Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in June 2020
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Commentary  |  6/30/2020  | 
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
3 Ways to Flatten the Health Data Hacking Curve
Commentary  |  6/30/2020  | 
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
Commentary  |  6/29/2020  | 
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Commentary  |  6/26/2020  | 
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
Contact Tracing & Threat Intel: Broken Tools & Processes
Commentary  |  6/25/2020  | 
How epidemiology can solve the people problem in security.
Better Collaboration Between Security & Development
Commentary  |  6/25/2020  | 
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.
Average Cost of a Data Breach: $116M
Commentary  |  6/24/2020  | 
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
Rethinking Enterprise Access, Post-COVID-19
Commentary  |  6/24/2020  | 
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
5 Steps for Implementing Multicloud Identity
Commentary  |  6/23/2020  | 
Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations.
Long-Term Effects of COVID-19 on the Cybersecurity Industry
Commentary  |  6/22/2020  | 
The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.
'New Normal' Caption Contest Winners
Commentary  |  6/19/2020  | 
Competitors submitted lots of clever virus puns, and the prizes go to ...
How to Secure Machine Learning
Expert Insights  |  6/19/2020  | 
Part two of a series on avoiding potential security risks with ML.
The Bigger the News, the Bigger the Cyber Threats
Commentary  |  6/18/2020  | 
Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.
CISO Dialogue: How to Optimize Your Security Budget
Commentary  |  6/18/2020  | 
CISOs are never going to have all the finances they want. Hard choices must be made. The CISO of Amazon Prime Video discusses his approaches to a slimmed-down budget.
3 Things Wilderness Survival Can Teach Us About Email Security
Commentary  |  6/17/2020  | 
It's a short hop from shows like 'Naked and Afraid' and 'Alone' to your email server and how you secure it
Too Big to Cyber Fail?
Commentary  |  6/17/2020  | 
How systemic cyber-risk threatens US banks and financial services companies
Ransomware from Your Lawyer's Perspective
Commentary  |  6/16/2020  | 
Three good reasons why your incident response team's first call after a data breach should be to outside counsel.
IoT Security Trends & Challenges in the Wake of COVID-19
Commentary  |  6/16/2020  | 
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here's why.
The Bright Side of the Dark Web
Commentary  |  6/15/2020  | 
As the hitmen and fraudsters retreat, the Dark Web could become freedom's most important ally.
Building Security into Software
Expert Insights  |  6/12/2020  | 
Part 1 of a two-part series about securing machine learning.
The Future Will Be Both Agile and Hardened
Commentary  |  6/12/2020  | 
What COVID-19 has taught us about the digital revolution.
The Hitchhiker's Guide to Web App Pen Testing
Commentary  |  6/11/2020  | 
Time on your hands and looking to learn about web apps? Here's a list to get you started.
What COVID-19 Teaches Us About Social Engineering
Commentary  |  6/11/2020  | 
Unless we do something proactively, social engineering's impact is expected to keep getting worse as people's reliance on technology increases and as more of us are forced to work from home.
The Telehealth Attack Surface
Commentary  |  6/10/2020  | 
Amid the surge in digital healthcare stemming from the coronavirus pandemic, security is taking a backseat to usability.
3 Ways the Pandemic Will Affect Enterprise Security in the Future
Commentary  |  6/10/2020  | 
While CISOs have been focused on immediate threats, it's time to look ahead to what a post-COVID-19 future will look like.
Will Vote-by-App Ever Be Safe?
Commentary  |  6/9/2020  | 
Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders.
CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond
Commentary  |  6/9/2020  | 
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.
Safeguard Your Remote Workforce
Commentary  |  6/8/2020  | 
DDoS attacks on VPN servers can not only bring remote work to a standstill but also cut off admins from accessing their systems. Here are three ways to stay safer.
The Privacy & Security Outlook for Businesses Post-COVID-19
Commentary  |  6/5/2020  | 
Long-term business needs -- and the ethical implications that result -- don't simply go away just because we're navigating a global health crisis.
Strengthening Secure Information Sharing Through Technology & Standards
Commentary  |  6/4/2020  | 
How data sharing, innovation, and regulatory standardization can make it easier for organizations to both contribute and consume critical threat intelligence.
Could Automation Kill the Security Analyst?
Commentary  |  6/4/2020  | 
Five skills to ensure job security in the Age of Automation.
What Government Contractors Need to Know About NIST, DFARS Password Reqs
Commentary  |  6/3/2020  | 
Organizations that fail to comply with these rules can get hit with backbreaking fines and class-action lawsuits.
Social Distancing for Healthcare's IoT Devices
Commentary  |  6/3/2020  | 
Security pros need to double down around prevention of lateral movement by attackers, especially if IoT devices are connected to the network.
Risk Assessment & the Human Condition
Commentary  |  6/2/2020  | 
Five lessons the coronavirus pandemic can teach security professionals to better assess, monitor, manage, and mitigate organizational risk.
Banking on Data Security in a Time of Insecurity
Commentary  |  6/2/2020  | 
How banks can maintain security and data integrity in the middle of a pandemic.
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Commentary  |  6/1/2020  | 
Without the right tools and with not enough cybersecurity pros to fill the void, the talent gap will continue to widen.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...