Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in July 2017
Five Words for Black Hat
Curt Franklin  |  7/31/2017  | 
The Black Hat 2017 conference could be summed up in five words: Should there be more?
DevOps Security & the Culture of 'Yes'
Commentary  |  7/31/2017  | 
Communication, collaboration, and the use of production data to drive decisions are essential for security work in a DevOps world.
Mobile Worries for a Security Pro
Curt Franklin  |  7/28/2017  | 
The most worrying security problem for one security pro is something that sits in the palm of your hand.
Hope Breaks Through Desert Clouds: The Friday Haiku
Curt Franklin  |  7/28/2017  | 
Our Security Now Friday haiku reflects on the week that was Black Hat.
Throw Out the Playbooks to Win at Incident Response
Commentary  |  7/28/2017  | 
Four reasons why enterprises that rely on playbooks give hackers an advantage.
Dark Reading News Desk Live at Black Hat USA 2017
Commentary  |  7/27/2017  | 
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
The Right to Be Forgotten & the New Era of Personal Data Rights
Commentary  |  7/27/2017  | 
Because of the European Union's GDPR and other pending legislation, companies must become more transparent in how they protect their customers' data.
Can Your Risk Assessment Stand Up Under Scrutiny?
Partner Perspectives  |  7/27/2017  | 
Weak risk assessments have gotten a pass up until now, but that may be changing.
Black Hat Keynote: A Call to Change
Curt Franklin  |  7/27/2017  | 
Facebook's Alex Stamos stood before Black Hat 2017 and congratulated the community on all they've done. Then he told them that they must change.
Researchers Bring AI to Endpoint Security
Curt Franklin  |  7/26/2017  | 
FFRI has an AI approach to malware defense and it will protect systems with no Internet connection at all.
10 Critical Steps to Create a Culture of Cybersecurity
Commentary  |  7/26/2017  | 
Businesses are more vulnerable than they need to be. Here's what you should do about it.
How Women Can Raise Their Profile within the Cybersecurity Industry
Commentary  |  7/25/2017  | 
Closing the cybersecurity gender gap won't happen overnight, but women can take can take steps to begin leveling the playing field.
Lessons from Verizon: Managing Cloud Security for Partners
Partner Perspectives  |  7/25/2017  | 
The recent Verizon breach data exposed by an insecure Amazon S3 bucket highlights the need for enterprises to have visibility into how partners and other stakeholders keep their data secure.
New Vulnerability Hits IoT Cameras
Curt Franklin  |  7/25/2017  | 
A vulnerability first seen in IoT cameras has the potential to go much, much further.
SecurityNow.com Is Going to Black Hat
Curt Franklin  |  7/24/2017  | 
We'll be at Black Hat what do you want to know while we're there?
Bots Make Lousy Dates, But Not Cheap Ones
Commentary  |  7/24/2017  | 
The danger of dating sites: If a beautiful woman asks men to click on malware, they'll probably click.
A Sense of Peace: The Friday Haiku
Curt Franklin  |  7/21/2017  | 
Is a moment of calm to be trusted? Our Friday Haiku questions the peace.
20 Questions for Improving SMB Security
Commentary  |  7/21/2017  | 
Security leaders in small and medium-sized business who want to up their game need to first identify where they are now, then, where they want to go.
DevOps & Security: Butting Heads for Years but Integration is Happening
Commentary  |  7/20/2017  | 
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
Profile of a Hacker: The Real Sabu
Partner Perspectives  |  7/20/2017  | 
There are multiple stories about how the capture of the infamous Anonymous leader Sabu went down. Heres one, and another about what he is doing today.
Security in Knowing: An Interview With Nathaniel Gleicher, Part 2
Curt Franklin  |  7/19/2017  | 
Ignorance is indeed bliss for those who would attack our organizations' IT systems. This is part 2 of a conversation with Nathaniel Gleicher, head of cybersecurity strategy for Illumio.
