Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in June 2013
Surrendering The Endpoint
Commentary  |  6/28/2013  | 
Imagine there’s no desktop...
The (Attack) Path To Prioritization
Commentary  |  6/28/2013  | 
Since you can't fix every vulnerability, you need to prioritize what needs to get done now and what doesn't. Using attack path data can help
Sextortion Warning: Masking Tape Time For Webcams
Commentary  |  6/27/2013  | 
"Camjacking" attacks activate your webcam and record your every move. Female images are in demand.
Online Privacy: We Just Don't Care
Commentary  |  6/26/2013  | 
Facebook leaked your data (again). Big Brother's watching everyone and everything. And Google is testing a "service" that sounds like you providing them a list of everything you own.
Ignoring Compliance Is A Real Option
Commentary  |  6/25/2013  | 
Security and compliance are commonly deferred by choice
Database Configuration Standards
Commentary  |  6/25/2013  | 
The trouble with database assessment and compliance
CrowdStrike Turns Security Fight Toward Attacker
Commentary  |  6/25/2013  | 
CrowdStrike Falcon platform is first to focus on the source of the attack, rather than stopping malware
Should You Use Software-Defined Flash Storage?
Commentary  |  6/24/2013  | 
"Software definition" leverages the processor's power to do things that used to require dedicated hardware. So, what does that mean for flash?
The Slippery Slope Of Security Invisibility
Commentary  |  6/23/2013  | 
Everyone seems to want security to just be there, invisible to end users. Everyone except the security industry, that is, if it wants to survive
Security Needs More Designers, Not Architects
Commentary  |  6/19/2013  | 
The better we design the user experience, the more we reduce our risk
Small Business, Big Target
Commentary  |  6/14/2013  | 
Why SMBs are a big target of hackers, regulators, and security-conscious partners--and what to do about it
0-Day The (Bug) Bounty Hunter
Commentary  |  6/13/2013  | 
Companies increasingly offer bug bounties to help find vulnerabilities and threats. This is an opportunity for those looking to get into security
Letter Of (Cyber) Marque And Reprisal
Commentary  |  6/13/2013  | 
Facilitating future 'hack back' programs
NSA Prism Whistleblower Snowden Deserves A Medal
Commentary  |  6/12/2013  | 
Without Snowden's leaks, we wouldn't be pursuing rational, democratic debates on the government's post-Sept. 11 balance between security and civil liberties.
Getting Out Of PRISM
Commentary  |  6/11/2013  | 
What we can learn from national security monitoring
Endpoint Data Protection: Tablet Trouble
Commentary  |  6/10/2013  | 
Backup managers should look at bringing endpoint protection in-house and using it to protect tablets.
Why Database Assessment?
Commentary  |  6/10/2013  | 
How FIS bungled the basics
NSA Prism: Inside The Modern Surveillance State
Commentary  |  6/10/2013  | 
The government's approach seems to be: "Collect first, ask questions later."
Putting Vulnerabilities And Threats Into Context
Commentary  |  6/7/2013  | 
Advanced security research should play a role in your security program and be ready when science projects become weaponized attacks
What To Ask Your Penetration Tester
Commentary  |  6/5/2013  | 
The importance of manual pen testing
DoS-in Your Database
Commentary  |  6/4/2013  | 
The re-emergence of database denial-of-service attacks
Building An Effective Security Architecture: No Piece Of Cake
Commentary  |  6/3/2013  | 
Enterprises need to put more thought, fewer products into their cyberdefense strategies
Can't Fix What You Hide
Commentary  |  6/3/2013  | 
Willful ignorance may be bliss, but rarely is it compliant
When Colleges Use Twitter As Help Desk
Commentary  |  6/3/2013  | 
Education IT leaders, your users are turning to Twitter to complain about the campus network and IT services. Are you responding effectively?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34761
PUBLISHED: 2021-10-27
A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete v...
CVE-2021-34762
PUBLISHED: 2021-10-27
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to ins...
CVE-2021-34763
PUBLISHED: 2021-10-27
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this adv...
CVE-2021-34764
PUBLISHED: 2021-10-27
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this adv...
CVE-2021-34781
PUBLISHED: 2021-10-27
A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper err...