Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in May 2021
3 SASE Misconceptions to Consider
Commentary  |  5/31/2021  | 
SASE is all the rage, promising things IT leaders have long dreamed about, but a purist approach may create consequences.
Most Mobile Apps Can Be Compromised in 15 Minutes or Less
Commentary  |  5/28/2021  | 
In the name of releasing apps quickly and delivering a smooth user experience, mobile app security is often given short shrift.
Acronis: Pandemic Hastened Cloud Migration, Prompting New Security Issues
Commentary  |  5/27/2021  | 
SPONSORED: WATCH NOW -- The COVID-19 pandemic has accelerated an ongoing shift in data away from business data centers to home offices and the cloud, explains Candid Wust, VP of cyber protection research for Acronis.
Let's Stop Blaming Employees for Our Data Breaches
Commentary  |  5/27/2021  | 
Assuming employees want to steal trade secrets pits them against your security teams, creates stress and reduces productivity.
How Menlo Uses Isolation to Secure Mobile Devices in the Cloud
Commentary  |  5/27/2021  | 
SPONSORED: WATCH NOW -- Mobile devices like smartphones and tablets have emerged as popular targets for bad actors looking to break into to cloud-based networks, according to Poornima DeBolle, chief product officer for Menlo Security.
Prevention Is the Only Cure: The Dangers of Legacy Systems
Commentary  |  5/27/2021  | 
Prolonged exposure to poorly managed legacy IT devices proves time and time again the familiar adage: What can go wrong will go wrong.
ExtraHop Explains How Advanced Threats Dominate Threat Landscape
Commentary  |  5/27/2021  | 
SPONSORED: WATCH NOW -- How do SOC professionals build a strategy when they lack basic information about how such threats operate? Advanced threats by their very nature create plenty of uncertainty, according to Matt Cauthorn, VP of cloud security for ExtraHop.
Cisco: Reduced Complexity in the SOC Improves Enterprise Security
Commentary  |  5/26/2021  | 
SPONSORED: WATCH NOW -- All it took was a global pandemic and a shift to working from home to expose security operations centers' open secret: Too much software, systems, and data to filter. Dug Song, chief strategy officer of Cisco Secure, makes a strong case for why reducing that complexity is the only tenable way forward for security professionals.
Bug Bounties and the Cobra Effect
Commentary  |  5/26/2021  | 
Are bug bounty programs allowing software companies to skirt their responsibility to make better, more secure products from the get-go?
Devo: SIEM Continues to Evolve with Tech Trends and Emerging Threats
Commentary  |  5/26/2021  | 
SPONSORED: WATCH NOW -- Some organizations split the difference with a hybrid of premises- and cloud-based SIEM, says Ted Julian, senior VP of product at Devo. As security data volumes continue to increase, SIEM's evolution will only continue.
Messaging Apps: The Latest Hotbed in the Fraud Ecosystem
Commentary  |  5/26/2021  | 
Telegram and other secure messaging apps have become a haven for professional criminals to wreak havoc and turn a profit.
Orange: Your Leaky Security is Coming from Inside the House!
Commentary  |  5/26/2021  | 
SPONSORED: Your home WiFi router may be screaming fast, but it's also a major point of vulnerability in this work-from-home era, says Charl van der Walt, head of security research at Orange Cyberdefense. And while Zero Trust offers some relief, he offers up some how-to advice to ensure it's properly deployed.
Axis Fosters Work-From-Home Momentum with Zero Trust Network Access
Commentary  |  5/25/2021  | 
SPONSORED: Watch now -- VPN and VDI, while still useful, lack the hardened security required to keep users secure. That's created an opening for Zero Trust network access.
Your Network's Smallest Cracks Are Now Its Biggest Threats
Commentary  |  5/25/2021  | 
Bad actors have flipped the script by concentrating more on low-risk threats. Here's how to address the threat and the tactics.
Uptycs Offers Resilience Formula to Boost Business Continuity
Commentary  |  5/25/2021  | 
SPONSORED CONTENT: Breaches and data loss are inevitable, but customers can bounce back more readily with some planning and foresight, says Ganesh Pai, CEO and founder of Uptycs. He suggests a trajectory for customers looking to improve their own resilience, starting with proactiveness, followed by reactivity, then predictive capabilities and better protection.
The Adversary Within: Preventing Disaster From Insider Threats
Commentary  |  5/25/2021  | 
Insiders are in a position of trust, and their elevated permissions provide opportunities to cause serious harm to critical business applications and processes.
Turn the Tables: Supply Chain Defense Needs Some Offense, Fortinet Says
Commentary  |  5/25/2021  | 
SPONSORED CONTENT: Watch now -- While the SolarWinds hack put fresh attention on supply chain vulnerabilities, Derek Manky of Fortinet's Fortiguard Labs suggests dismantling cybercriminals' own supply chains.
Sophos Research Uncovers Widespread Use of TLS By Cybercriminals
Commentary  |  5/24/2021  | 
SPONSORED CONTENT: Nearly half of all malware is being disseminated via the Transport Layer Security cryptographic protocol, says Dan Schiappa, executive VP and chief product officer for Sophos.
Work from Home Modifies the Endpoint Security Equation, Cisco Says
Commentary  |  5/24/2021  | 
SPONSORED CONTENT: As customers get to grips with this new WFH reality, they'll need to simplify their implementations and make more use of automation, says Cisco Secure's Al Huger.
