Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in August 2019
To Navigate a Sea of Cybersecurity Solutions, Learn How to Fish
Commentary  |  8/30/2019  | 
Three steps for relieving the pressure of picking the right tools.
Cisco Maxes Out Its CVE Severity
Larry Loeb  |  8/30/2019  | 
Cisco had to take itself to the virtual woodshed this week after issuing a security advisory about its IOS XE operating system.
AV Vendor & French Gendarmerie Take Down a Transnational Worm
Larry Loeb  |  8/29/2019  | 
The good guys got lucky this time.
Privacy 2019: We're Not Ready
Commentary  |  8/29/2019  | 
To facilitate the innovative use of data and unlock the benefits of new technologies, we need privacy not just in the books but also on the ground.
Securing Our Infrastructure: 3 Steps OEMs Must Take in the IoT Age
Commentary  |  8/28/2019  | 
Security has lagged behind adoption of the Internet of Things. The devices hold much promise, but only if a comprehensive security model is constructed.
Enterprise Firms Are Simplifying & Securing Networks With a More Flexible Network Edge
Dan Reis  |  8/27/2019  | 
Distributed enterprises are on a digital transformation journey. As a result, enterprises are turning to secure SD-WAN to deploy a robust networking ecosystem that accelerates their digital transformation.
Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
Commentary  |  8/27/2019  | 
As new Internet of Things products enter the market, speed shouldn't trump concerns about security.
NSA to Share Added Security for Firmware Functions
Larry Loeb  |  8/26/2019  | 
Most people think of the National Security Agency as the home of operational intelligence gathering. But many people are unaware of the research that it has done and released to the public.
Cryptography & the Hype Over Quantum Computing
Commentary  |  8/26/2019  | 
It's not time to move to post-quantum cryptography yet -- too many things are still up in the air. But you can start to become prepared by making sure your infrastructure is agile.
Nuclear Plant Security Compromised by Financially Motivated Insiders
Larry Loeb  |  8/23/2019  | 
Equipment at a nuclear power plant in Ukraine was used to mine cryptocurrency.
Newly Registered Domains Mean New Problems – Palo Alto
Larry Loeb  |  8/23/2019  | 
Why NRDs should matter to the security community.
Capital One Breach: What Security Teams Can Do Now
Commentary  |  8/23/2019  | 
Knowing the methods of the attacker, as laid out in the federal indictment, allow us to prevent similar attacks.
Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security
Commentary  |  8/22/2019  | 
Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.
5 Identity Challenges Facing Todays IT Teams
Commentary  |  8/22/2019  | 
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
'Phoning Home': Your Latest Data Exfiltration Headache
Commentary  |  8/21/2019  | 
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
Fintech Startups Get Sloppy With Application Security
Larry Loeb  |  8/20/2019  | 
Some startups need to shape up or ship out.
New Industry Drives Renewed Interest in Embedded Security
Larry Loeb  |  8/20/2019  | 
Hardware for security may just get hot.
Who Gets Privileged Access & How to Enforce It
Commentary  |  8/20/2019  | 
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
Tough Love: Debunking Myths about DevOps & Security
Commentary  |  8/19/2019  | 
It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.
CTF Protocol Serves as a Low-Level Way to Take Over Windows Machines
Larry Loeb  |  8/16/2019  | 
There is a protocol in Windows that has been around since the days of Windows XP, which has been found to be insecure.
Beat the Heat: Dark Reading Caption Contest Winners
Commentary  |  8/16/2019  | 
Phishing, token codes, training, MFA, polluted data entry, and whales. And the winners are ...
The Flaw in Vulnerability Management: It's Time to Get Real
Commentary  |  8/15/2019  | 
Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future.
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Commentary  |  8/15/2019  | 
The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.
Why Companies Fail to Learn from Peers' Mistakes (and How They Can Change)
Commentary  |  8/14/2019  | 
Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons.
Microservices Flip App Security on Its Head
Commentary  |  8/14/2019  | 
With faster application deployment comes increased security considerations.
Security Assurance Is a Long-Term & Ongoing Investment
Steve Durbin  |  8/14/2019  | 
Establishing a business-focused security assurance program is a long-term, ongoing investment.
The California Consumer Privacy Act's Hidden Surprise Has Big Legal Consequences
Commentary  |  8/13/2019  | 
The CCPA's provision devoted to 'reasonable' cybersecurity procedures and policies could trip up your business. Get ready now.
