Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in April 2018
<<   <   Page 2 / 2
Serverless Architectures: A Paradigm Shift in Application Security
Commentary  |  4/9/2018  | 
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
Cisco Warns of Possible Smart Install Client Hacking
Larry Loeb  |  4/9/2018  | 
Following an alert by US-CERT about possible hacking by foreign governments, Cisco is warning customers about a port vulnerability in the company's legacy Smart Install Client.
Protect Yourself from Online Fraud This Tax Season
Commentary  |  4/6/2018  | 
Use these tips to stay safe online during everyone's least-favorite time of the year.
Stripping the Attacker Naked
Commentary  |  4/6/2018  | 
How cyber threat intelligence can help you gain a better understanding of the enemy and why that gives security teams the upper hand.
Don't Call AWS' CloudFront Hijacking Problem a Vulnerability
Larry Loeb  |  4/6/2018  | 
Amazon Web Service might be the biggest of the big cloud providers, but it still has some security concerns. A researcher has noticed the company is open to having its CloudFront service hijacked, but Amazon officials won't call it a vulnerability.
Startup PreVeil Challenging Cloud-Based Encryption Standards
Simon Marshall  |  4/6/2018  | 
Boston-based PreVeil is looking to change the way data is encrypted in the cloud, and it is butting heads with the bigger cloud storage providers to prove its point.
How to Build a Cybersecurity Incident Response Plan
Commentary  |  4/5/2018  | 
Being hit by a cyberattack is going to be painful. But it can be less painful if you're prepared, and these best practices can help.
Massive Data Breaches & Data Leak Hit Retail Industry in 1-2-3 Punch
Dawn Kawamoto  |  4/5/2018  | 
Panera Bread, Hudson Bay and Under Armour all took it on the chin within the last two weeks, falling prey to a round of cyber attacks that have hit the retail industry hard.
How Security Can Bridge the Chasm with Development
Commentary  |  4/5/2018  | 
Enhancing the relationships between security and engineering is crucial for improving software security. These six steps will bring your teams together.
Cryptomining: Fast-Becoming the Web's Most Profitable Attack Method
Partner Perspectives  |  4/5/2018  | 
The ROI of 'cryptojacking' has never been higher, making bitcoin and other cryptocurrencies a more attractive target for cybercriminals. Here's why.
Active Cyber Defense Is an Opportunity, Not a Threat
Commentary  |  4/4/2018  | 
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
YouTube Shooting Ignites Debate Over Merging Physical & IT Security
Dawn Kawamoto  |  4/4/2018  | 
A woman shot and wounded three people at YouTube's headquarters on Tuesday, a tragic event that shines a light on the industry's long-running debate over whether physical and IT security departments should be merged under one roof.
Securing Retail Networks for an Omnichannel Future
Partner Perspectives  |  4/4/2018  | 
Retailers who haphazardly move to digital from a brick-and-mortar environment can leave their businesses open to significant cybersecurity vulnerabilities. Here's how to avoid the pitfalls.
Cloudflare vs. Google: Making DNS Protocol Better, More Secure
Larry Loeb  |  4/4/2018  | 
With the release of 1.1.1, Cloudflare is looking to make the DNS protocol better and more secure, while speeding up the Internet. Is this helping Google or leaving the company behind?
3 Security Measures That Can Actually Be Measured
Commentary  |  4/3/2018  | 
The massive budgets devoted to cybersecurity need to come with better metrics.
Android Crypto Mining Attacks Go for Monero
Dawn Kawamoto  |  4/3/2018  | 
Attackers hijacking Android devices to mine for cryptocurrencies are likely looking to score Monero, rather than other virtual currencies such as Bitcoin.
Is Security Accelerating Your Business?
Commentary  |  4/2/2018  | 
With an ever-growing list of security and compliance requirements, security can hinder or slow business initiatives. Is your security department stuck in slow gear or can it go faster?
Red Bull Powers Security Strategy With AI, Automation
Simon Marshall  |  4/2/2018  | 
When it comes to security, Red Bull is looking to close the gap by turning toward newer technologies, including automation, AI and machine learning.
Drupal RCE Vulnerability Requires Immediate Patching
Larry Loeb  |  4/2/2018  | 
A remote code execution vulnerability in several versions of Drupal's content management platform requires immediate patching by users. For its part, Drupal is getting out in front of this problem.
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...