Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in March 2017
Customized Malware: Confronting an Invisible Threat
Commentary  |  3/31/2017  | 
Hackers are gaining entry to networks through a targeted approach. It takes a rigorous defense to keep them out.
The Business of Security: How your Organization Is Changing beneath You
Commentary  |  3/30/2017  | 
And why its your job to change with it and skate where the puck is headed.
Payment Card Industry Security Compliance: What You Need to Know
Commentary  |  3/30/2017  | 
A quick refresher on all the different PCI SSC security standards that are relevant for organizations that accept electronic payments.
Privacy Babel: Making Sense of Global Privacy Regulations
Commentary  |  3/29/2017  | 
Countries around the world are making their own privacy laws. How can a global company possibly keep up?
To Gain Influence, CISOs Must Get Security's Human Element Right
Commentary  |  3/29/2017  | 
Focusing on certain elements of security in isolation can cause a false sense of security.
Network Operations Filled With Unplanned Activity
Curt Franklin  |  3/28/2017  | 
Network operations spends vast amounts of time reacting to events. What does that mean for your organization and its people?
Commercial IoT: Big Trouble in Small Devices
Commentary  |  3/28/2017  | 
There are endless scenarios where hackers could wreak havoc on the industrial Internet of Things. Theres also a readily available solution called HIP.
Exploit Kits: Winter 2017 Review
Partner Perspectives  |  3/28/2017  | 
We take another look at the current EK scene by going over RIG, Sundown, Neutrino and Magnitude.
How Identity Deception Increases the Success of Ransomware
Commentary  |  3/28/2017  | 
As scammers hone their skills, their handiwork looks more credible to intended victims, making a successful ransomware scam more likely.
This Week On Dark Reading: Event Calendar
Commentary  |  3/27/2017  | 
Ransomware remediation and recovery this week, with clouds on the horizon.
Data Visualization: Keeping an Eye on Security
Commentary  |  3/27/2017  | 
Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
Prioritizing Threats: Why Most Companies Get It Wrong
Commentary  |  3/24/2017  | 
To stay safer, focus on multiple-threat attack chains rather than on individual threats.
5 Ways CISOs Could Work Better with Their Cyber Insurers
Commentary  |  3/23/2017  | 
Risk management has become increasingly important, making it crucial companies have good relationships with their insurance company.
Security Takes the Stage at Oracle Industry Connect
Curt Franklin  |  3/22/2017  | 
Security is a supporting player at Oracle Industry Connect. Is it hero or villain to the assembled customers and partners?
Malware Explained: Packer, Crypter & Protector
Partner Perspectives  |  3/22/2017  | 
These three techniques can protect malware from analysis. Heres how they work.
Phishing Your Employees for Schooling & Security
Commentary  |  3/22/2017  | 
Your education program isn't complete until you test your users with fake phishing emails.
Report: OilRig' Attacks Expanding Across Industries, Geographies
Commentary  |  3/21/2017  | 
Malware targets Middle Eastern airlines, government, financial industries and critical infrastructure with a simple but powerful backdoor created by infected Excel files attached to phishing emails.
Getting Beyond the Buzz & Hype of Threat Hunting
Commentary  |  3/20/2017  | 
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it wont happen overnight.
Embrace the Machine & Other Goals for CISOs
Commentary  |  3/17/2017  | 
Here are five ways we can become more effective for our organizations.
In Cyber, Who Do We Trust to Protect the Business?
Commentary  |  3/16/2017  | 
If business leaders and directors continue to view cybersecurity as mainly a matter for the IT department, they will leave their companies exposed to significant risks.
Ethical Hacking: The Most Important Job No One Talks About
Commentary  |  3/16/2017  | 
If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.
DOJ Charges Russian Agents in Yahoo Breach
Craig Matsumoto  |  3/15/2017  | 
Officers of Russia's FSB led the 2014 intrusion into Yahoo's network, according to grand jury indictments.
Cloudbleed Lessons: What If There's No Lesson?
Curt Franklin  |  3/15/2017  | 
'There's nothing to be done,' isn't an encouraging lesson from a security disaster, but that may be the biggest takeaway from Cloudbleed.
Trust Begins With Layer 1 Encryption
Commentary  |  3/15/2017  | 
In todays distributed environment, cloud and communication service providers can play a key role in providing organizations with a scalable and secure platform for the connection of everything to everything. Heres how.
Security in the Age of Open Source
Commentary  |  3/15/2017  | 
Dramatic changes in the use of open source software over the past decade demands major changes in security testing regimens today. Here's what you need to know and do about it.
