Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in September 2014
Software Assurance: Time to Raise the Bar on Static Analysis
Commentary  |  9/30/2014  | 
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
How To Hack A Human
Commentary  |  9/30/2014  | 
Check out social engineering expert and founder of the DEF CON Social Engineering Capture the Flag contest Chris Hadnagy's recent interview on Dark Reading Radio.
Can We Talk? Finding A Common Security Language
Commentary  |  9/29/2014  | 
How engineers can get beyond the crippling vocabulary and semantic barrier of infosec and actually communicate about cyber risk with bosses and business colleagues.
Shellshocked: A Future Of Hair On Fire Bugs
Commentary  |  9/26/2014  | 
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
How SaaS Adoption Is Changing Cloud Security
Commentary  |  9/25/2014  | 
Sanctioning cloud-based services requires a new approach to security that "assumes breach" and accounts for the limitations of endpoint and perimeter defenses.
From Securities To Security: Why The SEC Is Bringing Cyber To The Boardroom
Commentary  |  9/24/2014  | 
The SEC is emerging as a key proponent of corporate cyber security responsibility and diligence. What does that mean for the CISO?
Dark Reading Radio: Trends In Application Security
Commentary  |  9/23/2014  | 
How can we get more security baked into applications? Join us for a discussion today, Wednesday, September 24, at 1:00 p.m. New York, 10 a.m. San Francisco time.
The Truth About Ransomware: Youre On Your Own
Commentary  |  9/22/2014  | 
What should enterprises do when faced with ransomware? The answer is, it depends.
An AppSec Report Card: Developers Barely Passing
Commentary  |  9/19/2014  | 
A new study reveals that application developers are getting failing grades when it comes to their knowledge of critical security such as how to protect sensitive data, Web services, and threat modeling.
5 Ways To Monitor DNS Traffic For Security Threats
Commentary  |  9/18/2014  | 
Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products.
Data Privacy Etiquette: It's Not Just For Kids
Commentary  |  9/17/2014  | 
Children are the innocent victims of the worst effects of social media. Thats why its vital for adults to establish privacy values that are safe for them -- and the rest of us.
DR Radio: A Grown-Up Conversation About Passwords
Commentary  |  9/16/2014  | 
Cormac Herley of Microsoft Research will challenge everything you think you know about password management.
In Defense Of Passwords
Commentary  |  9/16/2014  | 
Long live the password (as long as you use it correctly along with something else).
5 Myths: Why We Are All Data Security Risks
Commentary  |  9/15/2014  | 
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
Why Email Is Worth Saving
Commentary  |  9/12/2014  | 
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
Apple Pay: A Necessary Push To Transform Consumer Payments
Commentary  |  9/11/2014  | 
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
Privacy, Security & The Geography Of Data Protection
Commentary  |  9/11/2014  | 
Data generation is global, so why do different parts of the world react differently to the same threat of security breaches and backdoors?
Black Hat & DEF CON: 3 Lessons From A Newbie
Commentary  |  9/9/2014  | 
Security conferences are a lot like metal concerts: Your parents are terrified you're going to die because everyone looks scary, but 98 percent of attendees are really nice people who want to help you learn.
Dark Reading Radio: CISO James Christiansen Shares Experiences
Commentary  |  9/9/2014  | 
Former CISO at GM, Visa, and Experian answers questions about building security programs in large enterprises.
No End In Sight For Ransomware
Commentary  |  9/8/2014  | 
The screenlocker Kovter, in particular, has shown sharp growth this year. It masquerades as a law enforcement authority and threatens police action if users dont pay up.
Poll: Significant Insecurity About Internet of Things
Commentary  |  9/5/2014  | 
Fewer than one percent of more than 800 Dark Reading community members are ready for the fast approaching security onslaught of the IoT.
In Cloud We Trust: A New Model
Commentary  |  9/4/2014  | 
The solution to the problem of data security in the public cloud will require more than a traditional compliance-driven approach.
Celeb Hack: Is Apple Telling All It Knows?
Commentary  |  9/3/2014  | 
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? Youre darn tootin'!
Contactless HCE Payments Promise Simplicity But Is It Secure?
Commentary  |  9/2/2014  | 
Host Card Emulation is a powerful and flexible technology, but like most software-dependent solutions, it can be hacked and exploited.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.