Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in May 2020
Digital Distancing with Microsegmentation
Commentary  |  5/29/2020  | 
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.
3 SMB Cybersecurity Myths Debunked
Commentary  |  5/28/2020  | 
Small and midsize businesses are better at cyber resilience than you might think.
How Elite Protectors Operationalize Security Protection
Commentary  |  5/28/2020  | 
There is no silver bullet for cybersecurity. It takes the right people, with the right mindset, applying the right elements of good security from the data center to the SOC.
Standing Privilege: The Attacker's Advantage
Commentary  |  5/27/2020  | 
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
What the World's Elite Protectors Teach Us about Cybersecurity
Commentary  |  5/27/2020  | 
How to protect anyone and anything, from the perspective of a career Secret Service agent and former special operations marine.
Benefits of a Cloud-Based, Automated Cyber Range
Commentary  |  5/26/2020  | 
A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.
The Problem with Artificial Intelligence in Security
Commentary  |  5/26/2020  | 
Any notion that AI is going to solve the cyber skills crisis is very wide of the mark. Here's why.
How an Industry Consortium Can Reinvent Security Solution Testing
Commentary  |  5/21/2020  | 
By committing to independent testing to determine value, vendors will ensure that their products do what they say they do.
The Need for Compliance in a Post-COVID-19 World
Commentary  |  5/21/2020  | 
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
Digital Transformation Risks in Front-end Code
Commentary  |  5/20/2020  | 
Why making every front-end developer a DevSecOps expert will lead to a more holistic approach to web and native application security.
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Commentary  |  5/20/2020  | 
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
Long-Term Remote Work: Keeping Workers Productive & Secure
Commentary  |  5/19/2020  | 
The pandemic has changed how we get work done. Now, data security must catch up.
Cybersecurity Extends Far Beyond Security Teams & Everyone Plays a Part
Commentary  |  5/19/2020  | 
Security isn't about tools or technology; it's about establishing a broad, fundamental awareness and sense of responsibility among all employees.
The 3 Top Cybersecurity Myths & What You Should Know
Commentary  |  5/18/2020  | 
With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.
4 Challenges with Existing VPNs
Commentary  |  5/15/2020  | 
A VPN is a step in the right direction, but it's not the be-all and end-all when it comes to security and falls short in many ways.
Compliance as a Way to Reduce the Risk of Insider Threats
Commentary  |  5/14/2020  | 
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
Ensuring Business Continuity in Times of Crisis
Commentary  |  5/14/2020  | 
Three basic but comprehensive steps can help you and your organization get through adversity
The Problem with Automating Data Privacy Technology
Commentary  |  5/13/2020  | 
Managing complex and nuanced consumer rights requests presents a unique challenge for enterprises in today's regulated world of GDPR and CCPA. Here's why.
More Tips for Staying Safe While Working from Home
Commentary  |  5/13/2020  | 
While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.
The Modern SOC Demands New Skills
Commentary  |  5/12/2020  | 
Automation and other technologies are improving the organizational structure of the security operations center. This is ultimately for the better, but it means that roles will change too.
Coronavirus, Data Privacy & the New Online Social Contract
Commentary  |  5/12/2020  | 
How governments can protect personal privacy in contact tracing while saving peoples' lives
Rule of Thumb: USB Killers Pose Real Threat
Commentary  |  5/11/2020  | 
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
Why DevSecOps Is Critical for Containers and Kubernetes
Commentary  |  5/8/2020  | 
DevSecOps is a big and sometimes difficult shift for organizations. The key to success? Take small steps.
Now More Than Ever? Securing the Software Life Cycle
Commentary  |  5/7/2020  | 
The more things change, the more they stay the same. That's true for software security, even in these turbulent times.
Threat-Modeling Basics Using MITRE ATT&CK
Commentary  |  5/7/2020  | 
When risk managers consider the role ATT&CK plays in the classic risk equation, they have to understand the role of threat modeling in building a complete risk scenario.
When Achieving Deadpool Status Is a Good Thing
Commentary  |  5/6/2020  | 
It means attackers have been met with sufficient resistance that it's no longer worth their trouble and have moved on
Is CVSS the Right Standard for Prioritization?
Commentary  |  5/6/2020  | 
More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.
Malicious Use of AI Poses a Real Cybersecurity Threat
Commentary  |  5/5/2020  | 
We should prepare for a future in which artificially intelligent cyberattacks become more common.
Designing Firmware Resilience for 3 Top Attack Vectors
Commentary  |  5/5/2020  | 
Firmware has become an increasingly prevalent target for hackers. Here's how to stop them.
The Cybersecurity Hiring Conundrum: Youth vs. Experience
Commentary  |  5/4/2020  | 
How working together across the spectrum of young to old makes our organizations more secure.
Industrial Networks' Newest Threat: Remote Users
Commentary  |  5/1/2020  | 
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7700
PUBLISHED: 2020-08-14
All versions of phpjs are vulnerable to Prototype Pollution via parse_str.
CVE-2020-7701
PUBLISHED: 2020-08-14
madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue.
CVE-2020-9228
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2020-9229
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2019-19643
PUBLISHED: 2020-08-14
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.