Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in March 2015
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Commentary  |  3/31/2015  | 
Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Heres proof.
Hacking Back: Two Wrongs Dont Make A Right
Commentary  |  3/30/2015  | 
Heres the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
Defending Cyber-Physical Systems from Attack Chains
Partner Perspectives  |  3/30/2015  | 
A strong defense against compromise involves three layers: hardening devices, securing communications, and monitoring behavior.
Cyber Hunting: 5 Tips To Bag Your Prey
Commentary  |  3/26/2015  | 
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
Preparing for a Breach: The Charge of the Security Brigade
Partner Perspectives  |  3/25/2015  | 
Automation is key to shorter response times and better containment.
The Internet Of Bring-Your-Own Things
Commentary  |  3/25/2015  | 
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
Networked Healthcare: Connecting You, Your Devices, and Your Health Practitioners
Partner Perspectives  |  3/24/2015  | 
Technology developers and policy makers must work closer with the security sector to ensure that innovation leads to real enablement, not cybercrime.
Educating The Cyberwarriors Of The Future
Commentary  |  3/24/2015  | 
If I have to choose between hiring a university-educated CompSci grad or an IT specialist strong in sysadmin, networking or programming, I will pick the IT specialist every time.
Protect Your Web Applications
Partner Perspectives  |  3/23/2015  | 
Reverse proxies are critical to shield Web apps from external attacks.
Context: Finding The Story Inside Your Security Operations Program
Commentary  |  3/23/2015  | 
Whats missing in todays chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
The Clinton Email Kerfuffle & Shadow IT
Commentary  |  3/20/2015  | 
For security pros the issue is not government transparency. It's the fact that users, regardless of seniority, will always pick convenience over security.
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Commentary  |  3/19/2015  | 
Keeping tabs on open source code used in your organizations applications and infrastructure is daunting, especially if you are relying solely on manual methods.
The Bot Threat For the Rest of Us: Application-Layer Attacks
Commentary  |  3/18/2015  | 
Bots are getting craftier by the day so you may not even know you have a problem.
The Anatomy of Advanced Persistent Threats
Partner Perspectives  |  3/18/2015  | 
The only way to keep intruders away is to use multiple security mechanisms.
The End of Pen Testing As We Know It?
Commentary  |  3/17/2015  | 
It's time to expand the scope of penetration tests beyond the periphery of the enterprise network.
Dark Reading Radio: Security Pros At Risk Of Being Criminalized
Commentary  |  3/16/2015  | 
ICYMI: Check out Dark Reading Radio's recent broadcast and discussion about the pitfalls of new government efforts to fight bad hackers that could ultimately hurt the good guys.
Endpoints, Gateways, and Networks: Teamwork Is Better Than Lone Rangers
Partner Perspectives  |  3/16/2015  | 
Security vendors have a common goal when it comes to protecting their customers from danger. Whats missing is a common language and protocols for how and what to share.
7 Deadly Sins Of Security Policy Change Management
Commentary  |  3/16/2015  | 
Mitigating these deadly sins requires process, visibility and automation. Its an effort that will improve security and increase business agility.
Has Security Ops Outlived Its Purpose?
Commentary  |  3/13/2015  | 
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
Deconstructing Threat Models: 3 Tips
Commentary  |  3/12/2015  | 
There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when.
6 Ways The Sony Hack Changes Everything
Commentary  |  3/11/2015  | 
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
Raising the Stakes: When Software Attacks Hardware
Partner Perspectives  |  3/11/2015  | 
Beware the risks of cyberattacks on your computer hardware.
5 Things CISOs Can Learn From The Best GMs In Baseball
Commentary  |  3/10/2015  | 
A MLB team has many goals and objectives: to win, be profitable, have a solid strategy and understand the people whom they serve. Sound familiar?
Techniques, Lures, and Tactics to Counter Social Engineering Attacks
Partner Perspectives  |  3/9/2015  | 
If you are unsure of whether a destination link is safe, tools like TrustedSource are a good place to start.
Second Look: Data Security In A Hybrid Cloud
Commentary  |  3/9/2015  | 
Todays big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
CryptoWall Makes a Comeback via Malicious Help Files
Partner Perspectives  |  3/9/2015  | 
Hackers use .chm attachments to execute malware on unsuspecting users.
Does Hollywood Have The Answer To The Security Skills Question?
Commentary  |  3/6/2015  | 
The Oscar-winning biopic about famed WWII cryptanalyst Alan Turing -- the father of modern computing -- was long overdue. But a lot more needs to be done to inspire the next generation of computer scientists.
Which Apps Should You Secure First? Wrong Question.
Commentary  |  3/5/2015  | 
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
How Secure Are You?
Partner Perspectives  |  3/5/2015  | 
The NIST Cybersecurity Framework can help you understand your risks.
Securing Our Electric Power Grid Is Critical
Partner Perspectives  |  3/4/2015  | 
Highly complex infrastructure systems require protection against cyberattacks.
A Building Code For Internet of Things Security, Privacy
Commentary  |  3/4/2015  | 
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
Compliance & Security: A Race To The Bottom?
Commentary  |  3/3/2015  | 
Compliance is meaningless if organizations dont use it as a starting point to understand and mitigate risks within their environment.
No Silver Bullets for Security
Partner Perspectives  |  3/2/2015  | 
A quick-fix security solution for cyberphysical systems doesnt exist.
Why Security Awareness Alone Wont Stop Hackers
Commentary  |  3/2/2015  | 
End-user training is a noble pursuit but its no defense against low and slow attacks that take months and years to carry out.
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Commentary  |  3/2/2015  | 
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35397
PUBLISHED: 2021-08-04
A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by sending...
CVE-2021-36483
PUBLISHED: 2021-08-04
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.
CVE-2021-37231
PUBLISHED: 2021-08-04
A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.
CVE-2021-37232
PUBLISHED: 2021-08-04
A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.
CVE-2021-32813
PUBLISHED: 2021-08-03
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however...