Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in October 2017
<<   <   Page 2 / 2
New Dark Reading Conference Will Focus on Defense
Commentary  |  10/11/2017  | 
The INsecurity Conference, Nov. 29-30 at the Gaylord National Harbor in Maryland is all about helping infosecurity pros mitigate threats -- from hot topics to basic hygiene.
How Systematic Lying Can Improve Your Security
Commentary  |  10/11/2017  | 
No, you don't have to tell websites your mother's actual maiden name.
PoohMilk Is Advanced Spear-Phishing
Simon Marshall  |  10/10/2017  | 
A new vulnerability in Microsoft Office means a new opportunity for phishing – and PoohMilk answers the call.
Unstructured Data: The Threat You Cannot See
Commentary  |  10/10/2017  | 
Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.
Friday Haiku: Waves in the Harbor
Curt Franklin  |  10/6/2017  | 
Do calm winds aloft mean peaceful waves at anchor?
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Commentary  |  10/6/2017  | 
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
SONIC Quiet on Data Breach Details
Simon Marshall  |  10/6/2017  | 
Drive-in restaurant chain SONIC has suffered a breach but customers and the public are still looking for critical details.
Gartner Says Real Security Starts With a Mission
Curt Franklin  |  10/6/2017  | 
Security for the digital organization starts with a mission that has executive support; the process from mission to execution is step-by-step.
CLKSCREW Hack Breaks Hardware With Software
Larry Loeb  |  10/5/2017  | 
A new technique can hack into even secure systems by overwhelming with simple commands.
Finding the AI ROI
Simon Marshall  |  10/5/2017  | 
Is AI a good security investment? Many say yes, but it depends on how you deploy your artificial intelligence.
Private, Public, or Hybrid? Finding the Right Fit in a Bug Bounty Program
Commentary  |  10/5/2017  | 
How can a bug bounty not be a bug bounty? There are several reasons. Here's why you need to understand the differences.
URL Obfuscation: Still a Phisher's Phriend
Partner Perspectives  |  10/5/2017  | 
There are three primary techniques to trick users into thinking a website link is real: URL shorteners, URL doppelgangers, and URL redirects.
What Security Teams Need to Know about the NIAC Report
Commentary  |  10/4/2017  | 
Which of the recommendations made by the NIAC working group will affect security teams the most, and how should they prepare?
Yahoo Breach News Just Gets Worse
Curt Franklin  |  10/4/2017  | 
It turns out that more than 3 billion accounts were compromised in the Yahoo breach originally disclosed last year.
Ransomware Will Target Backups: 4 Ways to Protect Your Data
Commentary  |  10/4/2017  | 
Backups are the best way to take control of your defense against ransomware, but they need protecting as well.
Gartner Lists Security Trends for 2018
Curt Franklin  |  10/3/2017  | 
A session at Gartner Symposium/ITxpo laid out security trends for the coming year.
A Month for Cybersecurity
Simon Marshall  |  10/3/2017  | 
It's National Cybersecurity Awareness Month, a time to think about, plan and deploy better cybersecurity for your organization.
DevOpsSec: A Big Step in Cloud Application Security
Commentary  |  10/3/2017  | 
Why it's time for DevOps and security teams to bury the hatchet -- and not in each other's back.
Gartner Analysts See AI Augmenting Security
Curt Franklin  |  10/2/2017  | 
Gartner analysts don't think AI will replace humans in security; instead it will be a critical piece of a better security infrastructure.
Gartner Symposium Opens in Orlando
Curt Franklin  |  10/2/2017  | 
Gartner Symposium ITXpo is opening today in Orlando. Security Now is there to bring you the latest from the analysts and consultants at one of the most influential firms in the IT industry.
Sunflower Security Mixes Lights, Drones for Safer Buildings
Simon Marshall  |  10/2/2017  | 
A new security company may change the way we think about residential security.
5 IT Practices That Put Enterprises at Risk
Commentary  |  10/2/2017  | 
No one solution will keep you 100% protected, but if you avoid these common missteps, you can shore up your security posture.
Security Fails in Third-Party Hands
Larry Loeb  |  10/2/2017  | 
Your security may rest in the hands of a third party – and those hands will probably let you down.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.