Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in September 2014
Software Assurance: Time to Raise the Bar on Static Analysis
Commentary  |  9/30/2014  | 
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
How To Hack A Human
Commentary  |  9/30/2014  | 
Check out social engineering expert and founder of the DEF CON Social Engineering Capture the Flag contest Chris Hadnagy's recent interview on Dark Reading Radio.
Can We Talk? Finding A Common Security Language
Commentary  |  9/29/2014  | 
How engineers can get beyond the crippling vocabulary and semantic barrier of infosec and actually communicate about cyber risk with bosses and business colleagues.
Shellshocked: A Future Of Hair On Fire Bugs
Commentary  |  9/26/2014  | 
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
How SaaS Adoption Is Changing Cloud Security
Commentary  |  9/25/2014  | 
Sanctioning cloud-based services requires a new approach to security that "assumes breach" and accounts for the limitations of endpoint and perimeter defenses.
From Securities To Security: Why The SEC Is Bringing Cyber To The Boardroom
Commentary  |  9/24/2014  | 
The SEC is emerging as a key proponent of corporate cyber security responsibility and diligence. What does that mean for the CISO?
Dark Reading Radio: Trends In Application Security
Commentary  |  9/23/2014  | 
How can we get more security baked into applications? Join us for a discussion today, Wednesday, September 24, at 1:00 p.m. New York, 10 a.m. San Francisco time.
The Truth About Ransomware: Youre On Your Own
Commentary  |  9/22/2014  | 
What should enterprises do when faced with ransomware? The answer is, it depends.
An AppSec Report Card: Developers Barely Passing
Commentary  |  9/19/2014  | 
A new study reveals that application developers are getting failing grades when it comes to their knowledge of critical security such as how to protect sensitive data, Web services, and threat modeling.
5 Ways To Monitor DNS Traffic For Security Threats
Commentary  |  9/18/2014  | 
Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products.
Data Privacy Etiquette: It's Not Just For Kids
Commentary  |  9/17/2014  | 
Children are the innocent victims of the worst effects of social media. Thats why its vital for adults to establish privacy values that are safe for them -- and the rest of us.
DR Radio: A Grown-Up Conversation About Passwords
Commentary  |  9/16/2014  | 
Cormac Herley of Microsoft Research will challenge everything you think you know about password management.
In Defense Of Passwords
Commentary  |  9/16/2014  | 
Long live the password (as long as you use it correctly along with something else).
5 Myths: Why We Are All Data Security Risks
Commentary  |  9/15/2014  | 
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
Why Email Is Worth Saving
Commentary  |  9/12/2014  | 
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
Apple Pay: A Necessary Push To Transform Consumer Payments
Commentary  |  9/11/2014  | 
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
Privacy, Security & The Geography Of Data Protection
Commentary  |  9/11/2014  | 
Data generation is global, so why do different parts of the world react differently to the same threat of security breaches and backdoors?
Black Hat & DEF CON: 3 Lessons From A Newbie
Commentary  |  9/9/2014  | 
Security conferences are a lot like metal concerts: Your parents are terrified you're going to die because everyone looks scary, but 98 percent of attendees are really nice people who want to help you learn.
Dark Reading Radio: CISO James Christiansen Shares Experiences
Commentary  |  9/9/2014  | 
Former CISO at GM, Visa, and Experian answers questions about building security programs in large enterprises.
No End In Sight For Ransomware
Commentary  |  9/8/2014  | 
The screenlocker Kovter, in particular, has shown sharp growth this year. It masquerades as a law enforcement authority and threatens police action if users dont pay up.
Poll: Significant Insecurity About Internet of Things
Commentary  |  9/5/2014  | 
Fewer than one percent of more than 800 Dark Reading community members are ready for the fast approaching security onslaught of the IoT.
In Cloud We Trust: A New Model
Commentary  |  9/4/2014  | 
The solution to the problem of data security in the public cloud will require more than a traditional compliance-driven approach.
Celeb Hack: Is Apple Telling All It Knows?
Commentary  |  9/3/2014  | 
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? Youre darn tootin'!
Contactless HCE Payments Promise Simplicity But Is It Secure?
Commentary  |  9/2/2014  | 
Host Card Emulation is a powerful and flexible technology, but like most software-dependent solutions, it can be hacked and exploited.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27388
PUBLISHED: 2020-10-23
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.