Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in May 2018
Page 1 / 2   >   >>
The Good News about Cross-Domain Identity Management
Commentary  |  5/31/2018  | 
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
Commentary  |  5/31/2018  | 
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
Hands-Off Security: Automating & Virtualizing the Enterprise Network
Joe Stanganelli  |  5/31/2018  | 
A series of recent tech events demonstrate that enterprises are increasingly using virtualized automation to improve their network-security posture but perhaps no tool is perfect.
FBI & DHS Warn About 2 North Korea Malware Threats
Jeffrey Burt  |  5/31/2018  | 
The FBI and Department of Homeland Security are warning about North Korea's Hidden Cobra group, which is suspected of being behind the Joanap and Brambul threats that have targeted multiple countries for almost a decade.
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
Commentary  |  5/30/2018  | 
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
Getting Revolutionary (Not Evolutionary) about Cybersecurity
Commentary  |  5/30/2018  | 
Being a security revolutionary isn't purely about new, ground-breaking ideas. It's about anticipating, outpacing, and influencing your world, both internally and externally. Here are five keys to success.
Public Cloud, Part of the Network or Not, Remains a Security Concern
Alan Zeichick  |  5/30/2018  | 
Security in the public cloud is like asking who is responsible for securing your rented apartment you or the building owner?
Researchers Bypass AMD's SEV Hypervisor & Cause More Chip Concerns
Larry Loeb  |  5/30/2018  | 
Intel is not the only chip maker being tested these days. A group of German researchers have found a way around AMD's SEV hypervisor, leaving these processors open to attack.
How to Empower Today's 'cISOs'
Commentary  |  5/29/2018  | 
Although many security leaders have a C in their title, not all are true capital-C "Chiefs." Here are three ways to live up to the job description.
New Threats, Old Threats: Everywhere a Threat
Commentary  |  5/29/2018  | 
First-quarter data shows cryptojacking on the rise -- but don't count out some "classic" threats just yet.
An Industry In Transition: Key Tech Trends In 2018
Partner Perspectives  |  5/29/2018  | 
Z-Shave Attack Shows Why IoT Security Need More Attention
Larry Loeb  |  5/29/2018  | 
Pen Test Partners have discovered a new IoT vulnerability that researchers call Z-Shave. This shows why manufactures need to think much harder about building security into connected devices.
Bridging the Cybersecurity Talent Gap
Commentary  |  5/25/2018  | 
There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
IoT Security Concerns Include Pet Trackers, Kaspersky Finds
Jeffrey Burt  |  5/24/2018  | 
Kaspersky Lab researchers found BLE and weaknesses in the Android apps running on pet trackers can enable attackers to access user data from the IoT devices.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
GDPR Should Change Your Thinking About Network Firewalls
Alan Zeichick  |  5/24/2018  | 
Old-fashioned firewalls are an effective weapon for protecting the network incursions and data breaches, and that goes for the new era of GDPR that begins Friday as well.
FBI Knocks Out VPNFilter Malware That Infected 500K Routers
Larry Loeb  |  5/24/2018  | 
The VPNFilter botnet malware spread to 500,000 globally before the FBI knocked it out late in the day on May 23. However, it's another skirmish in the cyberfight between Russia and Ukraine.
The Good & Bad News about Blockchain Security
Commentary  |  5/23/2018  | 
Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.
Is Threat Intelligence Garbage?
Commentary  |  5/23/2018  | 
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
Spectre Number 4 Disclosure Raises Fresh Hardware Alarms
Larry Loeb  |  5/23/2018  | 
The latest side-channel vulnerability, dubbed Spectre Number 4, is raising new alarms about widespread issues in chips, beyond x86. However, this time, Intel is trying a different approach.
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Commentary  |  5/22/2018  | 
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
The State of Information Sharing 20 Years after the First White House Mandate
Commentary  |  5/22/2018  | 
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
Roaming Mantis Android Malware Expands Its Reach to iOS, Cryptomining
Jeffrey Burt  |  5/22/2018  | 
The rapidly evolving campaign that is Roaming Mantis now includes iOS devices, expansion into new regions around the world, additional cryptomining capabilities and it is becoming even more evasive.
Satori Botnet Plays Hidden Role in Cryptomining Scheme, Researchers Find
Larry Loeb  |  5/21/2018  | 
Several different researchers have found that recent attempts on TCP port 3333 is the work of a cryptomining scheme where the Satori botnet is playing a hidden part.
Get Smart About Network Segmentation & Traffic Routing
Partner Perspectives  |  5/21/2018  | 
Through a combination of intelligent segmentation and traffic routing to tools, you can gain much better visibility into your network. Here's how.
