Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in June 2021
3 Things Every CISO Wishes You Understood
Commentary  |  6/30/2021  | 
Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers.
Is Compliance-Only Security Giving Cybercriminals Your Security Playbook?
Commentary  |  6/30/2021  | 
Compliance-only security strategies aren't working. CISOs should squarely focus on being secure while achieving compliance.
Technology's Complexity and Opacity Threaten Critical Infrastructure Security
Commentary  |  6/29/2021  | 
Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.
3 Ways Cybercriminals Are Undermining MFA
Commentary  |  6/29/2021  | 
Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.
The Role of Encryption in Protecting LGBTQ+ Community Members
Commentary  |  6/28/2021  | 
The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution -- and strong encryption is a critical part of this equation.
School's Out for Summer, but Don't Close the Book on Cybersecurity Training
Commentary  |  6/25/2021  | 
Strengthening their security posture should be at the top of school IT departments' summer to-do list.
Boardroom Perspectives on Cybersecurity: What It Means for You
Commentary  |  6/24/2021  | 
Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.
Storms & Silver Linings: Avoiding the Dangers of Cloud Migration
Commentary  |  6/24/2021  | 
We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?
When Will Cybersecurity Operations Adopt the Peter Parker Principle?
Commentary  |  6/23/2021  | 
Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.
Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021
Commentary  |  6/23/2021  | 
Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.
Identity Eclipses Malware Detection at RSAC Startup Competition
Commentary  |  6/22/2021  | 
All 10 finalists in the Innovation Sandbox were focused on identity, rather than security's mainstay for the last 20 years: Malware detection.
Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started
Commentary  |  6/22/2021  | 
Don't overlook crisis communications in your cybersecurity incident response planning.
Are Ransomware Attacks the New Pandemic?
Commentary  |  6/21/2021  | 
Ransomware has been a problem for decades, so why is government just now beginning to address it?
4 Habits of Highly Effective Security Operators
Commentary  |  6/18/2021  | 
These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small.
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Commentary  |  6/17/2021  | 
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.
Mission Critical: What Really Matters in a Cybersecurity Incident
Commentary  |  6/17/2021  | 
The things you do before and during a cybersecurity incident can make or break the success of your response.
Cars, Medicine, Electric Grids: Future Hackers Will Hit Much More Than Networks in an IT/OT Integrated World
Commentary  |  6/16/2021  | 
Intelligent systems must include the right cybersecurity protections to prevent physical threats to operational technology.
Keeping Your Organization Secure When Dealing With the Unexpected
Commentary  |  6/16/2021  | 
There's no way to anticipate every possible scenario, but the right approach to business continuity can help you respond effectively in any situation.
Don't Get Stymied by Security Indecision
Commentary  |  6/16/2021  | 
You might be increasing cyber-risk by not actively working to reduce it.
What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain
Commentary  |  6/15/2021  | 
Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves.
How Does the Government Buy Its Cybersecurity?
Commentary  |  6/15/2021  | 
The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year.
Know Thy Enemy: Fighting Half-Blind Against Ransomware Won't Work
Commentary  |  6/14/2021  | 
We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that.
Name That Toon: Sight Unseen
Commentary  |  6/14/2021  | 
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Colonial Pipeline Cyberattack Proves a Single Password Isn't Enough
Commentary  |  6/14/2021  | 
Since the attack, it's been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital.
Secure Access Trade-offs for DevSecOps Teams
Commentary  |  6/11/2021  | 
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.
The Workforce Shortage in Cybersecurity Is a Myth
Commentary  |  6/10/2021  | 
What we really have is an automation-in-the-wrong-place problem.
Deepfakes Are on the Rise, but Don't Panic Just Yet
Commentary  |  6/10/2021  | 
Deepfakes will likely give way to deep suspicion, as users try to sort legitimate media from malicious.
Cyber Is the New Cold War & AI Is the Arms Race
Commentary  |  6/10/2021  | 
Continual cyberattacks have pushed us into a new kind of Cold War, with artificial intelligence the basis of this new arms race.
With Cloud, CDO and CISO Concerns Are Equally Important
Commentary  |  6/9/2021  | 
Navigated properly, a melding of these complementary perspectives can help keep an organization more secure.
Hardening the Physical Security Supply Chain to Mitigate the Cyber-Risk
Commentary  |  6/9/2021  | 
Nick Smith, Regional Manager at Genetec, details how physical security professionals can improve their resilience to cyberattacks by reviewing the cybersecurity policies of those they work with in the supply chain. This includes everyone from component vendors to installers and engineers.
Ransomware Is Not the Problem
Commentary  |  6/9/2021  | 
Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.
How Employees Can Keep Their 401(k)s Safe From Cybercriminals
Commentary  |  6/8/2021  | 
As retirement fund balances grow, cybercriminals are becoming more brazen in their efforts to deplete people's savings.
Cyber Resilience: The Emerald City of the Security World
Commentary  |  6/8/2021  | 
Small and midsize businesses and managed service providers must use their heart, brain, and courage as they follow the Yellow Brick Road to cyber resilience.
An Answer to APP Scams You Can Bank On
Commentary  |  6/8/2021  | 
Financial institutions' usual fraud-detection methods can't detect most authorized push payment (APP) scams, putting customers and banks at risk.
Cartoon Caption Winner: Road Trip
Commentary  |  6/7/2021  | 
And the winner of Dark Reading's cartoon caption contest is ...
Cyber Athletes Compete to Form US Cyber Team
Commentary  |  6/7/2021  | 
Here's how security pros can showcase value to future employers: a field of friendly strife to measure their aptitude against competitors.
The US Must Redefine Critical Infrastructure for the Digital Era
Commentary  |  6/7/2021  | 
The template being used to manage essential connectivity isn't just outdated, it's actively counter-productive.
What the FedEx Logo Taught Me About Cybersecurity
Commentary  |  6/4/2021  | 
Cyber threats are staring you in the face, but you can't see them.
The Perfect Storm for PAM to Grow In
Commentary  |  6/4/2021  | 
With more staff working remotely, privileged access management (or PAM) has never been more important. Market forecasts, drivers, and trends are explored.
The True Cost of a Ransomware Attack
Commentary  |  6/3/2021  | 
Companies need to prepare for the costs of an attack now, before they get attacked. Here's a checklist to help.
The Colonial Pipeline Attack Is Your Boardroom Wake-Up Call
Commentary  |  6/3/2021  | 
Why business leaders must adopt a risk-led approach to cybersecurity.
Is Your Adversary James Bond or Mr. Bean?
Commentary  |  6/2/2021  | 
Especially with nation-state attacks, its critical to assess whether you're up against jet fighter strength or a bumbler who tries to pick locks.
Chaos for the Sake of Chaos? Yes, Nation-States Are That Cynical
Commentary  |  6/2/2021  | 
Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.
Return to Basics: Email Security in the Post-COVID Workplace
Commentary  |  6/1/2021  | 
As we reimagine the post-pandemic workplace, we must also reevaluate post-pandemic email security practices.
CISO Confidence Is Rising, but Issues Remain
Commentary  |  6/1/2021  | 
New research reveals how global CISOs dealt with COVID-19 and their plans for 20222023.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41154
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.1...
CVE-2021-41155
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix...
CVE-2021-41152
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
CVE-2021-41153
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...
CVE-2021-41156
PUBLISHED: 2021-10-18
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft ...