Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in January 2018
Page 1 / 2   >   >>
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Commentary  |  1/31/2018  | 
Authentication security methods are getting better all the time, but they are still not infallible.
5 Questions to Ask about Machine Learning
Commentary  |  1/31/2018  | 
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Ransomware Shows There's no Honor Among Cyberthieves
Larry Loeb  |  1/31/2018  | 
Proofpoint has found that one group of cybercrooks is stealing from other gangs of cybercriminals by using a proxy Tor browser to steal Bitcoins used to pay off ransomware threats.
Data Encryption: 4 Common Pitfalls
Partner Perspectives  |  1/31/2018  | 
To maximize encryption effectiveness you must minimize adverse effects in network performance and complexity. Here's how.
Breach-Proofing Your Data in a GDPR World
Commentary  |  1/30/2018  | 
Here are six key measures for enterprises to prioritize over the next few months.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
Commentary  |  1/30/2018  | 
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
Cryptomining: Paying the Price for Cryptocurrency
Simon Marshall  |  1/30/2018  | 
The growing popularity of Bitcoin and other cryptocurrency has led to cryptomining, with enterprises and individuals running the software unknowingly. Here's a look at the underside of this new business model.
An Action Plan to Fill the Information Security Workforce Gap
Commentary  |  1/29/2018  | 
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
OilRig's Use of RGDoor Shows Sophistication of Nation-State Attacks
Larry Loeb  |  1/29/2018  | 
OilRig, a group linked to Iran, has been installing RGDoor, a secondary backdoor that can reopen a system even if it's been fixed. Its use shows how sophisticated nation-state attacks are becoming.
Security Spending Increasing, Along With Data Breaches
Larry Loeb  |  1/29/2018  | 
In one of those good news/bad news reports on the state of security, the amount of money being spent on security is expected to increase this year, but the number of data breaches is also rising.\r\n\r\n
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Commentary  |  1/26/2018  | 
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
Selling Cloud-Based Cybersecurity to a Skeptic
Partner Perspectives  |  1/26/2018  | 
When it comes to security, organizations dont need to look at cloud as an either/or proposition. But there are misconceptions that need to be addressed.
How Containers & Serverless Computing Transform Attacker Methodologies
Commentary  |  1/25/2018  | 
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Commentary  |  1/25/2018  | 
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
8 Personal & Professional Data Privacy Tips to Follow
Simon Marshall  |  1/25/2018  | 
With International Data Privacy Day coming later this month, Security Now offers a checklist to help protect personal and professional data.
Avoiding the Epidemic of Hospital Hacks
Partner Perspectives  |  1/25/2018  | 
Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
Security Automation: Time to Start Thinking More Strategically
Commentary  |  1/24/2018  | 
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
GDPR: Ready or Not, Here It Comes
Commentary  |  1/24/2018  | 
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
Linus Torvalds: Intel's Spectre Patch Is 'Complete & Utter Garbage'
Larry Loeb  |  1/24/2018  | 
In a scathing assessment of Intel's efforts to patch the Spectre flaw, Linux inventor Linus Torvalds offers no quarter for the chipmaker.
Meltdown, Spectre Patches, Performance & My Neighbor's Sports Car
Commentary  |  1/23/2018  | 
When a flaw in the engine of a data center server makes it run more like a Yugo than a Porsche, it's the lawyers who will benefit.
5 Steps to Better Security in Hybrid Clouds
Commentary  |  1/23/2018  | 
Following these tips can improve your security visibility and standardize management across hybrid environments.
9 Steps to More-Effective Organizational Security
Commentary  |  1/22/2018  | 
Too often security is seen as a barrier, but it's the only way to help protect the enterprise from threats. Here are tips on how to strengthen your framework.
SamSam Ransomware Continues Making Hospitals Sick
Larry Loeb  |  1/22/2018  | 
SamSam or Samas continues to surface in hospitals and other healthcare facilities. The way the ransomware works shows how vulnerable healthcare is to these particular types of attacks.
Thycotic's Joseph Carson: Government & Encryption Issues Will Be Huge
Simon Marshall  |  1/22/2018  | 
In the second part of his Q&A with Security Now, Thycotic Chief Security Scientist Joseph Carson talks about encryption and the role that governments play in security.
Understanding Supply Chain Cyber Attacks
Commentary  |  1/19/2018  | 
While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security.
Spectre Can Obfuscate Tracking Tools, Too
Larry Loeb  |  1/19/2018  | 
As the security community learns more about the Spectre vulnerability, clever coders are already finding other exploits. Here's looking at the first of many.
Tax Reform, Cybersecurity-Style
Commentary  |  1/18/2018  | 
How the security industry can be more effective and efficient by recognizing four hidden "taxes" in the buying and selling process.
Applying Defense-in-Depth to the Digital Battlefield
Partner Perspectives  |  1/18/2018  | 
How a layered security strategy can minimize the threat and impact of a data breach.