Check Point: Cryptomining Malware Targeting Vulnerable Servers
Jeffrey Burt  |  5/21/2018  | 
As the incidence of ransomware wanes, attackers are shifting to cryptocurrency mining malware as a less noisy, more lucrative alternative, according to a new Check Point study.
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Commentary  |  5/21/2018  | 
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
How to Hang Up on Fraud
Commentary  |  5/18/2018  | 
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
Throwhammer & Nethhammer Show How Chips Are Vulnerable to Bit Flips
Larry Loeb  |  5/18/2018  | 
In a pair of papers released over the last week, researchers have shown how two different types of attacks, Throwhammer and Nethhammer, can cause a bit flip in chips by sending packets across a standard network.
The Risks of Remote Desktop Access Are Far from Remote
Commentary  |  5/17/2018  | 
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
Why Isn't Integrity Getting the Attention It Deserves?
Commentary  |  5/17/2018  | 
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
WannaCry: How the Notorious Worm Changed Ransomware
Jeffrey Burt  |  5/17/2018  | 
This week marked the one-year anniversary of the WannaCry ransomware attacks and its impact can still be seen in the form of such encrypting malware as NotPetya, BadRabbit and Olympic Destroyer.
Boosting Security Effectiveness with 'Adjuvants'
Partner Perspectives  |  5/17/2018  | 
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
Want Your Daughter to Succeed in Cyber? Call Her John
Commentary  |  5/16/2018  | 
It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.
Relax: PGP Is Still Secure
Larry Loeb  |  5/16/2018  | 
Talk about overreacting. After researchers claimed to have found some flaws in PGP, the industry lost its collective mind. Here's what is really happening.
Next-Generation Firewalls: Poorly Named but Essential to the Enterprise Network
Alan Zeichick  |  5/16/2018  | 
They may be stupidly named but they are essential for protecting enterprise assets that span on-premises servers, IaaS and PaaS clouds, as well as virtual machines.
Taming the Chaos of Application Security: 'We Built an App for That'
Commentary  |  5/15/2018  | 
Want to improve the state of secure software coding? Hide the complexity from developers.
UNC Researchers Pitch Framework to Fight Password Reuse
Jeffrey Burt  |  5/15/2018  | 
The proposal from two security researchers at the University of North Carolina would entail creating a protocol that would enable websites and service providers to block attempts by individuals trying to use the same password for multiple sites.
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Commentary  |  5/14/2018  | 
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
Radware: Nigelthorn Malware Hiding in Google Chrome Extensions
Larry Loeb  |  5/14/2018  | 
A new type of malware called Nigelthorn is hiding in Google Chrome extensions and hijacking victims as part of an elaborate cryptomining scheme, Radware reports.
The New Security Playbook: Get the Whole Team Involved
Commentary  |  5/11/2018  | 
Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.
ZooPark Malware Targets Android Users in Middle East, Kaspersky Finds
Jeffrey Burt  |  5/11/2018  | 
The ZooPark malware that has infected Android phones has evolved rapidly over the past three years and can now steal data ranging from browser histories to photos, videos and keylogs as well as information from external apps.
Microsoft's JavaScript Update for Excel Is a Gift to Cryptominers
Larry Loeb  |  5/11/2018  | 
At Build 2018, Microsoft revealed a new JavaScript features that is supposed to add new functionality into Excel. However, it's also a gift for those who want to indulge in cryptomining schemes.
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
Commentary  |  5/10/2018  | 
With the addition of secure enclaves, secure boot, and related features of "Clear," the only ones that will be able to test this code are Apple, well-resourced nations, and vendors who sell jailbreaks.
Ready or Not: Transport Layer Security 1.3 Is Coming
Commentary  |  5/10/2018  | 
Better encryption could mean weaker security if you're not careful.
Cisco: As Business Users Go Mobile, So Do Attackers
Jeffrey Burt  |  5/10/2018  | 
Cisco monitored the wireless traffic at the MWC show in February and found more than 32,000 security events and high use of encryption, though some applications used outdated protocols.
Electroneum Cryptomining Targets Microsoft IIS 6.0 Vulnerability
Partner Perspectives  |  5/10/2018  | 
New campaign shows that there are still systems exposed to the year-old CVE20177269 vuln on an operating system that was declared end-of-life three years ago.
20 Signs You Are Heading for a Retention Problem
Commentary  |  5/9/2018  | 
If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Commentary  |  5/9/2018  | 
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27652
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27653
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27654
PUBLISHED: 2020-10-29
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
CVE-2020-27655
PUBLISHED: 2020-10-29
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
CVE-2020-27656
PUBLISHED: 2020-10-29
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.