Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in July 2020
3 Ways Social Distancing Can Strengthen Your Network
Commentary  |  7/31/2020  | 
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
5 Tips for Optimizing Your Company's Cyber-Crisis Preparedness
Commentary  |  7/30/2020  | 
Cyber-incident response often addresses short-term needs, but we need to broaden the view of crisis management to be more forward-thinking.
Black Hat Virtually: An Important Time to Come Together as a Community
Commentary  |  7/30/2020  | 
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
Using the Attack Cycle to Up Your Security Game
Commentary  |  7/30/2020  | 
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Commentary  |  7/29/2020  | 
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
The Future's Biggest Cybercrime Threat May Already Be Here
Commentary  |  7/29/2020  | 
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
Autonomous IT: Less Reacting, More Securing
Commentary  |  7/28/2020  | 
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
Commentary  |  7/28/2020  | 
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Commentary  |  7/27/2020  | 
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
Banning TikTok Won't Solve Our Privacy Problems
Commentary  |  7/24/2020  | 
Preventing the use of an apps based solely on its country of origin (no matter how hostile) is merely a Band-Aid that won't fully address all privacy and security concerns.
Data Privacy Challenges for California COVID-19 Contact Tracing Technology
Commentary  |  7/23/2020  | 
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.
Deepfakes & James Bond Research Project: Cool but Dangerous
Commentary  |  7/23/2020  | 
Open source software for creating deepfakes is getting better and better, to the chagrin of researchers
Ripple20's Effects Will Impact IoT Cybersecurity for Years to Come
Commentary  |  7/22/2020  | 
A series of newly discovered TCP/IP software vulnerabilities pose a threat to millions of IoT devices. Undiscovered since the early 1990s, they highlight the need to improve security in an increasingly precarious IoT supply chain.
The InfoSec Barrier to AI
Commentary  |  7/22/2020  | 
Information security challenges are proving to be a huge barrier for the artificial intelligence ecosystem. Conversely, AI is causing headaches for CISOs. Here's why.
Cybersecurity Lessons from the Pandemic
Commentary  |  7/22/2020  | 
How does cybersecurity support business and society? The pandemic shows us.
The Data Privacy Loophole Federal Agencies Are Still Missing
Commentary  |  7/21/2020  | 
Why knowledge-based authentication is leaving federal contact centers vulnerable to an increasingly sophisticated hacker community.
Leading Through Uncertainty: Be Proactive in Your Dark Web Intelligence Strategy
Commentary  |  7/21/2020  | 
Having a strong Dark Web intelligence posture helps security teams understand emerging vulnerability trends.
UK Data Privacy Legislation Cannot Be Bypassed to Limit Spread of COVID-19
Commentary  |  7/20/2020  | 
The UK faces GDPR data privacy challenges regarding its COVID-19 "Test and Trace" program. Despite the importance of contact tracing, its intent to ignore privacy legislation is extremely worrying.
What Organizations Need to Know About IoT Supply Chain Risk
Commentary  |  7/20/2020  | 
Here are some factors organizations should consider as they look to limit the risk posed by risks like Ripple20.
Cybersecurity Leaders: Invest In Your People
Commentary  |  7/16/2020  | 
Training, especially cross-training, is insanely powerful when team members are able to experience, train, and work together. It also builds trust.
Third-Party IoT Vulnerabilities: We Need a Cybersecurity Paradigm Shift
Commentary  |  7/16/2020  | 
The only entities equipped to safeguard Internet of Things devices against risks are the IoT device manufacturers themselves.
How Nanotechnology Will Disrupt Cybersecurity
Commentary  |  7/15/2020  | 
Tangible solutions related to cryptography, intelligent threat detection and consumer security are closer than you think.
Top 5 Questions (and Answers) About GRC Technology
Commentary  |  7/15/2020  | 
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.
'Make Your Bed' and Other Life Lessons for Security
Commentary  |  7/14/2020  | 
Follow this advice from a famous military commanders' commencement speech and watch your infosec team soar.
Crypto-Primer: Encryption Basics Every Security Pro Should Know
Commentary  |  7/14/2020  | 
With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques.
Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
Commentary  |  7/13/2020  | 
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Commentary  |  7/10/2020  | 
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Omdia Research Launches Page on Dark Reading
Commentary  |  7/9/2020  | 
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
Fight Phishing with Intention
Commentary  |  7/9/2020  | 
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
Pen Testing ROI: How to Communicate the Value of Security Testing
Commentary  |  7/9/2020  | 
There are many reasons to pen test, but the financial reasons tend to get ignored.
Fresh Options for Fighting Fraud in Financial Services
Commentary  |  7/8/2020  | 
Fraud prevention requires a consumer-centric, data sharing approach.
Why Cybersecurity's Silence Matters to Black Lives
Commentary  |  7/8/2020  | 
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
Framing the Security Story: The Simplest Threats Are the Most Dangerous
Commentary  |  7/7/2020  | 
Don't be distracted by flashy advanced attacks and ignore the more mundane ones.
Applying the 80-20 Rule to Cybersecurity
Commentary  |  7/7/2020  | 
How security teams can achieve 80% of the benefit for 20% of the work.
How to Assess More Sophisticated IoT Threats
Commentary  |  7/6/2020  | 
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.
Introducing 'Secure Access Service Edge'
Commentary  |  7/3/2020  | 
The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.
Anatomy of a Long-Con Phish
Expert Insights  |  7/2/2020  | 
A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.
Considerations for Seamless CCPA Compliance
Commentary  |  7/2/2020  | 
Three steps to better serve consumers, ensure maximum security, and achieve compliance with the California Consumer Privacy Act.
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Commentary  |  7/2/2020  | 
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
4 Steps to a More Mature Identity Program
Commentary  |  7/1/2020  | 
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Commentary  |  7/1/2020  | 
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15703
PUBLISHED: 2020-10-31
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivile...
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.