Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in June 2015
Securing Critical Infrastructure
Partner Perspectives  |  6/30/2015  | 
Protecting the Industrial Internet of Things from cyberthreats is a national priority.
Getting To Yes: Negotiating Technology Innovation & Security Risk
Commentary  |  6/30/2015  | 
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
Cyber Resilience And Spear Phishing
Partner Perspectives  |  6/29/2015  | 
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks.
Social Engineering & Black Hat: Do As I Do Not As I Say
Commentary  |  6/29/2015  | 
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
3 Simple Steps For Minimizing Ransomware Exposure
Commentary  |  6/26/2015  | 
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
What Do You Mean My Security Tools Dont Work on APIs?!!
Commentary  |  6/25/2015  | 
SAST and DAST scanners havent advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
Breach Defense Playbook: Cybersecurity Governance
Partner Perspectives  |  6/25/2015  | 
Time to leave the island: Integrate cybersecurity into your risk management strategy.
Breach Defense Playbook: Incident Response Readiness (Part 2)
Partner Perspectives  |  6/24/2015  | 
Will your incident response plan work when a real-world situation occurs?
The Secret Of War Lies In The Communications --Napoleon
Partner Perspectives  |  6/24/2015  | 
DXL helps organizations keep an eye on external and internal threats using relevant information in real time.
Why China Wants Your Sensitive Data
Commentary  |  6/24/2015  | 
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
Breach Defense Playbook: Incident Response Readiness (Part 1)
Partner Perspectives  |  6/23/2015  | 
Will your incident response plan work when a real-world situation occurs?
The Dark Web: An Untapped Source For Threat Intelligence
Commentary  |  6/23/2015  | 
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Heres how.
What You Probably Missed In Verizon's Latest DBIR
Commentary  |  6/22/2015  | 
Tune in to Dark Reading Radio at 1pm ET/11am Pacific on Wednesday, June 24, when Verizon Data Breach Investigations Report co-author Marc Spitler discusses some of the possibly lesser-noticed nuggets in the industry's popular report on real-world attacks.
Breach Defense Playbook: Open Source Intelligence
Partner Perspectives  |  6/22/2015  | 
Do you know what information out there is putting you at risk?
Security Surveys: Read With Caution
Commentary  |  6/22/2015  | 
Im skeptical of industry surveys that tell security practitioners what they already know. Dont state the obvious. Tell us the way forward.
9 Questions For A Healthy Application Security Program
Commentary  |  6/19/2015  | 
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
An Effective Community Is More Than Just An Online Forum
Partner Perspectives  |  6/19/2015  | 
It is important to develop a strong base of contributors who can communicate effectively, answer questions, and summarize issues.
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 2)
Partner Perspectives  |  6/18/2015  | 
Cybersecurity requires a combination of people, process, and technology in a coordinated implementation leveraging a defense-in-depth methodology.
Cybersecurity Advice From A Former White House CIO
Commentary  |  6/18/2015  | 
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 1)
Partner Perspectives  |  6/17/2015  | 
How does your cybersecurity program compare to your industry peers?
Time to Focus on Data Integrity
Commentary  |  6/17/2015  | 
Information security efforts have historically centered on data theft. But cybercriminals who alter corporate records and personal information can also cause serious harm.
Is Your Security Operation Hooked On Malware?
Commentary  |  6/16/2015  | 
It may seem counterintuitive, but an overzealous focus on malware may be preventing you from detecting even bigger threats.
Lessons Learned From The Ramnit Botnet Takedown
Commentary  |  6/15/2015  | 
While most organizations wont find themselves in similar circumstances, there are important takeaways they can apply to any security program.
Survival Tips For The Security Skills Shortage
Commentary  |  6/12/2015  | 
No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.
Breach Defense Playbook: Hunting For Breach Indicators
Partner Perspectives  |  6/11/2015  | 
Do you proactively hunt for malware on your network, or do you wait for your tools to tell you?
The Promises And Perils Of The Healthcare Internet Of Things
Partner Perspectives  |  6/11/2015  | 
Connected devices are working wonders for managing treatment, but their integration with consumer technology and cloud computing raises significant security issues.
From GitHub to Great Cannon: A Mid-Year Analysis Of DDoS Attacks
Commentary  |  6/11/2015  | 
The new and common face of DDoS today is its use as a smokescreen to conceal malicious activity in an overwhelming burst of traffic that stretch security layers to the brink.
Breach Defense Playbook: Assessing Your Security Controls
Partner Perspectives  |  6/10/2015  | 
Do you include physical security as part of your cybersecurity risk management plan?
Why the Firewall is Increasingly Irrelevant
Commentary  |  6/10/2015  | 
It will take a dramatic reimagining of security to dedicate focus to the areas where company data actually resides. It starts with tearing down the firewall.
Firewalls Sustain Foundation of Sound Security
Commentary  |  6/10/2015  | 
Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised.
Breach Defense Playbook: Assessing Your Cybersecurity Engineering
Partner Perspectives  |  6/9/2015  | 
Is your cybersecurity infrastructure robust enough to defend against future attacks?
Security Metrics: Its All Relative
Commentary  |  6/9/2015  | 
What a haircut taught me about communicating the value of security to executives and non-security professionals.
Beware of Emails Bearing Gifts
Partner Perspectives  |  6/9/2015  | 
A security-connected framework can help your organization thwart cybercrime.
7 Critical Criteria for Data Encryption In The Cloud
Commentary  |  6/8/2015  | 
Encrypting the huge number of data files stored in a public cloud today is like bubble-wrapping an entire house. Better to focus on the fragile items that matter.
Long Cons: The Next Age of Cyber Attacks
Commentary  |  6/5/2015  | 
When hackers know that a big payday is coming they dont mind waiting for months for the best moment to strike.
Securing Private and Hybrid Clouds
Partner Perspectives  |  6/4/2015  | 
As-a-service models offer huge opportunities, but also complicate security.
How The Hacker Economy Impacts Your Network & The Cloud
Commentary  |  6/4/2015  | 
To protect data against growing threats, networks must now act as both sensor and enforcer around traffic that passes through users and data centers to the cloud.
Help Wanted: Security Heroes & Heroines Only Need Apply
Commentary  |  6/3/2015  | 
If we want to do more than simply defend ourselves, we need security champions and equally heroic security solutions.
Shaping A Better Future For Software Security
Commentary  |  6/2/2015  | 
Industry and government leaders discuss ways to improve practices, awareness and education around secure software development. Heres a recap of what you missed.
Todays Requirements To Defend Against Tomorrows Insider Threats
Commentary  |  6/1/2015  | 
At its most basic, a consistent and meaningful insider threat detection program has two components: data and people. Heres how to put them together.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27388
PUBLISHED: 2020-10-23
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.