Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in August 2020
From Defense to Offense: Giving CISOs Their Due
Commentary  |  8/31/2020  | 
In today's unparalleled era of disruption, forward-thinking CISOs can become key to company transformation -- but this means resetting relationships with the board and C-suite.
Redefining What CISO Success Looks Like
Commentary  |  8/28/2020  | 
Key to this new definition is the principle that security programs are designed to minimize business risk, not to achieve 100% no-risk.
The Inside Threat from Psychological Manipulators
Commentary  |  8/27/2020  | 
How internal manipulators can actually degrade your organization's cyber defense, and how to defend against them.
How CISOs Can Play a New Role in Defining the Future of Work
Commentary  |  8/27/2020  | 
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.
The 'Shared Responsibility' Misnomer: Why the Cloud Continues to Confound
Commentary  |  8/26/2020  | 
Under the "shared responsibility model," the security management of cloud offerings is split equally between the vendor and the customer. Easy enough, right?
Deep Fake: Setting the Stage for Next-Gen Social Engineering
Commentary  |  8/26/2020  | 
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
Three Easy Ways to Avoid Meow-like Database Attacks
Commentary  |  8/25/2020  | 
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
The Fatal Flaw in Data Security
Commentary  |  8/25/2020  | 
Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.
Dark Reading Launches New Section on Physical Security
Commentary  |  8/24/2020  | 
Partnership with IFSEC enables Dark Reading to cover new areas of security and expand its audience.
Average Cost of a Data Breach in 2020: $3.86M
Commentary  |  8/24/2020  | 
When companies defend themselves against cyberattacks, time is money.
Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy
Commentary  |  8/21/2020  | 
COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.
Twitter Hack: The Spotlight that Insider Threats Need
Commentary  |  8/20/2020  | 
The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.
Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay
Commentary  |  8/20/2020  | 
Black Hat USA 2020 was nothing like an in-person event, but it was incredibly useful for all involved, providing even the most grizzled industry veterans with fresh perspectives.
Black Hat USA 2020 Recap: Experts Discuss Election Security Questions, but Offer Few Answers
Commentary  |  8/20/2020  | 
The U.S. election in November is once again expected to be a target of digital adversaries. Experts at Black Hat USA 2020 highlighted the many election security questions authorities must address.
Banks and the New Abnormal
Commentary  |  8/20/2020  | 
Banks have hesitated to adopt many strong security practices, and for understandable reasons. But now is the time to be bold.
How to Control Security Costs During a Down Economy
Commentary  |  8/19/2020  | 
Three key areas security professionals should watch when managing their budgets.
Stolen Data: The Gift That Keeps on Giving
Commentary  |  8/19/2020  | 
Users regularly reuse logins and passwords, and data thieves are leveraging that reality to breach multiple accounts.
Four Ways to Mitigate Supply Chain Security Risks From Ripple20
Commentary  |  8/18/2020  | 
Enterprises can significantly alleviate current and long-standing third-party risk by using tactical and strategic efforts to assess and manage them.
Why Quality & Security Both Matter in Software
Commentary  |  8/18/2020  | 
It's time to position quality and security as equals under the metric of software integrity.
The IT Backbone of Cybercrime
Commentary  |  8/17/2020  | 
Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too.
WFH Summer 2020 Caption Contest Winners
Commentary  |  8/14/2020  | 
Clever wordplay on sandcastles, sandboxes, zero trust. and granular controls. And the winners are ...
Secure Development Takes a (Remote) Village
Commentary  |  8/13/2020  | 
The shift to work from home isn't just about giving your Dev team the physical tools they need.
Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity
Commentary  |  8/13/2020  | 
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.
With iOS's Privacy Nutrition Label, Apple Upstages Regulators
Commentary  |  8/13/2020  | 
New iOS privacy features require developers to disclose what data they're collecting, how they're using it, and with whom they share it.
Using 'Data for Good' to Control the Pandemic
Commentary  |  8/12/2020  | 
The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.
Threats vs. Thrift: Running Effective AppSec During a Global Crisis
Commentary  |  8/12/2020  | 
By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.
EU-US Privacy Shield Dissolution: What Happens Next?
Commentary  |  8/11/2020  | 
In a world that isn't private by design, security and liability implications for US-based cloud companies are huge.
How to Help Spoil the Cybercrime Economy
Commentary  |  8/11/2020  | 
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.
Vulnerability Prioritization: Are You Getting It Right?
Commentary  |  8/10/2020  | 
Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
IoT Security During COVID-19: What We've Learned & Where We're Going
Commentary  |  8/7/2020  | 
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Commentary  |  8/6/2020  | 
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
3 Tips For Better Security Across the Software Supply Chain
Commentary  |  8/6/2020  | 
It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
3 Tips for Securing Open Source Software
Commentary  |  8/5/2020  | 
Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.
Why Confidential Computing Is a Game Changer
Commentary  |  8/5/2020  | 
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.
Retooling the SOC for a Post-COVID World
Commentary  |  8/4/2020  | 
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
Securing IoT as a Remote Workforce Strategy
Commentary  |  8/4/2020  | 
Digital transformation with Internet of Things devices offers organizations a way forward in the era of COVID-19. Optimizing this approach for the future will need to start with security.
Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020
Commentary  |  8/3/2020  | 
Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees.
A Patriotic Solution to the Cybersecurity Skills Shortage
Commentary  |  8/3/2020  | 
Why now is the right time for the security industry to invest in the human capital that will make technology better, smarter, and safer.


Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26244
PUBLISHED: 2020-12-02
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expecte...
CVE-2020-28206
PUBLISHED: 2020-12-02
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also ...
CVE-2017-14451
PUBLISHED: 2020-12-02
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send m...
CVE-2017-2910
PUBLISHED: 2020-12-02
An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.
CVE-2020-13493
PUBLISHED: 2020-12-02
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an atta...