Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in August 2017
Page 1 / 2   >   >>
LookingGlass Raises $26.3M to Bring Order to Chaos
Simon Marshall  |  8/31/2017  | 
New threat-intelligence-as-a-service company raises the stakes on scale in the market.
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Commentary  |  8/31/2017  | 
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
Phishing for Your Information: How Phishers Bait Their Hooks
Partner Perspectives  |  8/31/2017  | 
A treasure trove of PII from social networks and the public Internet is there for the taking.
Millions of Email Addresses Exposed in Latest Malware Database
Curt Franklin  |  8/30/2017  | 
A database housed in the Netherlands is found to contain hundreds of millions of hacked email addresses.
Hacking the Security Job Application Process
Commentary  |  8/30/2017  | 
Simple advice to help job seekers dig out of the black hole of recruiter and employer hiring portals.
Do Autonomous Cars Dream of Driverless Roads?
Partner Perspectives  |  8/30/2017  | 
The connected car is coming and with it a need for consistent innovation of network technologies throughput, latency, coverage, and cost to keep us safe.
How Hackers Hide Their Malware: Advanced Obfuscation
Commentary  |  8/30/2017  | 
Hackers continue to develop new ways to break into systems. Here are three of them, along with ways to fight back.
Automation Deserves Skepticism
Curt Franklin  |  8/29/2017  | 
While automation might be the next great tech wave, let's take some time to consider it.
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Commentary  |  8/29/2017  | 
Once you've got a lake full of data, it's essential that your analysis isn't left stranded on the shore.
Dark Reading Now HTTPS
Commentary  |  8/29/2017  | 
Moving a site that's more than a decade old to HTTPS has been a journey, and we're almost there.
How Hackers Hide Their Malware: The Basics
Commentary  |  8/29/2017  | 
Malware depends on these four basic techniques to avoid detection.
Bitcoin Attacks Mount as Criminals & States Seek Targets
Simon Marshall  |  8/29/2017  | 
Bitcoin and other cryptocurrencies are under increasing attack from a variety of actors and it looks like things will only get worse.
India & Pakistan: Commonplace Exploits Access High-Value Information
Simon Marshall  |  8/28/2017  | 
India and Pakistan are proving yet again that it doesn't take an advanced attack to yield big results.
Black Hats Win: Results From the Latest SecurityNow.com Poll
Curt Franklin  |  8/28/2017  | 
The hat you wear as a security researcher matters, say those who took the latest SecurityNow.com poll. And the most effective hat color is black.
Cybersecurity: An Asymmetrical Game of War
Commentary  |  8/28/2017  | 
To stay ahead of the bad guys, security teams need to think like criminals, leverage AIs ability to find malicious threats, and stop worrying that machine learning will take our jobs.
Google: Big Cloud, Tiny Titan Chip
Simon Marshall  |  8/25/2017  | 
Google develops a tiny chip to close a big security hole before it opens. Is there a tiny Titan in your future, too?
DDoS Trends Show Big Impact From Fewer Servers
Curt Franklin  |  8/25/2017  | 
A change in control networks means that this quarter saw DDoS attacks from fewer endpoints, each having a bigger impact.
Friday Haiku: Fear the Zombie Server
Curt Franklin  |  8/25/2017  | 
DDoS attacks are lurking in armies of zombie servers.
A Call for New Voices on the Security Conference Circuit
Commentary  |  8/25/2017  | 
If the mere idea of talking in public makes you want to hide in a bathroom stall with a stuffed bobcat, think again.
Continuous Compliance and Effective Audit Preparation for the Cloud
Partner Perspectives  |  8/25/2017  | 
Why audits are a necessary evil, and how they can actually help you improve your brand value.
Programmed to Kill: The Risk of Hacked Robots Is Real
Simon Marshall  |  8/24/2017  | 
When will the news break of the first hacked robot taking a human life? It could be sooner than you think.
Government Insiders Are Security's Biggest Risk
Simon Marshall  |  8/24/2017  | 
Outside actors can be dangerous, but the biggest risk to organizations comes from within.
How Quantum Computing Will Change Browser Encryption
Partner Perspectives  |  8/24/2017  | 
From a protocol point of view, were closer to a large-scale quantum computer than many people think. Heres why thats an important milestone.
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Commentary  |  8/24/2017  | 
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017  | 
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
DoJ Narrows Scope of DreamHost Warrant
Curt Franklin  |  8/23/2017  | 
The Department of Justice has scaled back the demands of a search warrant served to web hosting provider DreamHost.