How to Keep Blue Teams Happy in an Automated Security World
Commentary  |  1/18/2018  | 
The creativity and intuition of your team members must be developed and nurtured.
The Startup Challenge: Safe in the Cloud from Day One
Partner Perspectives  |  1/18/2018  | 
How a Seattle travel company built a rock-solid mobile app without sacrificing performance or security.
Living with Risk: Where Organizations Fall Short
Commentary  |  1/17/2018  | 
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
How AI Would Have Caught the Forever 21 Breach
Commentary  |  1/17/2018  | 
Companies must realize that the days of the desktop/server model are over and focus on "nontraditional" devices.
Google Chrome Extensions Hide Malice
Larry Loeb  |  1/17/2018  | 
Researchers from ICEBEG found malicious code hiding in four popular Google Chrome extensions. The search giant is working to fix the problem.
In Security & Life, Busy Is Not a Badge of Honor
Commentary  |  1/16/2018  | 
All security teams are busy, but not all security teams are productive. The difference between the two is huge.
Thycotic's Joseph Carson: Hackers Will Soon Read Your Mind
Simon Marshall  |  1/16/2018  | 
In the first part of his Q&A with Security Now, Thycotic's Joseph Carson talks privacy in an interconnected world and how hackers will soon read minds.
Mental Models & Security: Thinking Like a Hacker
Commentary  |  1/16/2018  | 
These seven approaches can change the way you tackle problems.
Top 3 Pitfalls of Securing the Decentralized Enterprise
Partner Perspectives  |  1/16/2018  | 
Doubling down on outdated security practices while the number of users leveraging your enterprise network grows is a race to the bottom for businesses moving to distributed workflows.
After Spectre & Meltdown, Intel Faces an 'Evil Maid' Problem
Larry Loeb  |  1/16/2018  | 
In a rough start to 2018, Intel is dealing with the Spectre and Meltdown vulnerabilities in its CPUs, and now the chip maker is confronting reports of a flaw that leaves chips open to an 'Evil Maid' attack.
What Can We Learn from Counterterrorism and National Security Efforts?
Commentary  |  1/12/2018  | 
The best practices and technologies that originated in the intelligence realm can help businesses stay safer, too.
Security Warning: Intel Inside
Larry Loeb  |  1/12/2018  | 
At CES, Intel CEO Brian Krzanich looked to reassure the whole industry that the chip maker would ensure that its processors were secure following the Meltdown and Spectre disclosures.
Privacy: The Dark Side of the Internet of Things
Commentary  |  1/11/2018  | 
Before letting an IoT device into your business or home, consider what data is being collected and where it is going.
AI in Cybersecurity: Where We Stand & Where We Need to Go
Commentary  |  1/11/2018  | 
How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.
Why Facebook Security Questions Are no Substitute for MFA
Partner Perspectives  |  1/11/2018  | 
If identity is established based on one thing you know and one thing you have, the latter should not also be a thing you know because in the sharing economy, we share everything.
'Shift Left': Codifying Intuition into Secure DevOps
Commentary  |  1/10/2018  | 
Shifting left is more than a catchy phrase. It's a mindset that emphasizes the need to think about security in all phases of the software development life cycle.
Smaller Financial Firms Preparing for New Ransomware Threats
Simon Marshall  |  1/10/2018  | 
Nearly a year after WannaCry and other ransomware attacks that targeted financial institutions, smaller firms are looking to prepare. Here's what the CISO of Texas-based Real Time Resolutions is doing to fight back.
'Back to Basics' Might Be Your Best Security Weapon
Commentary  |  1/10/2018  | 
A company's ability to successfully reduce risk starts with building a solid security foundation.
WPA3 Standard Teased at CES Following KRACK Attack
Larry Loeb  |  1/10/2018  | 
A few months after the KRACK attack, the Wi-Fi Alliance unveiled a few details about the upcoming WPA3 standards, with an emphasis on security and encryption.
'Tis the Season: Dark Reading Caption Contest Winners
Commentary  |  1/9/2018  | 
Bricked devices, penetration tests, and virtual reality were among the themes submitted in our latest holiday caption competition. And the winners are ...
CISOs' Cyber War: How Did We Get Here?
Commentary  |  1/9/2018  | 
We're fighting the good fight -- but, ultimately, losing the war.
Dell EMC, VMware Race to Plug Virtual Appliance Security Hole
Larry Loeb  |  1/9/2018  | 
Dell EMC, along with VMware, are hard at work plugging a zero-day exploit that targets the companies' virtual appliance gear.
Page 1 / 2   >   >>


Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-14451
PUBLISHED: 2020-12-02
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send m...
CVE-2017-2910
PUBLISHED: 2020-12-02
An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.
CVE-2020-13493
PUBLISHED: 2020-12-02
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an atta...
CVE-2020-13494
PUBLISHED: 2020-12-02
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could...
CVE-2020-13496
PUBLISHED: 2020-12-02
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation....