Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in August 2017
Page 1 / 2   >   >>
LookingGlass Raises $26.3M to Bring Order to Chaos
Simon Marshall  |  8/31/2017  | 
New threat-intelligence-as-a-service company raises the stakes on scale in the market.
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Commentary  |  8/31/2017  | 
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
Phishing for Your Information: How Phishers Bait Their Hooks
Partner Perspectives  |  8/31/2017  | 
A treasure trove of PII from social networks and the public Internet is there for the taking.
Millions of Email Addresses Exposed in Latest Malware Database
Curt Franklin  |  8/30/2017  | 
A database housed in the Netherlands is found to contain hundreds of millions of hacked email addresses.
Hacking the Security Job Application Process
Commentary  |  8/30/2017  | 
Simple advice to help job seekers dig out of the black hole of recruiter and employer hiring portals.
Do Autonomous Cars Dream of Driverless Roads?
Partner Perspectives  |  8/30/2017  | 
The connected car is coming and with it a need for consistent innovation of network technologies throughput, latency, coverage, and cost to keep us safe.
How Hackers Hide Their Malware: Advanced Obfuscation
Commentary  |  8/30/2017  | 
Hackers continue to develop new ways to break into systems. Here are three of them, along with ways to fight back.
Automation Deserves Skepticism
Curt Franklin  |  8/29/2017  | 
While automation might be the next great tech wave, let's take some time to consider it.
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Commentary  |  8/29/2017  | 
Once you've got a lake full of data, it's essential that your analysis isn't left stranded on the shore.
Dark Reading Now HTTPS
Commentary  |  8/29/2017  | 
Moving a site that's more than a decade old to HTTPS has been a journey, and we're almost there.
How Hackers Hide Their Malware: The Basics
Commentary  |  8/29/2017  | 
Malware depends on these four basic techniques to avoid detection.
Bitcoin Attacks Mount as Criminals & States Seek Targets
Simon Marshall  |  8/29/2017  | 
Bitcoin and other cryptocurrencies are under increasing attack from a variety of actors and it looks like things will only get worse.
India & Pakistan: Commonplace Exploits Access High-Value Information
Simon Marshall  |  8/28/2017  | 
India and Pakistan are proving yet again that it doesn't take an advanced attack to yield big results.
Black Hats Win: Results From the Latest SecurityNow.com Poll
Curt Franklin  |  8/28/2017  | 
The hat you wear as a security researcher matters, say those who took the latest SecurityNow.com poll. And the most effective hat color is black.
Cybersecurity: An Asymmetrical Game of War
Commentary  |  8/28/2017  | 
To stay ahead of the bad guys, security teams need to think like criminals, leverage AIs ability to find malicious threats, and stop worrying that machine learning will take our jobs.
Google: Big Cloud, Tiny Titan Chip
Simon Marshall  |  8/25/2017  | 
Google develops a tiny chip to close a big security hole before it opens. Is there a tiny Titan in your future, too?
DDoS Trends Show Big Impact From Fewer Servers
Curt Franklin  |  8/25/2017  | 
A change in control networks means that this quarter saw DDoS attacks from fewer endpoints, each having a bigger impact.
Friday Haiku: Fear the Zombie Server
Curt Franklin  |  8/25/2017  | 
DDoS attacks are lurking in armies of zombie servers.
A Call for New Voices on the Security Conference Circuit
Commentary  |  8/25/2017  | 
If the mere idea of talking in public makes you want to hide in a bathroom stall with a stuffed bobcat, think again.
Continuous Compliance and Effective Audit Preparation for the Cloud
Partner Perspectives  |  8/25/2017  | 
Why audits are a necessary evil, and how they can actually help you improve your brand value.
Programmed to Kill: The Risk of Hacked Robots Is Real
Simon Marshall  |  8/24/2017  | 
When will the news break of the first hacked robot taking a human life? It could be sooner than you think.
Government Insiders Are Security's Biggest Risk
Simon Marshall  |  8/24/2017  | 
Outside actors can be dangerous, but the biggest risk to organizations comes from within.
How Quantum Computing Will Change Browser Encryption
Partner Perspectives  |  8/24/2017  | 
From a protocol point of view, were closer to a large-scale quantum computer than many people think. Heres why thats an important milestone.
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Commentary  |  8/24/2017  | 
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017  | 
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
DoJ Narrows Scope of DreamHost Warrant
Curt Franklin  |  8/23/2017  | 
The Department of Justice has scaled back the demands of a search warrant served to web hosting provider DreamHost.