Debunking 5 Myths About DNS
Commentary  |  3/14/2017  | 
From the boardroom to IT and the end user, the Domain Name System is often misunderstood, which can leave organizations vulnerable to attacks.
7 Things You Need to Know about Bayesian Spam Filtering
Partner Perspectives  |  3/14/2017  | 
Knowing how spam filters work can clarify how some messages get through, and how your own emails can avoid being caught.
The Industrial Revolution of Application Security
Commentary  |  3/14/2017  | 
DevOps is driving big changes in the industry, but a cultural shift is needed.
What Your SecOps Team Can (and Should) Do
Commentary  |  3/13/2017  | 
If your organization has all of these pieces in place, congratulations!
This Week On Dark Reading: Events Calendar
Commentary  |  3/13/2017  | 
How to become a threat hunter, how to build a cybersecurity architecture that actually defends against today's risks, and much more...
IoT & Liability: How Organizations Can Hold Themselves Accountable
Commentary  |  3/10/2017  | 
To avoid a lawsuit, your company needs to better understand the state of your infrastructure and the devices and applications within it. Here are five areas on which to focus.
New Tachyon Promotes Ad Hoc Security Queries
Curt Franklin  |  3/9/2017  | 
1E's new Tachyon EDR system is designed without a database for faster random queries.
Mobile (In)security: Dark Reading Cartoon Caption Contest Winners
Commentary  |  3/9/2017  | 
Clever word play on mobile ransomware, cloud and the Internet of Things. And the winners are
Securing Todays 'Elastic Attack Surface'
Commentary  |  3/9/2017  | 
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
In a Cybersecurity Vendor War, the End User Loses
Commentary  |  3/8/2017  | 
When vulnerability information is disclosed without a patch available, users are the ones really being punished.
4 Ways to Recover from a Cyberattack
Partner Perspectives  |  3/8/2017  | 
Be prepared and act quickly are two key steps that will help you bounce back quickly from a cyberattack.
Trust, Cloud & the Quest for a Glass Wall around Security
Commentary  |  3/8/2017  | 
In the next year, were going to see a leap towards strategic, business-level objectives that can be resolved by simplifying infrastructure and granting greater visibility in real time.
WikiLeaks Strikes Again
Curt Franklin  |  3/8/2017  | 
WikiLeaks has release thousands of pages allegedly from CIA's Center for Cyber Intelligence. Just how bad is it?
Googles SHA-1 Countdown Clock Could Undermine Enterprise Security
Commentary  |  3/7/2017  | 
In the wake of a recently documented 'collision' attack, Google researchers should consider delaying the release of the code behind the crack until companies can roll out adequate patches. Here's why
A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
Commentary  |  3/7/2017  | 
A researcher gives us a glimpse into what happened when he found a problem with an IoT device.
New Yorks Cyber Regulations: How to Take Action & Whos Next
Commentary  |  3/6/2017  | 
Even if your company isnt directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.
Adware vs. Ad Fraud: Viva la Difference!
Partner Perspectives  |  3/6/2017  | 
Both earn their money in the advertising trade but they each have very different means of operation and targets.
Threats Converge: IoT Meets Ransomware
Commentary  |  3/6/2017  | 
Ransomware is already a problem. The Internet of Things has had a number of security issues. What happens when the two combine?
How to Use & Share Customer Data without Damaging Trust
Commentary  |  3/3/2017  | 
These five tips for protecting consumer privacy will ensure that your customers will stay customers for the long run.
Three Years after Heartbleed, How Vulnerable Are You?
Commentary  |  3/2/2017  | 
You may have a problem lurking in your open source components and not know it. Start making a list...
Best Practices for Lowering Ransomware Risk
Commentary  |  3/1/2017  | 
The first step is to avoid falling prey in the first place. That means teaching your entire organization - from IT staff to executive management - how not to be a victim.
DNSSEC: Why Do We Need It?
Partner Perspectives  |  3/1/2017  | 
The number of signed domain names has grown considerably over the past two and a half years but some sectors are heavily lagging behind.
Insider Sabotage among Top 3 Threats CISOs Cant yet Handle
Partner Perspectives  |  3/1/2017  | 
These five steps can help your organizations limit the risks from disgruntled employees and user errors.


Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12524
PUBLISHED: 2020-12-02
Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).
CVE-2020-14369
PUBLISHED: 2020-12-02
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file ...
CVE-2020-25638
PUBLISHED: 2020-12-02
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized informat...
CVE-2020-28272
PUBLISHED: 2020-12-02
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28273
PUBLISHED: 2020-12-02
Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.