Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in November 2016
Cybercriminals' Next Target: Short-Term Dangers (Part 1 of 2)
Partner Perspectives  |  11/30/2016  | 
With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware.
The Rise Of SecBizOps & Why It Matters
Commentary  |  11/30/2016  | 
By aligning security dollars and technology with core business requirements, infosec can become a business enabler, not a business impediment.
Job Loss And Financial Damage: CIOs Main Fears When Adopting Virtualization
Partner Perspectives  |  11/30/2016  | 
Companies arent prepared for the security challenges of hybrid infrastructures, Bitdefender study reveals.
Beware: Scalable Vector Graphics Files Are A New Ransomware Threat
Partner Perspectives  |  11/29/2016  | 
SVG files offer many advantages as far as graphics go, but hackers looking to embed malware on websites can exploit them.
Cybersecurity User Training That Sticks: 3 Steps
Commentary  |  11/29/2016  | 
People are eager for common-sense advice that gives them control over their environment and helps them stay safe online.
5 Links Of The Attack Chain And How To Disrupt Them
Partner Perspectives  |  11/28/2016  | 
By identifying steps in the attack chain, you can deploy appropriate defenses at each stage to prevent breaches from happening in the first place.
Time For Security & Privacy To Come Out Of Their Silos
Commentary  |  11/28/2016  | 
By working separately, these two teams aren't operating as efficiently as they could and are missing huge opportunities.
Security Automation: Striking The Right Balance
Commentary  |  11/23/2016  | 
What a smart toaster oven taught me about the importance of learning how to do a task versus the efficiency of automating the work.
Raising The Nation's Cybersecurity IQ: 'Learn To Code'
Commentary  |  11/22/2016  | 
We need to ensure that the students of today are prepared for the security challenges of tomorrow.
Balancing The Risk & Promise Of The Internet Of Things
Commentary  |  11/21/2016  | 
You can't defend against something you don't understand. So make sure you consider IoT's risks before embracing its functionality.
Cyber Monday, Consumers & The Bottom Line Of A Data Breach
Commentary  |  11/18/2016  | 
Yes retailers can achieve ROI for their investments in cybersecurity during the upcoming holiday season - and for the rest of the year, too! Heres how.
Insider Threat: The Domestic Cyber Terrorist
Commentary  |  11/17/2016  | 
It is dangerously naive for business and government leaders to dismiss the risk of radicalized privileged users inside our critical industries.
Active Defense Framework Can Help Businesses Defend Against Cyberattacks
Partner Perspectives  |  11/17/2016  | 
New report provides a framework that lets private sector entities defend themselves while at the same time protect individual liberties and privacy, and mitigate the risk of collateral damage.
Internet Of Things 'Pollutants' & The Case For A Cyber EPA
Commentary  |  11/16/2016  | 
Recent IoT-executed DDoS attacks have been annoying, not life threatening. Should device makers be held liable if something worse happens?
Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'
Commentary  |  11/15/2016  | 
Join us, HackerOne's Alex Rice, and Veracode's Chris Wysopal for the next episode of Dark Reading Radio, today, Wednesday Nov. 16, at 1pmET.
Back To Basics: Maximizing Cybersecurity Capabilities
Commentary  |  11/15/2016  | 
A number of prevention techniques that have existed for years remain fundamental components of any modern security program.
Dark Reading Virtual Event Seeks To Break Security Myths, Conventional Wisdom
Commentary  |  11/14/2016  | 
Three keynotes, two panel sessions offer new ways to think about enterprise information security.
Preparing For The Future Of Online Threats
Commentary  |  11/14/2016  | 
Gaze into the crystal balls of a panel of forward-thinking security experts during Dark Readings virtual event Nov. 15.
8 Ways Businesses Can Better Secure Their Remote Workers
Partner Perspectives  |  11/14/2016  | 
Remote workers may present challenges for IT staff, but a combination of cybersecurity best practices, strong policy, and a dedicated user awareness campaign could keep company data safe.
Learning To Trust Cloud Security
Commentary  |  11/14/2016  | 
Cloud-centric computing is inevitable, so you need to face your concerns and be realistic about risks.
