Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in December 2012
The Only Security Prediction That Matters
Commentary  |  12/26/2012  | 
In this silly season of year-end predictions, we need to collectively revisit the only prediction that will matter next year
Monitoring A La Borg
Commentary  |  12/24/2012  | 
What would a true infrastructure collective look like?
The Identity Cliff
Commentary  |  12/18/2012  | 
Kicking the can down the road on identity cannot go on forever. Not choosing to deal with improving identity and access architecture is a choice
You Are The Big Data
Commentary  |  12/15/2012  | 
Monitoring isn't just about systems anymore
S.C. Security Blunders Show Why States Get Hacked
Commentary  |  12/13/2012  | 
Governor blames data breach on Russian hackers and the IRS, but states' by-the-book IT ethos shows rules and regulations are the real culprit.
Don't Get 'Ha-Duped' By Big Data Security Products
Commentary  |  12/12/2012  | 
Some Big Data security recommendations
Hauling That 50-Pound Sack Of Compliance
Commentary  |  12/11/2012  | 
Done wrong, your compliance efforts can needlessly weigh your team down
The Most Important IAM Question: Who Does This?
Commentary  |  12/10/2012  | 
IAM projects get so wound up around tooling and processes that critical organizational questions go unanswered
Find The Right Data Archive Method
Commentary  |  12/10/2012  | 
Backup-as-archive is an increasingly viable storage solution, especially for companies that don't have strict data retention requirements.
What Is Big Data?
Commentary  |  12/7/2012  | 
Big data is not about buying more big iron
Royal Security Fail: 'May I Speak To Kate?'
Commentary  |  12/6/2012  | 
The oldest -- and most effective -- social engineering trick in the book remains getting on the phone and impersonating an insider. Ask Kate Middleton, the Duchess of Cambridge.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38258
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
CVE-2021-38260
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
CVE-2021-39223
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.t...
CVE-2021-39224
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is locat...
CVE-2021-39225
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. Ther...