a supporting player at Oracle Industry Connect. Is it hero or villain to the assembled customers and partners?
Malware Explained: Packer, Crypter & Protector
Partner Perspectives  |  3/22/2017  | 
These three techniques can protect malware from analysis. Heres how they work.
Phishing Your Employees for Schooling & Security
Commentary  |  3/22/2017  | 
Your education program isn't complete until you test your users with fake phishing emails.
Report: OilRig' Attacks Expanding Across Industries, Geographies
Commentary  |  3/21/2017  | 
Malware targets Middle Eastern airlines, government, financial industries and critical infrastructure with a simple but powerful backdoor created by infected Excel files attached to phishing emails.
Getting Beyond the Buzz & Hype of Threat Hunting
Commentary  |  3/20/2017  | 
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it wont happen overnight.
Embrace the Machine & Other Goals for CISOs
Commentary  |  3/17/2017  | 
Here are five ways we can become more effective for our organizations.
In Cyber, Who Do We Trust to Protect the Business?
Commentary  |  3/16/2017  | 
If business leaders and directors continue to view cybersecurity as mainly a matter for the IT department, they will leave their companies exposed to significant risks.
Ethical Hacking: The Most Important Job No One Talks About
Commentary  |  3/16/2017  | 
If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.
DOJ Charges Russian Agents in Yahoo Breach
Craig Matsumoto  |  3/15/2017  | 
Officers of Russia's FSB led the 2014 intrusion into Yahoo's network, according to grand jury indictments.
Cloudbleed Lessons: What If There's No Lesson?
Curt Franklin  |  3/15/2017  | 
'There's nothing to be done,' isn't an encouraging lesson from a security disaster, but that may be the biggest takeaway from Cloudbleed.
Trust Begins With Layer 1 Encryption
Commentary  |  3/15/2017  | 
In todays distributed environment, cloud and communication service providers can play a key role in providing organizations with a scalable and secure platform for the connection of everything to everything. Heres how.
Security in the Age of Open Source
Commentary  |  3/15/2017  | 
Dramatic changes in the use of open source software over the past decade demands major changes in security testing regimens today. Here's what you need to know and do about it.
Debunking 5 Myths About DNS
Commentary  |  3/14/2017  | 
From the boardroom to IT and the end user, the Domain Name System is often misunderstood, which can leave organizations vulnerable to attacks.
7 Things You Need to Know about Bayesian Spam Filtering
Partner Perspectives  |  3/14/2017  | 
Knowing how spam filters work can clarify how some messages get through, and how your own emails can avoid being caught.
The Industrial Revolution of Application Security
Commentary  |  3/14/2017  | 
DevOps is driving big changes in the industry, but a cultural shift is needed.
What Your SecOps Team Can (and Should) Do
Commentary  |  3/13/2017  | 
If your organization has all of these pieces in place, congratulations!
This Week On Dark Reading: Events Calendar
Commentary  |  3/13/2017  | 
How to become a threat hunter, how to build a cybersecurity architecture that actually defends against today's risks, and much more...
IoT & Liability: How Organizations Can Hold Themselves Accountable
Commentary  |  3/10/2017  | 
To avoid a lawsuit, your company needs to better understand the state of your infrastructure and the devices and applications within it. Here are five areas on which to focus.
New Tachyon Promotes Ad Hoc Security Queries
Curt Franklin  |  3/9/2017  | 
1E's new Tachyon EDR system is designed without a database for faster random queries.
Mobile (In)security: Dark Reading Cartoon Caption Contest Winners
Commentary  |  3/9/2017  | 
Clever word play on mobile ransomware, cloud and the Internet of Things. And the winners are
Securing Todays 'Elastic Attack Surface'
Commentary  |  3/9/2017  | 
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
In a Cybersecurity Vendor War, the End User Loses
Commentary  |  3/8/2017  | 
When vulnerability information is disclosed without a patch available, users are the ones really being punished.
4 Ways to Recover from a Cyberattack
Partner Perspectives  |  3/8/2017  | 
Be prepared and act quickly are two key steps that will help you bounce back quickly from a cyberattack.
Trust, Cloud & the Quest for a Glass Wall around Security
Commentary  |  3/8/2017  | 
In the next year, were going to see a leap towards strategic, business-level objectives that can be resolved by simplifying infrastructure and granting greater visibility in real time.
WikiLeaks Strikes Again
Curt Franklin  |  3/8/2017  | 
WikiLeaks has release thousands of pages allegedly from CIA's Center for Cyber Intelligence. Just how bad is it?
Googles SHA-1 Countdown Clock Could Undermine Enterprise Security
Commentary  |  3/7/2017  | 
In the wake of a recently documented 'collision' attack, Google researchers should consider delaying the release of the code behind the crack until companies can roll out adequate patches. Here's why
A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
Commentary  |  3/7/2017  | 
A researcher gives us a glimpse into what happened when he found a problem with an IoT device.
New Yorks Cyber Regulations: How to Take Action & Whos Next
Commentary  |  3/6/2017  | 
Even if your company isnt directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.
Adware vs. Ad Fraud: Viva la Difference!
Partner Perspectives  |  3/6/2017  | 
Both earn their money in the advertising trade but they each have very different means of operation and targets.
Threats Converge: IoT Meets Ransomware
Commentary  |  3/6/2017  | 
Ransomware is already a problem. The Internet of Things has had a number of security issues. What happens when the two combine?
How to Use & Share Customer Data without Damaging Trust
Commentary  |  3/3/2017  | 
These five tips for protecting consumer privacy will ensure that your customers will stay customers for the long run.
Three Years after Heartbleed, How Vulnerable Are You?
Commentary  |  3/2/2017  | 
You may have a problem lurking in your open source components and not know it. Start making a list...
Best Practices for Lowering Ransomware Risk
Commentary  |  3/1/2017  | 
The first step is to avoid falling prey in the first place. That means teaching your entire organization - from IT staff to executive management - how not to be a victim.
DNSSEC: Why Do We Need It?
Partner Perspectives  |  3/1/2017  | 
The number of signed domain names has grown considerably over the past two and a half years but some sectors are heavily lagging behind.
Insider Sabotage among Top 3 Threats CISOs Cant yet Handle
Partner Perspectives  |  3/1/2017  | 
These five steps can help your organizations limit the risks from disgruntled employees and user errors.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4662
PUBLISHED: 2020-08-14
IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233.
CVE-2019-20383
PUBLISHED: 2020-08-13
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
CVE-2020-24348
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24349
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVE-2020-7360
PUBLISHED: 2020-08-13
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was r...