Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in July 2019
Page 1 / 2   >   >>
Why the Network Is Central to IoT Security
Commentary  |  7/31/2019  | 
Is there something strange about your network activity? Better make sure all of your IoT devices are under control.
The Attribution Trap: A Waste of Precious Time & Money
Commentary  |  7/31/2019  | 
Aiming for attribution doesn't help most organizations become more secure. It can actually have the opposite effect.
Transforming 'Tangible Security' into a Competitive Advantage
Commentary  |  7/30/2019  | 
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
Capital One Had to Be Told by Outsider That Data Breach Occurred
Larry Loeb  |  7/30/2019  | 
Capital One got hacked and didn't even know it.
Kubernetes Won't Get Secure Just Sitting There
Larry Loeb  |  7/30/2019  | 
Let's delve into containers.
CISOs Must Evolve to a Data-First Security Program
Commentary  |  7/30/2019  | 
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
Not Using DMARC Security Protocol Leaves Businesses Vulnerable to Spoofing
Larry Loeb  |  7/29/2019  | 
A global survey found that most business and government domains don't use DMARC, which opens them up to email spoofing.
4 Network Security Mistakes Bound to Bite You
Commentary  |  7/29/2019  | 
It's Shark Week again! Are you ready to outmaneuver sharks of the cyber variety? These tips can help.
IT Modernization: Needed & Not Easy
Larry Loeb  |  7/26/2019  | 
'Challenges with architecture modernization' ranks high on IT survey respondents' list of grievances.
3 Takeaways from the First American Financial Breach
Commentary  |  7/26/2019  | 
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.
Sanctioned Russian Spies Can Own Your Android Device
Larry Loeb  |  7/25/2019  | 
It's professional-grade naughtiness, people.
Answer These 9 Questions to Determine if Your Data Is Safe
Commentary  |  7/25/2019  | 
Data protection regulations are only going to grow tighter. Make sure you're keeping the customer's best interests in mind.
Comodo Leaves AV Vulnerabilities Unpatched
Larry Loeb  |  7/25/2019  | 
Even though Comodo was notified by Tenable in April of the problems, no patches by have been forthcoming from the antivirus firm.
The Commoditization of Multistage Malware Attacks
Commentary  |  7/24/2019  | 
Malware that used to be advanced is now available to everyone. These three actions could help you stay safer.
Palo Alto Networks Does Not Fully Address Vulnerability in GlobalProtect SSL VPN Solution
Larry Loeb  |  7/24/2019  | 
If Palo Alto Networks wants to keep the trust of its customers in the future, it will have to do much better in how it relates to them.
The War for Cyber Talent Will Be Won by Retention not Recruitment
Commentary  |  7/23/2019  | 
Six steps for creating a work environment that challenges, stimulates, rewards, and constantly engages employees fighting the good fight against cybercriminals.
Skylight Says Cylance Can Be Bypassed; Cylance Says, 'Not So Fast, There!'
Larry Loeb  |  7/23/2019  | 
Skylight's findings certainly gained attention, but at what cost to the company's credibility?
CISO Pressures: Why the Role Stinks and How to Fix It
Commentary  |  7/22/2019  | 
CISOs spend much less time in their role than other members of the boardroom. It's a serious problem that must be addressed.
Bluetooth Devices Leaking Tracking Data
Larry Loeb  |  7/19/2019  | 
Researchers from Boston University found that the current version of Bluetooth Low Energy, as implemented by Apple iOS and Windows 10, leaked identifiers that allowed tracking of the device that was using BLE.
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Commentary  |  7/19/2019  | 
Why apples-to-apples performance tests are the only way to accurately gauge the impact of network security products and solutions.
How Capture the Flag Competitions Strengthen the Cybersecurity Workforce
Commentary  |  7/18/2019  | 
These competitions challenge participants with problems involving digital forensics, cryptography, binary analysis, web security, and many other fields.
Calculating the Value of Security
Commentary  |  7/18/2019  | 
What will it take to align staff and budget to protect the organization?
A Password Management Report Card
Commentary  |  7/17/2019  | 
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
Malvertising Adds Sophistication to Disruption
Larry Loeb  |  7/17/2019  | 
French security researcher Malekal delved into a murky world.
For Real Security, Don't Let Failure Be Your Measure of Success
Commentary  |  7/17/2019  | 
For too long, we've focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will).
