Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in March 2015
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Commentary  |  3/31/2015  | 
Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Heres proof.
Hacking Back: Two Wrongs Dont Make A Right
Commentary  |  3/30/2015  | 
Heres the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
Defending Cyber-Physical Systems from Attack Chains
Partner Perspectives  |  3/30/2015  | 
A strong defense against compromise involves three layers: hardening devices, securing communications, and monitoring behavior.
Cyber Hunting: 5 Tips To Bag Your Prey
Commentary  |  3/26/2015  | 
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
Preparing for a Breach: The Charge of the Security Brigade
Partner Perspectives  |  3/25/2015  | 
Automation is key to shorter response times and better containment.
The Internet Of Bring-Your-Own Things
Commentary  |  3/25/2015  | 
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
Networked Healthcare: Connecting You, Your Devices, and Your Health Practitioners
Partner Perspectives  |  3/24/2015  | 
Technology developers and policy makers must work closer with the security sector to ensure that innovation leads to real enablement, not cybercrime.
Educating The Cyberwarriors Of The Future
Commentary  |  3/24/2015  | 
If I have to choose between hiring a university-educated CompSci grad or an IT specialist strong in sysadmin, networking or programming, I will pick the IT specialist every time.
Protect Your Web Applications
Partner Perspectives  |  3/23/2015  | 
Reverse proxies are critical to shield Web apps from external attacks.
Context: Finding The Story Inside Your Security Operations Program
Commentary  |  3/23/2015  | 
Whats missing in todays chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
The Clinton Email Kerfuffle & Shadow IT
Commentary  |  3/20/2015  | 
For security pros the issue is not government transparency. It's the fact that users, regardless of seniority, will always pick convenience over security.
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Commentary  |  3/19/2015  | 
Keeping tabs on open source code used in your organizations applications and infrastructure is daunting, especially if you are relying solely on manual methods.
The Bot Threat For the Rest of Us: Application-Layer Attacks
Commentary  |  3/18/2015  | 
Bots are getting craftier by the day so you may not even know you have a problem.
The Anatomy of Advanced Persistent Threats
Partner Perspectives  |  3/18/2015  | 
The only way to keep intruders away is to use multiple security mechanisms.
The End of Pen Testing As We Know It?
Commentary  |  3/17/2015  | 
It's time to expand the scope of penetration tests beyond the periphery of the enterprise network.
Dark Reading Radio: Security Pros At Risk Of Being Criminalized
Commentary  |  3/16/2015  | 
ICYMI: Check out Dark Reading Radio's recent broadcast and discussion about the pitfalls of new government efforts to fight bad hackers that could ultimately hurt the good guys.
Endpoints, Gateways, and Networks: Teamwork Is Better Than Lone Rangers
Partner Perspectives  |  3/16/2015  | 
Security vendors have a common goal when it comes to protecting their customers from danger. Whats missing is a common language and protocols for how and what to share.
7 Deadly Sins Of Security Policy Change Management
Commentary  |  3/16/2015  | 
Mitigating these deadly sins requires process, visibility and automation. Its an effort that will improve security and increase business agility.
Has Security Ops Outlived Its Purpose?
Commentary  |  3/13/2015  | 
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
Deconstructing Threat Models: 3 Tips
Commentary  |  3/12/2015  | 
There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when.
6 Ways The Sony Hack Changes Everything
Commentary  |  3/11/2015  | 
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
Raising the Stakes: When Software Attacks Hardware
Partner Perspectives  |  3/11/2015  | 
Beware the risks of cyberattacks on your computer hardware.
5 Things CISOs Can Learn From The Best GMs In Baseball
Commentary  |  3/10/2015  | 
A MLB team has many goals and objectives: to win, be profitable, have a solid strategy and understand the people whom they serve. Sound familiar?
Techniques, Lures, and Tactics to Counter Social Engineering Attacks
Partner Perspectives  |  3/9/2015  | 
If you are unsure of whether a destination link is safe, tools like TrustedSource are a good place to start.
Second Look: Data Security In A Hybrid Cloud
Commentary  |  3/9/2015  | 
Todays big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
CryptoWall Makes a Comeback via Malicious Help Files
Partner Perspectives  |  3/9/2015  | 
Hackers use .chm attachments to execute malware on unsuspecting users.
Does Hollywood Have The Answer To The Security Skills Question?
Commentary  |  3/6/2015  | 
The Oscar-winning biopic about famed WWII cryptanalyst Alan Turing -- the father of modern computing -- was long overdue. But a lot more needs to be done to inspire the next generation of computer scientists.
Which Apps Should You Secure First? Wrong Question.
Commentary  |  3/5/2015  | 
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
How Secure Are You?
Partner Perspectives  |  3/5/2015  | 
The NIST Cybersecurity Framework can help you understand your risks.
Securing Our Electric Power Grid Is Critical
Partner Perspectives  |  3/4/2015  | 
Highly complex infrastructure systems require protection against cyberattacks.
A Building Code For Internet of Things Security, Privacy
Commentary  |  3/4/2015  | 
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
Compliance & Security: A Race To The Bottom?
Commentary  |  3/3/2015  | 
Compliance is meaningless if organizations dont use it as a starting point to understand and mitigate risks within their environment.
No Silver Bullets for Security
Partner Perspectives  |  3/2/2015  | 
A quick-fix security solution for cyberphysical systems doesnt exist.
Why Security Awareness Alone Wont Stop Hackers
Commentary  |  3/2/2015  | 
End-user training is a noble pursuit but its no defense against low and slow attacks that take months and years to carry out.
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Commentary  |  3/2/2015  | 
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.


Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12524
PUBLISHED: 2020-12-02
Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).
CVE-2020-14369
PUBLISHED: 2020-12-02
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file ...
CVE-2020-25638
PUBLISHED: 2020-12-02
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized informat...
CVE-2020-28272
PUBLISHED: 2020-12-02
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28273
PUBLISHED: 2020-12-02
Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.