Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in December 2016
The Bug Bounty Model: 21 Years & Counting
Commentary  |  12/29/2016  | 
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
How Artificial Intelligence Will Solve The Security Skills Shortage
Commentary  |  12/28/2016  | 
Unlike industries that fear the intrusion of AI, the infosec world is embracing this revolutionary technology, and the seismic changes it will bring to threat detection and mitigation.
Greatest Hits Of 2016: Readers' Picks For The Years' Best Commentary
Commentary  |  12/27/2016  | 
Heres what topped the Dark Reading page-view charts from the security industrys brightest minds, coolest rock stars, and up-and-coming leaders.
A Cybersecurity Christmas Story
Partner Perspectives  |  12/23/2016  | 
Automation and orchestration will be essential components of security in 2017.
Network Security: An Ounce Of Prevention Is Worth A Pound Of Reaction
Commentary  |  12/22/2016  | 
For humans ailments, prevention might begin with an allergist. In security, it's the network engineer.
Explained: Domain-Generating Algorithms
Partner Perspectives  |  12/21/2016  | 
Cybercriminals use domain-generating algorithms to prevent their servers from being blacklisted or taken down.
Security Analytics: Don't Let Your Data Lake Turn Into A Data Swamp
Commentary  |  12/21/2016  | 
It's easy to get bogged down when looking for insights from data using Hadoop. But that doesn't have to happen, and these tips can help.
20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud
Commentary  |  12/20/2016  | 
A template for working collaboratively with the business in todays rapidly changing technology environment.
Investments In Security Operations Centers Are Paying Off, Study Finds
Partner Perspectives  |  12/19/2016  | 
SOCs help organizations reduce security incidents and improve operational maturity.
Brute-Force Botnet Attacks Now Elude Volumetric Detection
Commentary  |  12/19/2016  | 
It just became harder to distinguish bot behavior from human behavior.
Phishing Can Leverage Users To Bypass Sandboxes
Partner Perspectives  |  12/19/2016  | 
Using social engineering to bypass traditional security defenses is not new and will certainly continue to grow.
Has The Security Industry Failed Its Customers?
Commentary  |  12/16/2016  | 
Short answer: Not really. But the odds of staying safe from a cyberattack go way up when you follow these six tips for security hygiene.
Hurricanes, Earthquakes & Threat Intelligence
Commentary  |  12/15/2016  | 
You must be prepared for foreseeable attacks as well as the ones that sneak up on you.
Are Unconscious Biases Weakening Your Security Posture?
Partner Perspectives  |  12/15/2016  | 
Proactively addressing your biases can help you build a resilient and adaptable security foundation.
Its Time For Organizations To Automate Security
Partner Perspectives  |  12/14/2016  | 
Security automation makes more efficient use of scarce security resources, freeing them up for more proactive tasks.
Anti-Malware Is Necessary In The Data Center: 3 Examples
Commentary  |  12/14/2016  | 
Simply because data center endpoints dont have the same threat profile as general desktops doesnt mean they dont need anti-malware software. Heres why.
The Internet Of Things: When Bigger Is Not Better
Commentary  |  12/13/2016  | 
What happens when 10,000 companies add programmability and connectivity to their products, and we increase the Internets attack surface by a million times or more?
Security In 2017: Ransomware Will Remain King
Partner Perspectives  |  12/13/2016  | 
Businesses, consumers, and security professionals must face this reality and take the necessary steps to educate each other and protect their networks.
Dark Reading Radio: The Coolest Hacks Of 2016
Commentary  |  12/12/2016  | 
Tune in this Wednesday, Dec. 14 at 1pm ET to hear famed researchers Samy Kamkar and Levi Gundert weigh in on some of the most innovative and creative white-hat hacks from the past year.
Whats Naughty & Nice About The Internet Of Things
Commentary  |  12/12/2016  | 
It's easy to catalogue the worst IoT security hazards. But that's not the whole story.
Machine-Learning Algorithms Improve Detection Time For Modern Threats
Partner Perspectives  |  12/12/2016  | 
Artificial intelligence and machine learning are essential to combat a threat landscape that is larger and more sophisticated than ever.
Why Video Game Publishers Must Adopt Enforceable Security Standards
Commentary  |  12/9/2016  | 
Video games have been under attack at an unprecedented rate since 2012, with cyber criminals playing an increasingly significant role.
From Carna To Mirai: Recovering From A Lost Opportunity
Commentary  |  12/8/2016  | 
We had four years to prepare for recent DDoS attacks and failed. How can we learn from our mistakes?
Survey Stresses Importance Of Securing The Internet of Things
Partner Perspectives  |  12/7/2016  | 
If organizations monitor and deploy IoT devices with caution, they can stay ahead of the curve and continue to keep all of their endpoints protected.
Biometric Technology Is Not A Cure-All For Password Woes
Commentary  |  12/7/2016  | 
No single authentication token is infallible. The only real solution is multifactor authentication.
PoisonTap USB Device Can Hack A Locked PC In A Minute
Partner Perspectives  |  12/6/2016  | 
This is just one example of an emerging technology that enables anyone with physical access to a computers USB port to potentially harvest data and gain access by spoofing an Internet ecosystem.
Web Gateways: 5 Big Security Challenges
Commentary  |  12/6/2016  | 
Overreliance on Web gateways is putting data, users, customers, organizations, and reputation in harm's way.
Protect Your Company From Hackable Holiday Gifts
Partner Perspectives  |  12/5/2016  | 
This holiday season promises to be full of devices, apps, and connectivity. Planning and executing appropriate security precautions now will save your business from a serious breach later.
Avalanche Cybercrime Platform Takedown Leaves A Lot To Clean Up
Partner Perspectives  |  12/5/2016  | 
Help us wipe out the remaining bots and put an end to Avalanche once and for all.
Reality Check: Getting Serious About IoT Security
Commentary  |  12/5/2016  | 
The Department of Homeland Security is fully justified in urging security standards for the Internet of Things.
The Human Firewall: Why People Are Critical To Email Security
Commentary  |  12/2/2016  | 
Technology is just the beginning; employees must be fully on board with security procedures.
Cybercriminals Next Target: Long-Term Prizes (Part 2 of 2)
Partner Perspectives  |  12/1/2016  | 
Attacks of a more strategic nature will test early blockchain implementations and continue to explore ways to monetize weak IoT devices.
20 Questions Smart Security Pros Should Ask About 'Intelligence'
Commentary  |  12/1/2016  | 
Threat intel is a hot but complicated topic that encompasses a lot more than just data feeds. Here's how to get beyond the fear, uncertainty, and doubt to maximize its potential.


Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12524
PUBLISHED: 2020-12-02
Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).
CVE-2020-14369
PUBLISHED: 2020-12-02
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file ...
CVE-2020-25638
PUBLISHED: 2020-12-02
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized informat...
CVE-2020-28272
PUBLISHED: 2020-12-02
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28273
PUBLISHED: 2020-12-02
Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.