Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in November 2017
Page 1 / 2   >   >>
The Critical Difference Between Vulnerabilities Equities & Threat Equities
Commentary  |  11/30/2017  | 
Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
The Good News about Breaches: It Wasn't You this Time
Partner Perspectives  |  11/30/2017  | 
Somewhere in every application there is a vulnerability waiting to be exploited. You can attack the problem by having the right mindset and answering two simple questions
AWS Adds Security Management to Growing Portfolio
Simon Marshall  |  11/30/2017  | 
AWS has announced major new security management features for its massive public cloud infrastructure.
Major Apple Flaw Found, Fixed & Still Dangerous
Curt Franklin  |  11/29/2017  | 
A vulnerability in MacOS High Sierra could leave Macs open and vulnerable in the world of the Internet.
Intel Management Engine Has a Big Problem
Larry Loeb  |  11/29/2017  | 
Intel's Management Engine has a vulnerability that could allow an attacker to own your entire system. And they aren't planning to fix it.
Why Security Depends on Usability -- and How to Achieve Both
Commentary  |  11/29/2017  | 
Any initiative that reduces usability will have consequences that make security less effective.
AI Prepares for Security Spotlight
Simon Marshall  |  11/29/2017  | 
Versive puts AI to work finding and identifying cybersecurity threats.
Aporeto Launches Zero Trust Security Solution
Curt Franklin  |  11/28/2017  | 
A new security approach from Aporeto assumes that your network security is leaky as a sieve.
PreVeil Pushes Encryption Past the End
Simon Marshall  |  11/28/2017  | 
PreVeil is pushing encryption beyond its normal endpoints to protect data wherever it is.
The Looming War of Good AI vs. Bad AI
Commentary  |  11/28/2017  | 
The rise of artificial intelligence, machine learning, hivenets, and next-generation morphic malware is leading to an arms race that enterprises must prepare for now.
McAfee Buys SkyHigh Networks for CASB Functions
Curt Franklin  |  11/27/2017  | 
McAfee has announced that it is purchasing CASB pioneer Skyhigh Networks to bring cloud security to the endpoint security giant.
DDoS Attacks Trend in a Bad Direction
Simon Marshall  |  11/27/2017  | 
DDoS attacks aren't going away; they're becoming larger, more frequent and more frequently used in conjunction with other attacks.
Microsoft Misses Memory Mistake: The Security That Wasn't
Larry Loeb  |  11/27/2017  | 
An error in implementing a security routine means millions of users thought to be protected against a particular attack were actually more vulnerable than ever.
Cyber Forensics: The Next Frontier in Cybersecurity
Commentary  |  11/27/2017  | 
We can now recover evidence from the RAM on a cellphone, even if the account is locked, and use it to prosecute a case.
3 Pillars of Cyberthreat Intelligence
Commentary  |  11/22/2017  | 
Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals.
Time to Pull an Uber and Disclose Your Data Breach Now
Commentary  |  11/22/2017  | 
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
Security Executives Respond to Uber Breach News
Curt Franklin  |  11/22/2017  | 
The news from Uber is rippling across the business landscape. Executives and leaders have a variety of responses to the breach and its aftermath. Here's a roundup of some of those reactions.
Let's Take a Page from the Credit Card Industry's Playbook
Commentary  |  11/21/2017  | 
Internal security departments would do well to follow the processes of major credit cards.
It's Inevitable: You've Been Hacked
Curt Franklin  |  11/20/2017  | 
If your personal information is available on the Internet, you should assume that a hacker has it.
3 Ways to Retain Security Operations Staff
Commentary  |  11/20/2017  | 
Finding skilled security analysts is hard enough. Once you do, you'll need to fight to keep them working for you. These tips can help.
The Face of Enterprise Security
Larry Loeb  |  11/20/2017  | 
Facial recognition is starting to grow as a technology on consumer devices; what does that mean for your enterprise security?
Quad9 Brings Secure DNS to the Masses
Curt Franklin  |  11/17/2017  | 
An industry alliance has introduced Quad9, a free DNS service that can protect users from phishing, bots and malware websites.
Friday Haiku: A Shopping Chill
Curt Franklin  |  11/17/2017  | 
A cautionary note for the season in this week's Friday Haiku.
Barracuda Launches Next-Gen Cloud Firewalls
Curt Franklin  |  11/17/2017  | 
A new set of features makes Barracuda's newest firewalls 'cloud-generation' services.
