Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in August 2017
<<   <   Page 2 / 2
Cloud Complexity Mandates Security Visibility
Partner Perspectives  |  8/16/2017  | 
The cloud is flexible, but security should be the top priority.
Voice of Security Radio: Finding Flaws in the IoT
Curt Franklin  |  8/15/2017  | 
Can we crowdsource our way to IoT security? Join editor Curt Franklin and Bugcrowd's Casey Ellis as they talk about the possibilities.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017  | 
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
DevSecOps: Security in the Process
Curt Franklin  |  8/15/2017  | 
Can building security into the process make everything more secure? Proponents of DevSecOps say 'Yes.'
Cybersecurity: The Responsibility of Everyone
Commentary  |  8/15/2017  | 
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
In Search of the Security Unicorn: Unified, Adaptive Defense
Partner Perspectives  |  8/15/2017  | 
How enterprises can get an edge over innovative cybercriminals by creating a cycle of continual security posture adjustment within their own organizations.
Looking Back on Security: The Week of August 7, 2017
Larry Loeb  |  8/14/2017  | 
What do you need to know about what happened in security last week? This article gives you the news.
What CISOs Need to Know about the Psychology behind Security Analysis
Commentary  |  8/14/2017  | 
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
Obscurity Hampers Security: The Latest Survey
Curt Franklin  |  8/11/2017  | 
Lack of visibility is the number one obstacle to security, according to a new study released this week.
Friday Haiku: On the Path
Curt Franklin  |  8/11/2017  | 
This week's Friday Haiku looks beyond agile.
Breaches Are Coming: What Game of Thrones Teaches about Cybersecurity
Commentary  |  8/11/2017  | 
Whether youre Lord Commander of the Nights Watch or the CISO of a mainstream business, its not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.
Taking Down the Internet Has Never Been Easier
Commentary  |  8/10/2017  | 
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
6 Ways CISOs Can Play a Role in Selling Security
Partner Perspectives  |  8/10/2017  | 
When customers ask tough questions about data security, business service resilience, privacy, regulatory, and reputational risk its best to remain upbeat and positive. Heres how.
Defining DevOps for the Enterprise
Curt Franklin  |  8/9/2017  | 
Is there anything in the DevOps methodology that makes it impossible to use for secure development? To get the answer, first you have to define DevOps.
Uptick in Malware Targets the Banking Community
Commentary  |  8/9/2017  | 
A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?
How to Panic Over IT Security
Larry Loeb  |  8/9/2017  | 
Anyone can keep calm and carry on. To panic properly takes planning. Here's our tongue-in-cheek primer on doing it right.
Voice of Security Radio: In the Name (Server) of Security
Curt Franklin  |  8/8/2017  | 
Join Curt Franklin and his guest, Cricket Liu of Infoblox, as they talk about DNS's role in security.
Automating Defenses Against Assembly-Line Attacks
Commentary  |  8/8/2017  | 
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
HONEST Poll Results: When Should You Pay the Ransom?
Curt Franklin  |  8/7/2017  | 
When ransomware hits, when should you just pay up? The Security Now community has spoken.
Risky Business: Why Enterprises Cant Abdicate Cloud Security
Commentary  |  8/7/2017  | 
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
WannaCry Hero in FBI Custody
Curt Franklin  |  8/7/2017  | 
Marcus Hutchins, the researcher who killed WannaCry, was arrested last week in Las Vegas. Should his arrest send a chill over the researcher community?
Are Third-Party Services Ready for the GDPR?
Commentary  |  8/4/2017  | 
Third-party scripts are likely to be a major stumbling block for companies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.
The Friday Haiku: Old-Fashioned Security
Curt Franklin  |  8/4/2017  | 
A Friday InfoSec haiku.
Why Cybersecurity Needs a Human in the Loop
Commentary  |  8/3/2017  | 
It's no longer comparable to Kasparov versus Deep Blue. When security teams use AI, it's like Kasparov consulting with Deep Blue before deciding on his next move.
Fight 'Credential Stuffing' with a New Approach to Authorization
Partner Perspectives  |  8/3/2017  | 
Token-based authorization that lets users prove their identity through Facebook, Google, or Microsoft credentials can dramatically reduce your attack surface and give enterprises a single point of control.
Staying in Front of Cybersecurity Innovation
Commentary  |  8/2/2017  | 
Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.
Women in Information Security: Voice of Security Radio
Curt Franklin  |  8/1/2017  | 
Join Curt Franklin as he talks with Kate Kuehn, head of security practice for BT Americas, about the role of the CISO and the possibilities in a more diverse workforce.
Digital Crime-Fighting: The Evolving Role of Law Enforcement
Commentary  |  8/1/2017  | 
Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.