Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in June 2015
Securing Critical Infrastructure
Partner Perspectives  |  6/30/2015  | 
Protecting the Industrial Internet of Things from cyberthreats is a national priority.
Getting To Yes: Negotiating Technology Innovation & Security Risk
Commentary  |  6/30/2015  | 
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
Cyber Resilience And Spear Phishing
Partner Perspectives  |  6/29/2015  | 
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks.
Social Engineering & Black Hat: Do As I Do Not As I Say
Commentary  |  6/29/2015  | 
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
3 Simple Steps For Minimizing Ransomware Exposure
Commentary  |  6/26/2015  | 
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
What Do You Mean My Security Tools Dont Work on APIs?!!
Commentary  |  6/25/2015  | 
SAST and DAST scanners havent advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
Breach Defense Playbook: Cybersecurity Governance
Partner Perspectives  |  6/25/2015  | 
Time to leave the island: Integrate cybersecurity into your risk management strategy.
Breach Defense Playbook: Incident Response Readiness (Part 2)
Partner Perspectives  |  6/24/2015  | 
Will your incident response plan work when a real-world situation occurs?
The Secret Of War Lies In The Communications --Napoleon
Partner Perspectives  |  6/24/2015  | 
DXL helps organizations keep an eye on external and internal threats using relevant information in real time.
Why China Wants Your Sensitive Data
Commentary  |  6/24/2015  | 
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
Breach Defense Playbook: Incident Response Readiness (Part 1)
Partner Perspectives  |  6/23/2015  | 
Will your incident response plan work when a real-world situation occurs?
The Dark Web: An Untapped Source For Threat Intelligence
Commentary  |  6/23/2015  | 
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Heres how.
What You Probably Missed In Verizon's Latest DBIR
Commentary  |  6/22/2015  | 
Tune in to Dark Reading Radio at 1pm ET/11am Pacific on Wednesday, June 24, when Verizon Data Breach Investigations Report co-author Marc Spitler discusses some of the possibly lesser-noticed nuggets in the industry's popular report on real-world attacks.
Breach Defense Playbook: Open Source Intelligence
Partner Perspectives  |  6/22/2015  | 
Do you know what information out there is putting you at risk?
Security Surveys: Read With Caution
Commentary  |  6/22/2015  | 
Im skeptical of industry surveys that tell security practitioners what they already know. Dont state the obvious. Tell us the way forward.
9 Questions For A Healthy Application Security Program
Commentary  |  6/19/2015  | 
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
An Effective Community Is More Than Just An Online Forum
Partner Perspectives  |  6/19/2015  | 
It is important to develop a strong base of contributors who can communicate effectively, answer questions, and summarize issues.
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 2)
Partner Perspectives  |  6/18/2015  | 
Cybersecurity requires a combination of people, process, and technology in a coordinated implementation leveraging a defense-in-depth methodology.
Cybersecurity Advice From A Former White House CIO
Commentary  |  6/18/2015  | 
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 1)
Partner Perspectives  |  6/17/2015  | 
How does your cybersecurity program compare to your industry peers?
Time to Focus on Data Integrity
Commentary  |  6/17/2015  | 
Information security efforts have historically centered on data theft. But cybercriminals who alter corporate records and personal information can also cause serious harm.
Is Your Security Operation Hooked On Malware?
Commentary  |  6/16/2015  | 
It may seem counterintuitive, but an overzealous focus on malware may be preventing you from detecting even bigger threats.
Lessons Learned From The Ramnit Botnet Takedown
Commentary  |  6/15/2015  | 
While most organizations wont find themselves in similar circumstances, there are important takeaways they can apply to any security program.
Survival Tips For The Security Skills Shortage
Commentary  |  6/12/2015  | 
No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.
Breach Defense Playbook: Hunting For Breach Indicators
Partner Perspectives  |  6/11/2015  | 
Do you proactively hunt for malware on your network, or do you wait for your tools to tell you?
The Promises And Perils Of The Healthcare Internet Of Things
Partner Perspectives  |  6/11/2015  | 
Connected devices are working wonders for managing treatment, but their integration with consumer technology and cloud computing raises significant security issues.
From GitHub to Great Cannon: A Mid-Year Analysis Of DDoS Attacks
Commentary  |  6/11/2015  | 
The new and common face of DDoS today is its use as a smokescreen to conceal malicious activity in an overwhelming burst of traffic that stretch security layers to the brink.
Breach Defense Playbook: Assessing Your Security Controls
Partner Perspectives  |  6/10/2015  | 
Do you include physical security as part of your cybersecurity risk management plan?
Why the Firewall is Increasingly Irrelevant
Commentary  |  6/10/2015  | 
It will take a dramatic reimagining of security to dedicate focus to the areas where company data actually resides. It starts with tearing down the firewall.
Firewalls Sustain Foundation of Sound Security
Commentary  |  6/10/2015  | 
Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised.
Breach Defense Playbook: Assessing Your Cybersecurity Engineering
Partner Perspectives  |  6/9/2015  | 
Is your cybersecurity infrastructure robust enough to defend against future attacks?
Security Metrics: Its All Relative
Commentary  |  6/9/2015  | 
What a haircut taught me about communicating the value of security to executives and non-security professionals.
Beware of Emails Bearing Gifts
Partner Perspectives  |  6/9/2015  | 
A security-connected framework can help your organization thwart cybercrime.
7 Critical Criteria for Data Encryption In The Cloud
Commentary  |  6/8/2015  | 
Encrypting the huge number of data files stored in a public cloud today is like bubble-wrapping an entire house. Better to focus on the fragile items that matter.
Long Cons: The Next Age of Cyber Attacks
Commentary  |  6/5/2015  | 
When hackers know that a big payday is coming they dont mind waiting for months for the best moment to strike.
Securing Private and Hybrid Clouds
Partner Perspectives  |  6/4/2015  | 
As-a-service models offer huge opportunities, but also complicate security.
How The Hacker Economy Impacts Your Network & The Cloud
Commentary  |  6/4/2015  | 
To protect data against growing threats, networks must now act as both sensor and enforcer around traffic that passes through users and data centers to the cloud.
Help Wanted: Security Heroes & Heroines Only Need Apply
Commentary  |  6/3/2015  | 
If we want to do more than simply defend ourselves, we need security champions and equally heroic security solutions.
Shaping A Better Future For Software Security
Commentary  |  6/2/2015  | 
Industry and government leaders discuss ways to improve practices, awareness and education around secure software development. Heres a recap of what you missed.
Todays Requirements To Defend Against Tomorrows Insider Threats
Commentary  |  6/1/2015  | 
At its most basic, a consistent and meaningful insider threat detection program has two components: data and people. Heres how to put them together.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.