The Changing Face & Reach of Bug Bounties
Commentary  |  8/23/2017  | 
HackerOne CEO Mrten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
Delaware Requires Data Security in New Law
Curt Franklin  |  8/23/2017  | 
Delaware has become the latest state requiring companies to protect private data.
Why You Need to Study Nation-State Attacks
Commentary  |  8/23/2017  | 
Want to know what attacks against businesses will look like soon? Examine nation-state attacks now.
Ransomware: The Tripflare in the Modern Cyberwar
Partner Perspectives  |  8/23/2017  | 
With the frequency and scale of breaches on the rise, and our legacy security failing to protect us, is ransomware the catalyst we need to trigger improvement in our security postures?
New SaaS Service Offers Order for Access
Curt Franklin  |  8/22/2017  | 
One Identity's new SaaS offering, Starling IARI, analyzes user access and roles to secure enterprise networks.
Voice of Security Radio: Building Secure Applications
Curt Franklin  |  8/22/2017  | 
In too many companies, security vulnerabilities start at the application. Join us for this week's episode to hear how to make your applications more secure.
Coming Soon to Dark Reading...
Commentary  |  8/22/2017  | 
Event calendar: Dark Reading brings you threat intelligence tomorrow, boardroom communication next week, and coming in November, a brand new conference in the D.C. area.
Battle of the AIs: Don't Build a Better Box, Put Your Box in a Better Loop
Commentary  |  8/22/2017  | 
Powered by big data and machine learning, next-gen attacks will include perpetual waves of malware, phishes, and false websites nearly indistinguishable from the real things. Here's how to prepare.
Comparing Private and Public Cloud Threat Vectors
Commentary  |  8/22/2017  | 
Many companies moving from a private cloud to a cloud service are unaware of increased threats.
Amazon S3 Errors Hit Home Again
Curt Franklin  |  8/21/2017  | 
Another S3 data release shows the critical importance of correctly configuring the cloud storage service.
Sleepless in Cupertino
Larry Loeb  |  8/21/2017  | 
A hacker finds the key to Apple's SEP and there's good news in the battle against spear-phishing. Bad news and good to start the week.
The Pitfalls of Cyber Insurance
Commentary  |  8/21/2017  | 
Cyber insurance is 'promising' but it won't totally protect your company against hacks.
5 Factors to Secure & Streamline Your Cloud Deployment
Partner Perspectives  |  8/21/2017  | 
How a Midwestern credit union overcame the challenges of speed, cost, security, compliance and automation to grow its footprint in the cloud.
Finding Tools for DevSecOps
Curt Franklin  |  8/18/2017  | 
Finding the right tools can be the start of the right path toward DevSecOps. Here's how to start the hunt.
Questions of Colors
Curt Franklin  |  8/18/2017  | 
A Friday Haiku asks about the color of your hat.
Curbing the Cybersecurity Workforce Shortage with AI
Commentary  |  8/18/2017  | 
By using cognitive technologies, an organization can address the talent shortage by getting more productivity from current employees and improving processes.
Cybercrime Is North Korea's Biggest Threat
Andy Patrizio  |  8/17/2017  | 
While the world is watching a battle of words, North Korea has been attacking the West and funding its global operations through cybercrime.
Critical Infrastructure, Cybersecurity & the 'Devils Rope'
Commentary  |  8/17/2017  | 
How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it.
Kill Switches, Vaccines & Everything in Between
Commentary  |  8/17/2017  | 
The language can be a bit fuzzy at times, but there are real differences between the various ways of disabling malware.
How to Avoid the 6 Most Common Audit Failures
Partner Perspectives  |  8/17/2017  | 
In a security audit, the burden is on you to provide the evidence that youve done the right things.
Rackspace Strengthens Its Managed Security Story
Curt Franklin  |  8/17/2017  | 
Rackspace is adding features and functions to its managed security offerings. Is it all a company needs?
The Day of Reckoning: Cybercrimes Impact on Brand
Commentary  |  8/16/2017  | 
Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.
Will GDPR Be the Death of Big Data?
Andy Patrizio  |  8/16/2017  | 
The EU's General Data Protection Regulation (GDPR) will make the landscape shift for big data users around the world.
Discover a Data Breach? Try Compassion First
Commentary  |  8/16/2017  | 
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.