A Brace Helps to Balance the Load
Larry Loeb  |  8/13/2019  | 
A syntax construct inside the TCL language is allowing injection attacks to occur.
This RAT Doesn't Squeak Much
Larry Loeb  |  8/13/2019  | 
Saefko does stuff. Lots of stuff.
History Doesn't Repeat Itself in Cyberspace
Commentary  |  8/13/2019  | 
The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape.
European Approach to Artificial Intelligence: Ethics Is Key
Oliver Schonschek  |  8/13/2019  | 
The socio-economic, legal and ethical impacts of AI must be carefully addressed, says the European Commission.
6 Security Considerations for Wrangling IoT
Commentary  |  8/12/2019  | 
The Internet of Things isn't going away, so it's important to be aware of the technology's potential pitfalls.
State Farm Insurance Notifies Users About a Breach but Doesn't Panic
Larry Loeb  |  8/9/2019  | 
State Farm Insurance has filed a notice of data breach that involved customer accounts, seemingly to meet California regulations.
MSFT Walks Back Original Action, Admits RDP Vulnerability Affects Hyper-V
Larry Loeb  |  8/9/2019  | 
Check Point Research's Eyal Itkin told the world in February of this year that there were multiple critical vulnerabilities in the widely used RDP protocol.
It's (Still) the Password, Stupid!
Commentary  |  8/9/2019  | 
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
Yes, FaceApp Really Could Be Sending Your Data to Russia
Commentary  |  8/8/2019  | 
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.
Wipro Says That Target on the Enterprise's Back Just Got Bigger
Larry Loeb  |  8/7/2019  | 
Wipro has presented the third edition of their 'State of Cybersecurity Report,' looking at trends and behaviors that have occurred over the last year.
Rethinking Website Spoofing Mitigation
Commentary  |  8/7/2019  | 
Deception technology is evolving rapidly, making it easier for organizations to turn the tables on their attackers. Here's how.
When Perceived Cybersecurity Risk Outweighs Reality
Commentary  |  8/6/2019  | 
Teams need to manage perceived risks so they can focus on fighting the real fires.
Security & the Infinite Capacity to Rationalize
Commentary  |  8/6/2019  | 
To improve the security posture of our organizations, we must open our eyes to rationalization and put an end to it with logic. Here's how.
Has Your Employee Been Compromised by Sextortion?
Larry Loeb  |  8/5/2019  | 
Sextortion is one particular kind of extortion that is defined by the Cambridge dictionary as "The practice of forcing someone to do something by threatening to publish sexual information about them."
Fighting Back Against Mobile Fraudsters
Commentary  |  8/5/2019  | 
The first step toward identifying and preventing mobile fraud threats is acknowledging that mobile security requires a unique solution.
Bulletproof Proxy Providers Try to Hide Botnet IP Address Needles in Haystacks
Larry Loeb  |  8/2/2019  | 
Cequence Security's CQ Prime research team thinks it has spotted a new trend it calls 'bulletproof proxies.'
Black Hat: A Summer Break from the Mundane and Controllable
Commentary  |  8/2/2019  | 
Enjoy the respite from the security tasks that await you back at home. Then prepare yourself for the uphill battles to come. Here's how.
Who Is Phoning Home on Your Firm's Dime?
Larry Loeb  |  8/1/2019  | 
ExtraHop customers in 2018 and the first weeks of 2019 took a look at some third-party supplied enterprise software's behavior and were not pleased when it would, unannounced, call home for its creators.
Demystifying New FIDO Standards & Innovations
Commentary  |  8/1/2019  | 
Staying on top of the latest cybersecurity risks and preferred attack methods can feel impossible, but standards like FIDO2 are designed to help relieve the burden.
SecOps Success Through Employee Retention
Commentary  |  8/1/2019  | 
To keep your turnover low, focus on these areas: compensation, advancement opportunities, training, and environment.


7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26649
PUBLISHED: 2020-10-22
AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php
CVE-2020-26650
PUBLISHED: 2020-10-22
AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php
CVE-2020-27533
PUBLISHED: 2020-10-22
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
CVE-2020-24033
PUBLISHED: 2020-10-22
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escala...
CVE-2020-27560
PUBLISHED: 2020-10-22
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.