Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in October 2017
Page 1 / 2   >   >>
Ted Schlein: Interview With a Capitalist
Curt Franklin  |  10/31/2017  | 
Ted Schlein is a partner with the most storied venture capital fund in Silicon Valley. When Ted talks about cybersecurity, people listen.
Who Says Brilliant Security Engineers Can't Be Amazing People Managers?
Commentary  |  10/31/2017  | 
Don't let midcareer stagnation be an exit ramp from the cybersecurity industry. Use it as an opportunity to explore and to deepen your enthusiasm.
Stop Counting Vulnerabilities & Start Measuring Risk
Commentary  |  10/31/2017  | 
When security teams report on real risk, executive teams can gain a much better understanding of the company's security posture.
CAPTCHA Is Vulnerable
Larry Loeb  |  10/30/2017  | 
A group of researchers have demonstrated a vulnerability in the widely used CAPTCHA scheme – a vulnerability that may mean the end of CAPTCHA as we know it.
Screen Sharing: Dark Reading Caption Contest Winners
Commentary  |  10/30/2017  | 
It was a tough competition with more than 125 submissions, our largest field yet. And the winners are ...
Preventing Credential Theft: A Security Checklist for Boards
Commentary  |  10/30/2017  | 
Board members pose a unique risk for business, but proper planning helps.
Its Time to Change the Cybersecurity Conversation
Commentary  |  10/30/2017  | 
The IT security industry needs more balance between disclosure of threats and discussion of defense practices and greater sharing of ideas
Ted Schlein Hates Passwords
Curt Franklin  |  10/27/2017  | 
He hates user names, too, and thinks we should get rid of them. In a keynote address at Networking the Future in Tampa, Fla., he discussed why.
3 Steps to Reduce Risk in Your Supply Chain
Commentary  |  10/27/2017  | 
Many companies have very limited visibility into their vendors' security posture -- and some may have thousands of vendors. Here are steps that every company should take to lock down their supply chains.
Kaspersky's US Gov Woes Continue
Simon Marshall  |  10/27/2017  | 
Kaspersky has admitted that its software grabbed a classified file from a private computer. Does it prove the US government's claims or prove that Kaspersky is a good global citizen?
Is Your Security Military-Grade?
Curt Franklin  |  10/26/2017  | 
Simple civilian security won't cut it for most businesses. It's time to take your cybersecurity mil-spec.
Why Data Breach Stats Get It Wrong
Commentary  |  10/26/2017  | 
It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.
A Checklist for Securing the Internet of Things
Commentary  |  10/26/2017  | 
IoT devices promise endless benefits, but they also come with serious security issues. Use this checklist to make sure your company stays safe.
5 Reasons Why the CISO is a Cryptocurrency Skeptic
Partner Perspectives  |  10/26/2017  | 
If you think all you need is technology to defend against bad guys, you shouldnt be a CISO. But technology is all cryptocurrency is, starting with Bitcoin.
Bad Rabbit Breeds Ransomware Fears
Curt Franklin  |  10/25/2017  | 
A new breed of ransomware has hit Russia and Eastern Europe. Bad Rabbit could hop the Atlantic and wreak havoc on North American systems.
Advanced Analytics + Frictionless Security: What CISOS Need to Know
Commentary  |  10/25/2017  | 
Advances in analytics technologies promise to make identity management smarter and more transparent to users. But the process is neither straightforward nor easy.
Will Transparency Save Kaspersky?
Simon Marshall  |  10/25/2017  | 
Kaspersky is trying radical transparency to counter accusations that it acts as a front for Russian intelligence. Will it be enough to quiet the skeptics?
Why Patching Software Is Hard: Organizational Challenges
Commentary  |  10/25/2017  | 
The Equifax breach shows how large companies can stumble when it comes to patching. Organizational problems can prevent best practices from being enforced.
A New BotNet Is Growing: Are You Already Part of Its Army?
Curt Franklin  |  10/24/2017  | 
The IoT_Reaper botnet is new and growing. Are your IoT devices already part of a criminal system that will cripple the Internet?
Finding Your Appetite for Security Automation (and Why That's Important)
Commentary  |  10/24/2017  | 
Yes, automation is becoming increasingly critical. But before you go all-in, determine the level that's right for your company.
CNCF Adopts 2 Container Security Projects
Curt Franklin  |  10/24/2017  | 
A pair of new open source container security projects find a home at the CNCF. Enterprise Cloud News' Scott Ferguson reports the details.
Why Patching Software Is Hard: Technical Challenges
Commentary  |  10/24/2017  | 
Huge companies like Equifax can stumble over basic technical issues. Here's why.
You Must Know Blockchain
Curt Franklin  |  10/23/2017  | 
Even if you're not planning to use it any time soon, the signs are clear: You must know the technology of blockchain.