How Attackers Infiltrate the Supply Chain & What to Do About It
Commentary  |  7/16/2019  | 
With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations.
New BitPaymer Ransomware Discovered Hunting Big Game
Larry Loeb  |  7/16/2019  | 
New variant shares most of its code with the BitPaymer ransomware operated by INDRIK SPIDER.
Is 2019 the Year of the CISO?
Commentary  |  7/16/2019  | 
The case for bringing the CISO to the C-suite's risk and business-strategy table.
Data Protection in the Cloud Is Still a Big Issue in the EU
Oliver Schonschek  |  7/16/2019  | 
Building trust is key to the success of the European cloud market.
DNS Hijacking on the Rise as Warning Is Issued
Larry Loeb  |  7/15/2019  | 
The National Cyber Security Centre, a part of the UK's GCHQ, has issued an advisory that deals with Domain Name System (DNS) hijacking by threat actors.
Is Machine Learning the Future of Cloud-Native Security?
Commentary  |  7/15/2019  | 
The nature of containers and microservices makes them harder to protect. Machine learning might be the answer going forward.
A Lawyers Guide to Cyber Insurance: 4 Basic Tips
Commentary  |  7/12/2019  | 
The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line.
Older Versions of Windows at Risk From New Zero-Day Exploit
Larry Loeb  |  7/12/2019  | 
Cybersecurity firm ESET discovered a Windows zero-day exploit that affects older systems like Windows 7 and Server 2008.
Most Organizations Lack Cyber Resilience
Commentary  |  7/11/2019  | 
Despite increasing threats, many organizations continue to run with only token cybersecurity and resilience.
Demand for Certain B2B Security Software Accelerates
Larry Loeb  |  7/11/2019  | 
B2B security software is growing faster than overall B2B software sales, according to new figures.
The Security of Cloud Applications
Commentary  |  7/11/2019  | 
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
Why You Need a Global View of IT Assets
Commentary  |  7/10/2019  | 
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
7 Steps to Attain a Zero Trust Security Posture
Chris Curcio  |  7/10/2019  | 
A Zero Trust security posture begins with strong identity and access management.
Manipulated Machine Learning Sows Confusion
Steve Durbin  |  7/10/2019  | 
Machine learning, and neural networks in particular, will become a prime target for those aiming to manipulate or disrupt dependent products and services.
4 Reasons Why SOC Superstars Quit
Commentary  |  7/10/2019  | 
Security analysts know they are a hot commodity in the enviable position of writing their own ticket. Here's how to keep them engaged, challenged, and happy.
Research Shows Top Banks Failing in Security, Privacy & Compliance
Larry Loeb  |  7/10/2019  | 
Apart from that, it's all going swimmingly.
Cloud Security and Risk Mitigation
Commentary  |  7/9/2019  | 
Just because your data isn't on-premises doesn't mean you're not responsible for security.
An Attack Using Only System Tools Is Not Invisible – You Just Have to Look Harder
Larry Loeb  |  7/9/2019  | 
Microsoft's team behind Windows Defender ATP has identified a new 'fileless' malware campaign that can bypass standard antivirus tools.
Insider Threats: An M&A Dealmaker's Nightmare
Commentary  |  7/9/2019  | 
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
Security in a Cloud-Hybrid World
Dan Reis  |  7/9/2019  | 
When an application and its data processing and storage can easily shift between geographic locations, organizations need to implement security systems to ensure they don't unknowingly violate a regulatory framework regardless of geography. \r\n
TA505 Invades the Middle East
Larry Loeb  |  7/8/2019  | 
The campaign, detected by Trend Micro, has been identified as coming from threat actor TA505.
Cryptominer Delivers New Kind of Malware
Larry Loeb  |  7/5/2019  | 
Malicious actors seem to be beginning to turn to Golang as a malware language since it is not typically picked up by antivirus software.
Survey Finds Enterprise Concerned About Mass Data Fragmentation
Larry Loeb  |  7/5/2019  | 
For many organizations, the public cloud has failed to live up to expectations.
20 Questions to Ask During a Real (or Manufactured) Security Crisis
Commentary  |  7/3/2019  | 
There are important lessons to be learned from a crisis, even the ones that are more fiction than fact.
Disarming Employee Weaponization
Commentary  |  7/3/2019  | 
Human vulnerability presents a real threat for organizations. But it's also a remarkable opportunity to turn employees into our strongest cyber warriors.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.