As Threat Hunting Matures, Malware Labs Emerge
Commentary  |  5/24/2021  | 
By leveraging their analysis outputs, security pros can update detection rules engines and establish a stronger security posture in the process.
The Changing Face of Cybersecurity Awareness
Commentary  |  5/21/2021  | 
In the two decades since cybersecurity awareness programs emerged, they've been transformed from a good idea to a business imperative.
Security Providers Describe New Solutions (& Growing Threats) at RSAC
Commentary  |  5/20/2021  | 
SPONSORED CONTENT: Watch now -- Leading security companies meet Dark Reading in the RSA Conference Broadcast Alley to talk about tackling insider threat, SOC complexity, cyber resilience, mobile security, attacker evasion, supply chain threats, ransomware, and more.
3 Ways Anti-Vaxxers Will Undercut Security With Misinformation
Commentary  |  5/20/2021  | 
Misinformation campaigns thrive on inequality of knowledge, which bad actors use to drive a wedge between communities.
How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World
Commentary  |  5/20/2021  | 
A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.
How to Adapt to Rising Consumer Expectations of Invisible Security
Commentary  |  5/19/2021  | 
Working from home has changed users' ideas about seamless security. Here's how to address them.
How Ransomware Encourages Opportunists to Become Criminals
Commentary  |  5/19/2021  | 
And what's needed to stop it: Better information sharing among private organizations and with law enforcement agencies.
Why Anti-Phishing Training Isn't Enough
Commentary  |  5/18/2021  | 
Not only is relying on employees' awareness insufficient to prevent sophisticated social engineering attacks, some training methods can create other problems.
How to Mitigate Against Domain Credential Theft
Commentary  |  5/18/2021  | 
Attackers routinely reuse stolen domain credentials. Here are some ways to thwart their access.
Agility Broke AppSec. Now It's Going to Fix It.
Commentary  |  5/17/2021  | 
Outnumbered 100 to 1 by developers, AppSec needs a new model of agility to catch up and protect everything that needs to be secured.
Name That Toon: Road Trip
Commentary  |  5/17/2021  | 
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Security Trends to Follow at RSA Conference 2021
Commentary  |  5/14/2021  | 
Here are three key categories of sessions that provide an inside look at some of today's most interesting cybersecurity trends.
Adapting to the Security Threat of Climate Change
Commentary  |  5/13/2021  | 
Business continuity plans that address natural and manmade disasters can help turn a cataclysmic business event into a minor slowdown.
Defending the Castle: How World History Can Teach Cybersecurity a Lesson
Commentary  |  5/13/2021  | 
Cybersecurity attackers follow the same principles practiced in warfare for millennia. They show up in unexpected places, seeking out portions of an organization's attack surface that are largely unmonitored and undefended.
Verizon DBIR 2021: "Winners" No Surprise, But All-round Vigilance Essential
Commentary  |  5/13/2021  | 
Verizon's Data Breach Investigations Report (DBIR) covers 2020 -- a year like no other. Phishing, ransomware, and innovation caused big problems.
Hashes, Salts, and Rainbow Tables: Confessions of a Password Cracker
Commentary  |  5/12/2021  | 
Understanding a few basics about how password crackers think and behave could help you keep your users safer.
Why You Should Be Prepared to Pay a Ransom
Commentary  |  5/12/2021  | 
Companies that claim they'll never pay up in a ransomware attack are more likely to get caught flat-footed.
Cartoon Caption Winner: Greetings, Earthlings
Commentary  |  5/11/2021  | 
And the winner of Dark Reading's April cartoon caption contest is ...
3 Cybersecurity Myths to Bust
Commentary  |  5/11/2021  | 
Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks.
Critical Infrastructure Under Attack
Commentary  |  5/11/2021  | 
Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
Exchange Exploitation: Not Dead Yet
Commentary  |  5/10/2021  | 
The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover.
Defending Against Web Scraping Attacks
Commentary  |  5/7/2021  | 
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
Securing the Internet of Things in the Age of Quantum Computing
Commentary  |  5/6/2021  | 
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
Biden's Supply Chain Initiative Depends on Cybersecurity Insights
Commentary  |  5/6/2021  | 
Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
Will 2021 Mark the End of World Password Day?
Commentary  |  5/5/2021  | 
We might be leaving the world of mandatory asterisks and interrobangs behind for good.
Raytheon: Supply Chain, Ransomware, Zero Trust Biggest Security Priorities
Commentary  |  5/4/2021  | 
SPONSORED CONTENT: While organizations may be more vulnerable than ever to supply chain attacks and ransomware, they can look to Zero Trust frameworks to keep their users and data safe, says Jon Check, senior director in Raytheon's cyber protection solutions unit.
Can Organizations Secure Remote Workers for the Long Haul?
Commentary  |  5/4/2021  | 
By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
It's Time to Ditch Celebrity Cybersecurity
Commentary  |  5/4/2021  | 
High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection.
Dark Reading Celebrates 15th Anniversary
Commentary  |  5/3/2021  | 
Cybersecurity news site begins 16th year with plans to improve site, deliver more content on cyber threats and best practices.
Stopping the Next SolarWinds Requires Doing Something Different
Commentary  |  5/3/2021  | 
Will the SolarWinds breach finally prompt the right legislative and regulatory actions on a broader, more effective scale?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41393
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVE-2021-41394
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVE-2021-41395
PUBLISHED: 2021-09-18
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVE-2021-3806
PUBLISHED: 2021-09-18
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.
CVE-2021-41392
PUBLISHED: 2021-09-17
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.