Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in October 2017
Page 1 / 2   >   >>
Ted Schlein: Interview With a Capitalist
Curt Franklin  |  10/31/2017  | 
Ted Schlein is a partner with the most storied venture capital fund in Silicon Valley. When Ted talks about cybersecurity, people listen.
Who Says Brilliant Security Engineers Can't Be Amazing People Managers?
Commentary  |  10/31/2017  | 
Don't let midcareer stagnation be an exit ramp from the cybersecurity industry. Use it as an opportunity to explore and to deepen your enthusiasm.
Stop Counting Vulnerabilities & Start Measuring Risk
Commentary  |  10/31/2017  | 
When security teams report on real risk, executive teams can gain a much better understanding of the company's security posture.
CAPTCHA Is Vulnerable
Larry Loeb  |  10/30/2017  | 
A group of researchers have demonstrated a vulnerability in the widely used CAPTCHA scheme – a vulnerability that may mean the end of CAPTCHA as we know it.
Screen Sharing: Dark Reading Caption Contest Winners
Commentary  |  10/30/2017  | 
It was a tough competition with more than 125 submissions, our largest field yet. And the winners are ...
Preventing Credential Theft: A Security Checklist for Boards
Commentary  |  10/30/2017  | 
Board members pose a unique risk for business, but proper planning helps.
Its Time to Change the Cybersecurity Conversation
Commentary  |  10/30/2017  | 
The IT security industry needs more balance between disclosure of threats and discussion of defense practices and greater sharing of ideas
Ted Schlein Hates Passwords
Curt Franklin  |  10/27/2017  | 
He hates user names, too, and thinks we should get rid of them. In a keynote address at Networking the Future in Tampa, Fla., he discussed why.
3 Steps to Reduce Risk in Your Supply Chain
Commentary  |  10/27/2017  | 
Many companies have very limited visibility into their vendors' security posture -- and some may have thousands of vendors. Here are steps that every company should take to lock down their supply chains.
Kaspersky's US Gov Woes Continue
Simon Marshall  |  10/27/2017  | 
Kaspersky has admitted that its software grabbed a classified file from a private computer. Does it prove the US government's claims or prove that Kaspersky is a good global citizen?
Is Your Security Military-Grade?
Curt Franklin  |  10/26/2017  | 
Simple civilian security won't cut it for most businesses. It's time to take your cybersecurity mil-spec.
Why Data Breach Stats Get It Wrong
Commentary  |  10/26/2017  | 
It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.
A Checklist for Securing the Internet of Things
Commentary  |  10/26/2017  | 
IoT devices promise endless benefits, but they also come with serious security issues. Use this checklist to make sure your company stays safe.
5 Reasons Why the CISO is a Cryptocurrency Skeptic
Partner Perspectives  |  10/26/2017  | 
If you think all you need is technology to defend against bad guys, you shouldnt be a CISO. But technology is all cryptocurrency is, starting with Bitcoin.
Bad Rabbit Breeds Ransomware Fears
Curt Franklin  |  10/25/2017  | 
A new breed of ransomware has hit Russia and Eastern Europe. Bad Rabbit could hop the Atlantic and wreak havoc on North American systems.
Advanced Analytics + Frictionless Security: What CISOS Need to Know
Commentary  |  10/25/2017  | 
Advances in analytics technologies promise to make identity management smarter and more transparent to users. But the process is neither straightforward nor easy.
Will Transparency Save Kaspersky?
Simon Marshall  |  10/25/2017  | 
Kaspersky is trying radical transparency to counter accusations that it acts as a front for Russian intelligence. Will it be enough to quiet the skeptics?
Why Patching Software Is Hard: Organizational Challenges
Commentary  |  10/25/2017  | 
The Equifax breach shows how large companies can stumble when it comes to patching. Organizational problems can prevent best practices from being enforced.
A New BotNet Is Growing: Are You Already Part of Its Army?
Curt Franklin  |  10/24/2017  | 
The IoT_Reaper botnet is new and growing. Are your IoT devices already part of a criminal system that will cripple the Internet?
Finding Your Appetite for Security Automation (and Why That's Important)
Commentary  |  10/24/2017  | 
Yes, automation is becoming increasingly critical. But before you go all-in, determine the level that's right for your company.
CNCF Adopts 2 Container Security Projects
Curt Franklin  |  10/24/2017  | 
A pair of new open source container security projects find a home at the CNCF. Enterprise Cloud News' Scott Ferguson reports the details.
Why Patching Software Is Hard: Technical Challenges
Commentary  |  10/24/2017  | 
Huge companies like Equifax can stumble over basic technical issues. Here's why.
You Must Know Blockchain
Curt Franklin  |  10/23/2017  | 
Even if you're not planning to use it any time soon, the signs are clear: You must know the technology of blockchain.