4 Steps to Securing Citizen-Developed Apps
Commentary  |  7/19/2017  | 
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
Security in Knowing: An Interview With Nathaniel Gleicher, Part 1
Curt Franklin  |  7/18/2017  | 
Nathaniel Gleicher, former Director of Cybersecurity Policy for the Obama White House and ex-senior counsel for the US Dept. of Justices computer crimes division, knows something about security.
Voice of Security Radio: Can You Buy Trust?
Curt Franklin  |  7/18/2017  | 
Join editor Curt Franklin when he talks with Alan Cohen, chief commercial officer of Illumio, about the relationship between spending and trust. It's not what you think!
SIEM Training Needs a Better Focus on the Human Factor
Commentary  |  7/18/2017  | 
The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
Poll: When Will You Pay Up for Ransomware?
Curt Franklin  |  7/17/2017  | 
When is it okay to pay the ransom demanded by malware? Take our poll to add your voice to the community wisdom.
AWS S3 Breaches: What to Do & Why
Commentary  |  7/17/2017  | 
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
Six Million Voices Crying at Once
Curt Franklin  |  7/14/2017  | 
A Friday haiku on the latest huge hack this time, at Verizon.
7 Deadly Sins to Avoid When Mitigating Cyberthreats
Commentary  |  7/14/2017  | 
How digitally savvy organizations can take cyber resilience to a whole new dimension.
Black Hat to Host Discussion on Diversity
Commentary  |  7/13/2017  | 
Panel of diversity pioneers will share their views and firsthand experience on how to make inclusion a priority in security.
The Hunt for Networks Building Death Star-Sized Botnets
Partner Perspectives  |  7/13/2017  | 
Internet of Things devices are more critically vulnerable to compromise in DDos attacks than ever before. Heres how to defend against them.
How Security Pros Can Help Protect Patients from Medical Data Theft
Commentary  |  7/13/2017  | 
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
Voice of Security Radio: Hidden Threats on the Web
Curt Franklin  |  7/12/2017  | 
Join Curtis Franklin when he talks with Chris Oldon, CEO of The Media Trust, about the threats that lurk in the hidden -- and not-so-hidden -- corners of the web.
Dealing with Due Diligence
Commentary  |  7/12/2017  | 
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
Cybersecurity: More a People Than a Tech Challenge?
Ray Le Maistre  |  7/11/2017  | 
When it comes to cybersecurity strategies, the human angle needs to be brought to the fore, according to BT and KPMG.
Securing your Cloud Stack from Ransomware
Partner Perspectives  |  7/11/2017  | 
Poor configuration, lack of policies, and permissive behaviors are three factors that can leave your cloud infrastructure vulnerable to ransomware threats.
The High Costs of GDPR Compliance
Commentary  |  7/11/2017  | 
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
HONEST Results: What Keeps You Up at Night?
Curt Franklin  |  7/11/2017  | 
What security issues are Security Now community members afraid of? Our poll tells the tale of the terror.
How Code Vulnerabilities Can Lead to Bad Accidents
Commentary  |  7/10/2017  | 
The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.
The SOC Is DeadLong Live the SOC
Commentary  |  7/7/2017  | 
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
Open Door Policy
Curt Franklin  |  7/7/2017  | 
A Friday Haiku on Insecure States
Security Experts & Hackers: We're Not So Different
Partner Perspectives  |  7/6/2017  | 
Using the similarities among hackers and security programmers can be an advantage.
The Growing Danger of IP Theft and Cyber Extortion
Commentary  |  7/6/2017  | 
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
Avoiding the Dark Side of AI-Driven Security Awareness
Commentary  |  7/5/2017  | 
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
Voice of Security Radio: Will a Digital Transformation Transform Your Security?
Curt Franklin  |  7/5/2017  | 
'Digital Transformation' can be a big umbrella term: What does it mean – and what does it mean to your security? Those are the questions for this week's Voice of Security Radio.
The Problem with Data
Commentary  |  7/3/2017  | 
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.