The Simplicity of a Wordpress Hack
Larry Loeb  |  10/23/2017  | 
The latest Wordpress hack is serious, but it's not part of some grand conspiracy among hackers.
Security Training & Awareness: 3 Big Myths
Commentary  |  10/23/2017  | 
The once-overwhelming consensus that security awareness programs are invaluable is increasingly up for debate.
Financial Institutions Lack Confidence in Their Own Defenses
Curt Franklin  |  10/20/2017  | 
Financial institutions are fighting fraud with tools that aren't completely up to the task, according to the results of a new survey out this week.
How to Talk to the C-Suite about Malware Trends
Commentary  |  10/20/2017  | 
There is no simple answer to the question 'Are we protected against the latest brand-name malware attack?' But there is a smart one.
Contesting Control of Container Security
Simon Marshall  |  10/20/2017  | 
Who should control container security? It's a question that is gaining importance as containers become a favored mechanism for enterprise development.
How Can You Beat the Widespread ROCA?
Curt Franklin  |  10/19/2017  | 
ROCA is a vulnerability hitting millions of devices. How can you tell if yours are affected and what can you do if they are?
What's Next after the SEC 'Insider Trading' Breach?
Commentary  |  10/19/2017  | 
Last month's hack of the Securities and Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.
CISOs: Striving Toward Proactive Security Strategies
Partner Perspectives  |  10/19/2017  | 
A new survey paints a compelling picture of the modern security executive, how they succeed, and how much power they wield.
GDPR Pressure Begins on US Multinationals
Simon Marshall  |  10/19/2017  | 
GDPR may be an EU regulation but it will have a significant impact on US companies doing business with any European customer, and the impact will start soon.
Necurs Malware Wants a Selfie With Your Desktop
Curt Franklin  |  10/18/2017  | 
Necurs has returned and this time it's carrying a payload that takes a picture of your desktop.
McAfee Brings AI to Security With New Products
Curt Franklin  |  10/18/2017  | 
McAfee has announced new products at MPOWER products that bring AI and machine learning to security analytics.
What's Next After HTTPS: A Fully Encrypted Web?
Commentary  |  10/18/2017  | 
As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.
KRACK Attack: How Enterprises Can Protect Their WiFi
Curt Franklin  |  10/17/2017  | 
A flaw in the WPA2 protocol means that most WiFi networks worldwide are open to successful attack.
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Commentary  |  10/17/2017  | 
The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.
Attivo Goes On the Attack Against Hackers
Simon Marshall  |  10/17/2017  | 
Attivo gets $21 million in new funding to take the fight to hackers through advanced deception.
HONEST Poll Results: How Much Should You Encrypt?
Curt Franklin  |  10/16/2017  | 
What is the 'Goldilocks Zone' when it comes to encryption? Security Now community members speak out in our latest poll.
CoinHive Mines New Malware Potential
Larry Loeb  |  10/16/2017  | 
Some websites have developed a new revenue stream. Unfortunately, it involves placing malware on visitors' computers.
20 Questions to Ask Yourself before Giving a Security Conference Talk
Commentary  |  10/16/2017  | 
As cybersecurity continues to become more of a mainstream concern, those of us who speak at industry events must learn how to truly connect with our audience.
Cisco Talos Team Tackles Top-Tier TXT Threat
Simon Marshall  |  10/13/2017  | 
Talos researchers have taken down an attack aimed at the Securities and Exchange Commission.
Risk & Reality Take Different Paths in Cybersecurity
Curt Franklin  |  10/13/2017  | 
A new study by Barracuda shows once again that the reality and perception of cyberrisks are two very different things.
Getting the Most Out of Cyber Threat Intelligence
Commentary  |  10/13/2017  | 
How security practitioners can apply structured analysis and move from putting out fires to fighting the arsonists.
ShiftLeft Secures Code Pre-Threat
Simon Marshall  |  10/12/2017  | 
Startup ShiftLeft is moving security forward in the software development lifecycle.
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Commentary  |  10/12/2017  | 
With social media, gathering information has never been easier, making Business Email Compromise the land of milk and honey for cybercriminals.
6 Steps to Finding Honey in the OWASP
Partner Perspectives  |  10/12/2017  | 
The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
Final Decision in Dreamhost Battle With DOJ
Curt Franklin  |  10/11/2017  | 
In the legal battle between the Department of Justice and Dreamhost, a resolution and a victory.
Can Machine Learning Outsmart Malware?
Partner Perspectives  |  10/11/2017  | 
Using machine learning in the cybersecurity domain is a growing trend with many advantages, but it also has its risks.
Rowhammer Attack Pounds With Precision
Larry Loeb  |  10/11/2017  | 
A new variant of the Rowhammer attack can work around every known defense.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.