Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in February 2019
Page 1 / 2   >   >>
Solving Security: Repetition or Redundancy?
Commentary  |  2/28/2019  | 
To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.
In 2019, Cryptomining Just Might Have an Even Better Year
Commentary  |  2/28/2019  | 
The practice today is so pervasive that cryptojacking scripts are said to be running on an estimated 3% of all sites that users visit.
Endpoint-Security Companies in High Demand for Buyouts, Partnerships
Joe Stanganelli  |  2/28/2019  | 
Since last year, endpoint-protection firms have been among the biggest movers and shakers in the cybersecurity realm – with the endpoint-security market seeing more than a typical share of acquisitions and strategic partnerships. Joe Stanganelli takes a look at why this might be happening.
Attack Code 'MarioNet' Is Pulling Strings in Your Web Browser
Larry Loeb  |  2/28/2019  | 
JavaScript APIs have stretched the boundaries of what is run in the browser to enable feature-rich web applications. But this comes at a price...
Stay Ahead of the Curve by Using AI in Compliance
Commentary  |  2/27/2019  | 
Although human oversight is required, advanced technologies built on AI will become pivotal in building safer financial markets and a safer world.
Digital Transformation With IoT: Assessing Risk Through Standards & Visibility
Joe Stanganelli  |  2/27/2019  | 
IoT transformation is a gift and a curse that carries both business agility and business risk. As the world digitally transforms into something "smarter" than itself, IoT devices proliferate, demanding a lot of resources to keep up with them all – and, by extension, secure them all.
Weak Human Link Still Main Enterprise Security Concern
Larry Loeb  |  2/27/2019  | 
KnowBe4 study confirms what we pretty much knew already.
Embracing DevSecOps: 5 Processes to Improve DevOps Security
Commentary  |  2/27/2019  | 
In the cyber threat climate of the 21st century, sticking with DevOps is no longer an option.
DIY Botnet Detection: Techniques and Challenges
Commentary  |  2/26/2019  | 
Botnets continue to spread to places never dreamed of a few years ago. But you can fight them off, and these tips can help.
A 'Cloudy' Future for OSSEC
Commentary  |  2/26/2019  | 
As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses.
ToRPEDO Attack Surfaces to Hit 5G
Larry Loeb  |  2/26/2019  | 
GSMA had better start looking at ways around it, and fast.
Is There a Silver Bullet for Zero-Day Attacks?
Larry Loeb  |  2/25/2019  | 
Silicon Valley startup K2 Cyber Security says it has a product that will stop any zero-day attack. So where's the proof?
Secure the System, Help the User
Commentary  |  2/25/2019  | 
The enterprise must do its part in deploying and maintaining secure systems so that end users stand a chance against attackers.
To Mitigate Advanced Threats, Put People Ahead of Tech
Commentary  |  2/22/2019  | 
Preventative technologies are only part of the picture and often come at the expense of the humans behind them.
Here it Comes Internet Privacy Regulation
Larry Loeb  |  2/22/2019  | 
A new report by the US Government Accountability Office could be the catalyst for meaningful change on the Internet privacy front.
Why Cybersecurity Burnout Is Real (and What to Do About It)
Commentary  |  2/21/2019  | 
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
Security Analysts Are Only Human
Commentary  |  2/21/2019  | 
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
Supply Chain Attacks Increase 78%
Larry Loeb  |  2/21/2019  | 
The kinds of threats an organization encounters are changing as the defenses that are brought to bear upon them change.
9 Years After: From Operation Aurora to Zero Trust
Commentary  |  2/20/2019  | 
How the first documented nation-state cyberattack is changing security today.
The Anatomy of a Lazy Phish
Commentary  |  2/20/2019  | 
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
Russia Fastest State Threat in the World
Larry Loeb  |  2/20/2019  | 
Russian threat actors were the most prolific last years – and were eight times faster at 'breaking out' than their nearest rival.
Digital Transformation With Cloud: Answering Risks With Algorithms
Joe Stanganelli  |  2/20/2019  | 
Cloud projects are big. Huge. So it's not perpetuating FUD to point out that cloud transformation still bears security and data-stewardship risks. But what appears too big a challenge for mere man might be no match for machine.
Making the Case for a Cybersecurity Moon Shot
Commentary  |  2/19/2019  | 
There are severe and unsolved problems in our industry that justify a sustained effort and substantial investment. It's worth picking one.
Take White Hats Seriously to Staunch the Flow of Zero-Days
Joe Stanganelli  |  2/19/2019  | 
Zero-day vulnerabilities are serious, and on the rise. And IT-security teams make the problem worse when they fail to respond, or respond poorly, to responsible vulnerability disclosures.