Tips to Protect the DNS from Data Exfiltration
Commentary  |  11/17/2017  | 
If hackers break in via the Domain Name System, most business wouldn't know until it's too late. These tips can help you prepare.
We're Still Not Ready for GDPR? What is Wrong With Us?
Commentary  |  11/17/2017  | 
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
Kaspersky Takes on 2018
Simon Marshall  |  11/16/2017  | 
Kaspersky Labs has released its security predictions for 2018 and there are troubling trends ahead.
Forget APTs: Let's Talk about Advanced Persistent Infrastructure
Commentary  |  11/16/2017  | 
Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.
'Reaper': The Professional Bot Herders Thingbot
Partner Perspectives  |  11/16/2017  | 
Is it malicious? So far it's hard to tell. For now it's a giant blinking red light in security researchers faces warning us that wed better figure out how to secure the Internet of Things.
iPhone's Facial Recognition Shows Cracks
Curt Franklin  |  11/15/2017  | 
A research firm says that it has successfully spoofed the facial recognition technology used in Apple's flagship iPhone X.
Should Security Silos Still Stand?
Simon Marshall  |  11/15/2017  | 
DevSecOps would tear down every functional silo in security. Is that a good thing, or do corporate silos still serve a valuable purpose?
Who Am I? Best Practices for Next-Gen Authentication
Commentary  |  11/15/2017  | 
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.
Deception Technology: Prevention Reimagined
Commentary  |  11/15/2017  | 
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
The Gift of Simple Security
Simon Marshall  |  11/14/2017  | 
Alert Logic's Marc Willebeek-Lemair has seen complex security and now thinks that simple solutions are the best for most enterprises.
What the NFL Teaches Us about Fostering a Champion Security Team
Commentary  |  11/14/2017  | 
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
SOCs Become Service Targets
Curt Franklin  |  11/13/2017  | 
MSSPs are becoming SOCaaS providers. Is it a natural evolution or a short-lived phenomenon in the as-a-service world?
Cybersecurity Skills Gap Hits Across the Board
Curt Franklin  |  11/13/2017  | 
The massive shortfall in cybersecurity professionals is having an impact on organizations of all types and sizes.
How to Leverage the Rosetta Stone of Information Sharing
Commentary  |  11/13/2017  | 
A common framework will help in the development of cyber-risk management efforts.
No Lock-Pick Required: The Friday Haiku
Curt Franklin  |  11/10/2017  | 
Why pick a lock when keys are so common?
New Research: Phishing Is Worse Than You Thought
Curt Franklin  |  11/10/2017  | 
A new report led by Google researchers shows that phishing attacks are incredibly effective at stealing useful credentials from users.
Dispatch From the CyberWar: An Interview With Joseph Carson
Simon Marshall  |  11/10/2017  | 
Joseph Carson was on the ground when Estonia suffered a series of massive cyber attacks. In this exclusive interview, he talks about what happened and what the world should learn.
Why Common Sense Is Not so Common in Security: 20 Answers
Commentary  |  11/10/2017  | 
Or, questions vendors need to ask themselves before they write a single word of marketing material.
Security Must Stand Up to Bullying, Harassment
Curt Franklin  |  11/9/2017  | 
Today's IT security is about much more than data loss. It's time for the security group to embrace its role in protecting the people within the organization.
Hypervisors: Now a Tool to Protect against Security Blind Spots
Commentary  |  11/9/2017  | 
By facilitating live introspection of virtual machine memory, the Xen Project is striving to eliminate stealthy attack techniques like EternalBlue.
'Goldilocks' Legislation Aims to Clean up IoT Security
Partner Perspectives  |  11/9/2017  | 
The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
Developers Lack Confidence in Application Security
Curt Franklin  |  11/8/2017  | 
A new survey says that developers aren't confident that their applications are secure but they find solace in obscurity.
SlashNext Seeks an End to the Sandbox
Simon Marshall  |  11/8/2017  | 
Sandboxing isn't effective in the modern world, according to startup SlashNext. But what, precisely, comes next?
How Law Firms Can Make Information Security a Higher Priority
Commentary  |  11/8/2017  | 
Lawyers always have been responsible for protecting their clients' information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.
Hiring Outside the Box in Cybersecurity
Commentary  |  11/7/2017  | 
Candidates without years of experience can still be great hires, as long as they are ready, willing, and able.
GPS Comes Under Spoofing Attack
Curt Franklin  |  11/7/2017  | 
A spoofing attack leaves ships reported at airports and captains answering alarms from every system.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...