The Changing Face & Reach of Bug Bounties
Commentary  |  8/23/2017  | 
HackerOne CEO Mrten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
Delaware Requires Data Security in New Law
Curt Franklin  |  8/23/2017  | 
Delaware has become the latest state requiring companies to protect private data.
Why You Need to Study Nation-State Attacks
Commentary  |  8/23/2017  | 
Want to know what attacks against businesses will look like soon? Examine nation-state attacks now.
Ransomware: The Tripflare in the Modern Cyberwar
Partner Perspectives  |  8/23/2017  | 
With the frequency and scale of breaches on the rise, and our legacy security failing to protect us, is ransomware the catalyst we need to trigger improvement in our security postures?
New SaaS Service Offers Order for Access
Curt Franklin  |  8/22/2017  | 
One Identity's new SaaS offering, Starling IARI, analyzes user access and roles to secure enterprise networks.
Voice of Security Radio: Building Secure Applications
Curt Franklin  |  8/22/2017  | 
In too many companies, security vulnerabilities start at the application. Join us for this week's episode to hear how to make your applications more secure.
Coming Soon to Dark Reading...
Commentary  |  8/22/2017  | 
Event calendar: Dark Reading brings you threat intelligence tomorrow, boardroom communication next week, and coming in November, a brand new conference in the D.C. area.
Battle of the AIs: Don't Build a Better Box, Put Your Box in a Better Loop
Commentary  |  8/22/2017  | 
Powered by big data and machine learning, next-gen attacks will include perpetual waves of malware, phishes, and false websites nearly indistinguishable from the real things. Here's how to prepare.
Comparing Private and Public Cloud Threat Vectors
Commentary  |  8/22/2017  | 
Many companies moving from a private cloud to a cloud service are unaware of increased threats.
Amazon S3 Errors Hit Home Again
Curt Franklin  |  8/21/2017  | 
Another S3 data release shows the critical importance of correctly configuring the cloud storage service.
Sleepless in Cupertino
Larry Loeb  |  8/21/2017  | 
A hacker finds the key to Apple's SEP and there's good news in the battle against spear-phishing. Bad news and good to start the week.
The Pitfalls of Cyber Insurance
Commentary  |  8/21/2017  | 
Cyber insurance is 'promising' but it won't totally protect your company against hacks.
5 Factors to Secure & Streamline Your Cloud Deployment
Partner Perspectives  |  8/21/2017  | 
How a Midwestern credit union overcame the challenges of speed, cost, security, compliance and automation to grow its footprint in the cloud.
Finding Tools for DevSecOps
Curt Franklin  |  8/18/2017  | 
Finding the right tools can be the start of the right path toward DevSecOps. Here's how to start the hunt.
Questions of Colors
Curt Franklin  |  8/18/2017  | 
A Friday Haiku asks about the color of your hat.
Curbing the Cybersecurity Workforce Shortage with AI
Commentary  |  8/18/2017  | 
By using cognitive technologies, an organization can address the talent shortage by getting more productivity from current employees and improving processes.
Cybercrime Is North Korea's Biggest Threat
Andy Patrizio  |  8/17/2017  | 
While the world is watching a battle of words, North Korea has been attacking the West and funding its global operations through cybercrime.
Critical Infrastructure, Cybersecurity & the 'Devils Rope'
Commentary  |  8/17/2017  | 
How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it.
Kill Switches, Vaccines & Everything in Between
Commentary  |  8/17/2017  | 
The language can be a bit fuzzy at times, but there are real differences between the various ways of disabling malware.
How to Avoid the 6 Most Common Audit Failures
Partner Perspectives  |  8/17/2017  | 
In a security audit, the burden is on you to provide the evidence that youve done the right things.
Rackspace Strengthens Its Managed Security Story
Curt Franklin  |  8/17/2017  | 
Rackspace is adding features and functions to its managed security offerings. Is it all a company needs?
The Day of Reckoning: Cybercrimes Impact on Brand
Commentary  |  8/16/2017  | 
Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.
Will GDPR Be the Death of Big Data?
Andy Patrizio  |  8/16/2017  | 
The EU's General Data Protection Regulation (GDPR) will make the landscape shift for big data users around the world.
Discover a Data Breach? Try Compassion First
Commentary  |  8/16/2017  | 
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27388
PUBLISHED: 2020-10-23
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.