Security Leaders Are Fallible, Too
Commentary  |  2/19/2019  | 
Security leaders set the tone for their organizations, and there are many places where the process can go wrong. Second in a six-part series.
Privacy Ops: The New Nexus for CISOs & DPOs
Commentary  |  2/18/2019  | 
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
Container Vulnerability: Still a Reality
Larry Loeb  |  2/18/2019  | 
A security problem with runC that could allow attackers to\r\nescape Linux containers and obtain unauthorized, root-\r\nlevel access to the host operating system is on the move.
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Commentary  |  2/15/2019  | 
These programs are now an essential strategy in keeping the digital desperados at bay.
Increased Cryptomining: a Toehold for Attackers
Larry Loeb  |  2/15/2019  | 
New research reveals that in the last nine months of 2018 there has been a 19x increase in cryptomining activity on the Internet.
Diversity Is Vital to Advance Security
Commentary  |  2/14/2019  | 
Meet five female security experts who are helping to propel our industry forward.
Lessons Learned From 2018 Security Breaches
Marzena Fuller  |  2/14/2019  | 
It's better to hear about a data breach internally than by a security researcher who happens to discover a publicly exposed asset or confidential data for sale on a dark web.
How to Create a Dream Team for the New Age of Cybersecurity
Commentary  |  2/14/2019  | 
When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.
The Rise of 'Fileless' Malware
Larry Loeb  |  2/14/2019  | 
The attack that fileless malware causes does not touch the disk of the target, loading the malware instructions only into memory. Sneaky.
5 Expert Tips for Complying with the New PCI Software Security Framework
Commentary  |  2/13/2019  | 
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
Lessons Learned from a Hard-Hitting Security Review
Commentary  |  2/13/2019  | 
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
Google Moves to Control More of the Internet
Larry Loeb  |  2/13/2019  | 
The company has said that its goal is only to create a faster Internet, which allows for more use and hence more searches and thus more revenue for them.
Cybersecurity and the Human Element: We're All Fallible
Commentary  |  2/12/2019  | 
We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.
What You Need to Know About Arbitrary Code Execution Vulnerabilities
Alan Zeichick  |  2/12/2019  | 
Despite their rather innocuous name, ACE vulnerabilities can appear in just about any software. So here's what to do...
Identifying, Understanding & Combating Insider Threats
Commentary  |  2/12/2019  | 
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
Six Large Data Dumps Add Fuel to Collection #1's Fire
Joe Stanganelli  |  2/12/2019  | 
Collection #1 was just the beginning. Researchers at Recorded Future have uncovered six more dark-web data dumps to complete the set and possibly hint at even more password databases circulating.
What the Government Shutdown Teaches Us about Cybersecurity
Commentary  |  2/11/2019  | 
As lawmakers face a Friday deadline to prevent the federal government from closing a second time, we examine the cost to the digital domain, both public and private.
AI & 'Fuzzing' Combination Empowers APT
Larry Loeb  |  2/11/2019  | 
When the bad guys add AI and 'fuzzing' to their armory, the advanced persistent threat gets, erm, even more threatening.
A Dog's Life: Dark Reading Caption Contest Winners
Commentary  |  2/8/2019  | 
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...
We Need More Transparency in Cybersecurity
Commentary  |  2/8/2019  | 
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.
How Secure Is Manufacturing?
Larry Loeb  |  2/8/2019  | 
Study finds that manufacturing industries struggle to find skilled cybersecurity staff and are underspending on training – but it's not all bad news...
4 Payment Security Trends for 2019
Commentary  |  2/7/2019  | 
Visa's chief risk officer anticipates some positive changes ahead.
When 911 Goes Down: Why Voice Network Security Must Be a Priority
Commentary  |  2/7/2019  | 
When there's a DDoS attack against your voice network, are you ready to fight against it?
Google's GDPR Fine: What It Means for Jurisdictional Arbitrage
Joe Stanganelli  |  2/7/2019  | 
In the wake of France's recent 50 million GDPR fine against Google, enterprises should consider GDPR-enforcement considerations when determining the base of their EU operations.\r\n\r\n
Email Fraud New Trends Exposed
Larry Loeb  |  2/7/2019  | 
It's the security threat that just keeps on giving.
4 Practical Questions to Ask Before Investing in AI
Commentary  |  2/6/2019  | 
A pragmatic, risk-based approach can help CISOs plan for an efficient, effective, and economically sound implementation of AI for cybersecurity.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.