The Simplicity of a Wordpress Hack
Larry Loeb  |  10/23/2017  | 
The latest Wordpress hack is serious, but it's not part of some grand conspiracy among hackers.
Security Training & Awareness: 3 Big Myths
Commentary  |  10/23/2017  | 
The once-overwhelming consensus that security awareness programs are invaluable is increasingly up for debate.
Financial Institutions Lack Confidence in Their Own Defenses
Curt Franklin  |  10/20/2017  | 
Financial institutions are fighting fraud with tools that aren't completely up to the task, according to the results of a new survey out this week.
How to Talk to the C-Suite about Malware Trends
Commentary  |  10/20/2017  | 
There is no simple answer to the question 'Are we protected against the latest brand-name malware attack?' But there is a smart one.
Contesting Control of Container Security
Simon Marshall  |  10/20/2017  | 
Who should control container security? It's a question that is gaining importance as containers become a favored mechanism for enterprise development.
How Can You Beat the Widespread ROCA?
Curt Franklin  |  10/19/2017  | 
ROCA is a vulnerability hitting millions of devices. How can you tell if yours are affected and what can you do if they are?
What's Next after the SEC 'Insider Trading' Breach?
Commentary  |  10/19/2017  | 
Last month's hack of the Securities and Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.
CISOs: Striving Toward Proactive Security Strategies
Partner Perspectives  |  10/19/2017  | 
A new survey paints a compelling picture of the modern security executive, how they succeed, and how much power they wield.
GDPR Pressure Begins on US Multinationals
Simon Marshall  |  10/19/2017  | 
GDPR may be an EU regulation but it will have a significant impact on US companies doing business with any European customer, and the impact will start soon.
Necurs Malware Wants a Selfie With Your Desktop
Curt Franklin  |  10/18/2017  | 
Necurs has returned and this time it's carrying a payload that takes a picture of your desktop.
McAfee Brings AI to Security With New Products
Curt Franklin  |  10/18/2017  | 
McAfee has announced new products at MPOWER products that bring AI and machine learning to security analytics.
What's Next After HTTPS: A Fully Encrypted Web?
Commentary  |  10/18/2017  | 
As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.
KRACK Attack: How Enterprises Can Protect Their WiFi
Curt Franklin  |  10/17/2017  | 
A flaw in the WPA2 protocol means that most WiFi networks worldwide are open to successful attack.
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Commentary  |  10/17/2017  | 
The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.
Attivo Goes On the Attack Against Hackers
Simon Marshall  |  10/17/2017  | 
Attivo gets $21 million in new funding to take the fight to hackers through advanced deception.
HONEST Poll Results: How Much Should You Encrypt?
Curt Franklin  |  10/16/2017  | 
What is the 'Goldilocks Zone' when it comes to encryption? Security Now community members speak out in our latest poll.
CoinHive Mines New Malware Potential
Larry Loeb  |  10/16/2017  | 
Some websites have developed a new revenue stream. Unfortunately, it involves placing malware on visitors' computers.
20 Questions to Ask Yourself before Giving a Security Conference Talk
Commentary  |  10/16/2017  | 
As cybersecurity continues to become more of a mainstream concern, those of us who speak at industry events must learn how to truly connect with our audience.
Cisco Talos Team Tackles Top-Tier TXT Threat
Simon Marshall  |  10/13/2017  | 
Talos researchers have taken down an attack aimed at the Securities and Exchange Commission.
Risk & Reality Take Different Paths in Cybersecurity
Curt Franklin  |  10/13/2017  | 
A new study by Barracuda shows once again that the reality and perception of cyberrisks are two very different things.
Getting the Most Out of Cyber Threat Intelligence
Commentary  |  10/13/2017  | 
How security practitioners can apply structured analysis and move from putting out fires to fighting the arsonists.
ShiftLeft Secures Code Pre-Threat
Simon Marshall  |  10/12/2017  | 
Startup ShiftLeft is moving security forward in the software development lifecycle.
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Commentary  |  10/12/2017  | 
With social media, gathering information has never been easier, making Business Email Compromise the land of milk and honey for cybercriminals.
6 Steps to Finding Honey in the OWASP
Partner Perspectives  |  10/12/2017  | 
The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
Final Decision in Dreamhost Battle With DOJ
Curt Franklin  |  10/11/2017  | 
In the legal battle between the Department of Justice and Dreamhost, a resolution and a victory.
Can Machine Learning Outsmart Malware?
Partner Perspectives  |  10/11/2017  | 
Using machine learning in the cybersecurity domain is a growing trend with many advantages, but it also has its risks.
Rowhammer Attack Pounds With Precision
Larry Loeb  |  10/11/2017  | 
A new variant of the Rowhammer attack can work around every known defense.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.