Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in December 2015
The Changing Face Of Encryption: What You Need To Know Now
Commentary  |  12/30/2015  | 
Encryption today is now an absolute must and the fact that it is difficult does not change the fact that you have to use it.
The Fraud Tsunami Heads To The Sharing Economy
Commentary  |  12/29/2015  | 
When it comes to cyberfraud, online marketplaces like AirBnB can expect an uphill battle in the wake of the rollout of new chip card technology in 2016.
The Rise Of Community-Based Information Security
Commentary  |  12/28/2015  | 
The more vendors, service providers, and companies band together to fight security threats, the more difficult it will become for attacks to succeed.
A Hidden Insider Threat: Visual Hackers
Commentary  |  12/23/2015  | 
Ponemon experiment shows how low-tech white-hat hackers, posing as temps, captured information from exposed documents and computer screens in nearly nine out of ten attempts.
The Industrial Cyber Myth: Its No Fantasy
Commentary  |  12/22/2015  | 
As threats become more sophisticated, the industry is still playing catch-up.
Security Tech: Its Not What You Buy, Its How You Deploy
Commentary  |  12/21/2015  | 
Good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts.
When RATs Become a Social Engineers Best Friend
Commentary  |  12/18/2015  | 
Hacking humans in the banking industry through rogue help desks is becoming a significant problem.
Validating Supply Chain Cybersecurity
Partner Perspectives  |  12/17/2015  | 
How to identify risks, understand downstream effects, and prepare for incidents.
The InfoSec Gender Divide: Practical Advice For Empowering Women
Commentary  |  12/17/2015  | 
There is no one-size-fits-all approach for women to succeed in IT security. What you need is a roadmap and a little help from your friends.
An Ill Wynd Blowing But No Safe Harbor
Commentary  |  12/16/2015  | 
What will state-of-the-art for cybersecurity look like in 2016? The regulatory headwinds on both sides of the Atlantic portend big changes.
Detecting the Undetectable: Windows Registry Attacks
Partner Perspectives  |  12/15/2015  | 
Fileless attacks are becoming more sophisticated, requiring a team of defenses.
Macro Malware Is Back
Partner Perspectives  |  12/15/2015  | 
Social engineering drives macro malware levels to six-year highs.
Investigating Mobile Banking Attacks
Partner Perspectives  |  12/15/2015  | 
Poor mobile app back-end security coding puts consumer information at risk.
To Better Defend Yourself, Think Like A Hacker
Commentary  |  12/15/2015  | 
As attacks become more sophisticated and attackers more determined, organizations need to adopt an offensive approach to security that gets inside the head of the hacker.
Making Security Everyones Job, One Carrot At A Time
Commentary  |  12/14/2015  | 
These five user education strategies will turn employee bad behavior into bulletproof policies that protect data and systems.
How Digital Forensic Readiness Reduces Business Risk
Commentary  |  12/11/2015  | 
These six real-world scenarios show how to turn reactive investigative capabilities into proactive, problem-solving successes.
The Lizard Squad: Cyber Weapon or Business?
Commentary  |  12/10/2015  | 
Even a hacker with the noblest intentions can run afoul of the law by not following six important dos and donts.
Re-innovating Static Analysis: 4 Steps
Commentary  |  12/9/2015  | 
Before we pronounce the death of static analysis, lets raise the bar with a modern framework that keeps pace with the complexity and size found in todays software.
How CISOs Can Reframe The Conversation Around Security: 4 Steps
Commentary  |  12/8/2015  | 
Security professionals often complain that people are the weak link in the data security system. But in reality, they could be your biggest asset and ally.
Perimeter Inversion: Turning Digital Security Inside Out
Partner Perspectives  |  12/7/2015  | 
We need security solutions that are designed from the ground up to operate in todays dynamic environment.
Playing It Straight: Building A Risk-Based Approach To InfoSec
Commentary  |  12/7/2015  | 
What a crooked haircut can teach you about framing the discussion about organizational security goals and strategies.
McAfee Labs 2016-2020 Threat Predictions, Part 2
Partner Perspectives  |  12/4/2015  | 
Previewing 2020 to inform long-term security strategies.
The Power of Prevention: What SMBs Need to Know About Cybersecurity
Commentary  |  12/4/2015  | 
There is no such thing as a company that can't afford security. But where do you start?
McAfee Labs 2016-2020 Threat Predictions, Part 1
Partner Perspectives  |  12/3/2015  | 
Two sets of insights inform near- and long-term security strategies.
Congress Clears Path for Information Sharing But Will It Help?
Commentary  |  12/3/2015  | 
The key challenge companies will face with the new Cybersecurity Information Sharing Act of 2015 is how quickly they can separate data they need to share with data they need to protect.
Into the Breach: Why Self Detection Leads To Faster Recovery
Commentary  |  12/2/2015  | 
When an organization can identify network and system intrusions in their early phases it takes the advantage away from its adversaries. Heres how.
How CISOs Can Change The Game of Cybersecurity
Commentary  |  12/1/2015  | 
In the modern enterprise, chief information security officers need a broad mandate over security and risk management across all operational silos, not just the datacenter.


Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12524
PUBLISHED: 2020-12-02
Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).
CVE-2020-14369
PUBLISHED: 2020-12-02
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file ...
CVE-2020-25638
PUBLISHED: 2020-12-02
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized informat...
CVE-2020-28272
PUBLISHED: 2020-12-02
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28273
PUBLISHED: 2020-12-02
Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.