Sharing Threat Intel: Easier Said Than Done
Commentary  |  11/11/2016  | 
For cyber intelligence-sharing to work, organizations need two things: to trust each other and better processes to collect, exchange, and act on information quickly.
How To Build A Comprehensive Security Architecture
Commentary  |  11/10/2016  | 
Dark Reading's virtual event features a panel discussion on what it takes to get away from the daily firefighting method of responding to threats and attacks.
The Drug Dealer In Your Web Browser
Commentary  |  11/10/2016  | 
Illicit dealings once isolated to the Dark Web are spilling out into the light.
How Security Scorecards Advance Security, Reduce Risk
Commentary  |  11/10/2016  | 
CISO Josh Koplik offers practical advice about bridging the gap between security and business goals in a consumer-facing media and Internet company.
The Big Lesson We Must Learn From The Dyn DDoS Attack
Commentary  |  11/9/2016  | 
The vulnerabilities that make IoT devices susceptible to being used in a botnet also make them the perfect avenue into our data centers and clouds.
Every Minute Of Security Planning Will Save You 10 Minutes In Execution
Partner Perspectives  |  11/8/2016  | 
Leveraging automation, orchestration, and interoperability in your cybersecurity plans now will save you significant time later.
Stay Vigilant To The Evolving Threat Of Social Engineering
Commentary  |  11/8/2016  | 
Even the most cyber-savvy individuals can easily get tripped up by a social engineering attack. But users can trip-up a threat simply by paying attention.
Is Fingerprint Authentication Making The Password Problem Worse?
Commentary  |  11/8/2016  | 
Problems emerge when users switch to a new phone.
Ransomware Doesnt Have To Mean Game Over
Partner Perspectives  |  11/8/2016  | 
3 methods can help you recover from a ransomware attack relatively unscathed.
Changing IoT Passwords Won't Stop Attacks. Here's What Will.
Commentary  |  11/7/2016  | 
The solution will take an industry-wide effort, it won't happen overnight, and the problem is not the users' fault!
Transitioning From The Server Room To The Boardroom
Commentary  |  11/5/2016  | 
How can IT professionals balance business goals and information security?
Election 2016 & WikiLeaks: Bad, But Not Your Worst Nightmare
Commentary  |  11/4/2016  | 
John Podesta may be the poster child for poor user security practices but the real problem is rigid regulatory compliance frameworks that perpetuate ineffective perimeter defenses.
Automate And Orchestrate Workflows For Better Security
Partner Perspectives  |  11/4/2016  | 
Security automation has become a central goal for many organizations as they try to respond faster to more threats with limited resources.
Managing Multi-Cloud Security Whether You Want to or Not
Commentary  |  11/3/2016  | 
Yes, it is possible to orchestrate security across multiple clouds without creating performance hurdles. Heres how.
It's Time To Address The Cybersecurity Gender Gap Before It's Too Late
Commentary  |  11/2/2016  | 
It will take years to substantively raise the percentage of women in cybersecurity, so the tech industry better start working at it now.
Phishing Threat Continues To Loom Large
Partner Perspectives  |  11/2/2016  | 
Phishing and spear phishing will only get worse unless companies proactively train employees to recognize a scam when they see one.
Why Enterprise Security Teams Must Grow Their Mac Skills
Commentary  |  11/1/2016  | 
From coffee shops to corporate boardrooms, Apple devices are everywhere. So why are organizations so doggedly focused on Windows-only machines?
We Must Become Good Digital Citizens
Partner Perspectives  |  11/1/2016  | 
Digital citizenship carries many capabilities and benefits, but there also have to be some rules and responsibilities.
7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers
Commentary  |  11/1/2016  | 
The Internet of Things has alarming holes in security. The industry should look to video games for some answers.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33600
PUBLISHED: 2021-09-28
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending ...
CVE-2021-33601
PUBLISHED: 2021-09-28
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server.
CVE-2021-36165
PUBLISHED: 2021-09-28
RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64.
CVE-2020-20691
PUBLISHED: 2021-09-27
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
CVE-2020-20692
PUBLISHED: 2021-09-27
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.