Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in September 2017
Page 1 / 2   >   >>
Friday Haiku: The Quantum Future
Curt Franklin  |  9/29/2017  | 
The Friday Haiku reflects on a week in Orlando's heat.
Consumers Think Security When Choosing Brands
Simon Marshall  |  9/29/2017  | 
Consumers are beginning to pay attention to security reputation when choosing which brands to support.
Authentication Tackles Forests at Microsoft Ignite
Curt Franklin  |  9/29/2017  | 
Authentication is an issue on a personal computer. It's a complex problem in AD forest management.
Analyzing Cybersecurity's Fractured Educational Ecosystem
Commentary  |  9/29/2017  | 
We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.
Fortanix Has Series A Funding for Run-Time Encryption
Simon Marshall  |  9/28/2017  | 
Fortanix has introduced new technology for run-time encryption to protect sensitive data.
Equihax: Identifying & Wrangling Vulnerabilities
Commentary  |  9/28/2017  | 
Now that we know what was taken from Equifax, how it was taken, and what is being sold, what more do we need to learn before the next time?
TrickBot Rapidly Expands its Targets in August
Partner Perspectives  |  9/28/2017  | 
TrickBot shifted its focus to U.S banks and credit card companies, soaring past the 1,000 target URL mark in a single configuration.
Three Reasons Facial Recognition Will Win
Curt Franklin  |  9/27/2017  | 
Facial recognition technology is coming to a device near you. Here are three reasons it's inevitable.
Deloitte Hack Still Has More Questions Than Answers
Simon Marshall  |  9/27/2017  | 
The huge hack of global accounting firm Deloitte is still presenting more questions than answers for security professionals.
How to Live by the Code of Good Bots
Commentary  |  9/27/2017  | 
Following these four tenets will show the world that your bot means no harm.
Microsoft Ignite: 9 Things to Know
Curt Franklin  |  9/26/2017  | 
Microsoft's largest annual conference, Ignite, is underway in Orlando, Fla. Security Now is there and here's what we're seeing.
Safety Starts With Data: An Interview With GM's Head of Product Cybersecurity
Simon Marshall  |  9/26/2017  | 
An insightful Security Now interview with Jeff Massimilla, vice president global vehicle safety and product cybersecurity at General Motors.
Splunk Ups Machine IQ in Software Updates
Curt Franklin  |  9/26/2017  | 
Splunk has increased machine intelligence and analytics capabilities in a series of software updates.
Why Your Business Must Care about Privacy
Commentary  |  9/26/2017  | 
It might not have something to hide, but it definitely has something to protect.
Microsoft's Nadella Shares the Future at Ignite
Curt Franklin  |  9/25/2017  | 
Satya Nadella's keynote address can be boiled down to four phrases or words. Here's what you need to know to get ready for the Microsoft future.
Encryption: 6 Ways to Make It Matter
Curt Franklin  |  9/25/2017  | 
A Security Now special report provides best practice notes for encryption in the enterprise.
Law Comes to the Self-Driving Wild West, Part 2
Simon Marshall  |  9/25/2017  | 
Legislators and regulators are scrambling to build a legal framework to support intelligent, connected and self-driving cars.
Security's #1 Problem: Economic Incentives
Commentary  |  9/25/2017  | 
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
Right & Wrong Lessons From the Equifax Breach
Curt Franklin  |  9/22/2017  | 
There are lots of lessons to learn from the Equifax breach. Just make sure you're learning the right ones.
Friday Haiku: Gem or Not?
Curt Franklin  |  9/22/2017  | 
How will CISOs respond to the pressure of recent breaches? The Friday haiku asks the question.
Law Comes to Self-Driving Wild West
Simon Marshall  |  9/22/2017  | 
Legislation has begun focusing on the security needs of self-driving cars. Part one of a two-part article.
Health IT & Cybersecurity: 5 Hiring Misconceptions to Avoid
Commentary  |  9/22/2017  | 
Why healthcare organizations need a good strategy to find talent, or get left behind.
Where Do Security Vulnerabilities Come From?
Partner Perspectives  |  9/22/2017  | 
There are three major causes: code quality, complexity, and trusted data inputs.
A New, Invisible Threat Jumps the Air Gap
Curt Franklin  |  9/21/2017  | 
The infrared capabilities of security cameras provide a new way for attackers to reach systems that have no connection to the Internet.
Why Size Doesn't Matter in DDoS Attacks
Commentary  |  9/21/2017  | 
Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."
CISOs Under Fire: New Poll Shows Progress & Peril
Curt Franklin  |  9/20/2017  | 
A new report by F5 and Ponemon looks at the state of the CISO in modern enterprises.
Survey Finds Companies Don't Know Cloud Security
Curt Franklin  |  9/20/2017  | 
Companies are worried about security in the public cloud, but a new survey shows they don't understand the basics.
Artificial Intelligence: Getting the Results You Want
Partner Perspectives  |  9/20/2017  | 
Finding a vendor that doesnt claim to do AI is hard these days. But getting the benefits you need and expect is even harder.
Software Assurance: Thinking Back, Looking Forward
Commentary  |  9/20/2017  | 
Ten personal observations that aim to bolster state-of-the-art and state-of-practice in application security.
Get Serious about IoT Security
Commentary  |  9/20/2017  | 
These four best practices will help safeguard your organization in the Internet of Things.
Intent-Based Security Is New Path for Vendors
Curt Franklin  |  9/19/2017  | 
A growing number of security and networking vendors are talking about intent-based security as a next-gen solution.
CCleaner Infection Reveals Sophisticated Hack
Simon Marshall  |  9/19/2017  | 
The hack that put malware on an update of a popular security program was not the work of a first-time malware author.
GDPR & the Rise of the Automated Data Protection Officer
Commentary  |  9/19/2017  | 
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Commentary  |  9/19/2017  | 
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
RouteX Hijacks Netgear Routers
Larry Loeb  |  9/18/2017  | 
Malware called RouteX can give an attacker control of popular wireless routers.
Vigilance Brings Machines & Humans Together to Defeat Threats
Simon Marshall  |  9/18/2017  | 
Vigilance, from SentinelOne, ties the strengths of humans and machines together in a threat-resolution system.
To Be Ready for the Security Future, Pay Attention to the Security Past
Commentary  |  9/18/2017  | 
It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.
Protect DNS: A Conversation With Dave Dufour of Webroot
Curt Franklin  |  9/15/2017  | 
DNS is vulnerable and must be protected. An interview with Dave Dufour explains the vulnerabilities and some of the protection.
Friday Haiku: No Safety in Bluetooth
Curt Franklin  |  9/15/2017  | 
Bluetooth's vulnerability might be the biggest security story of the year.
Swirlds Seeks End to Financial Attacks
Simon Marshall  |  9/15/2017  | 
Startup Swirlds is promising better-than-blockchain technology for financial transactions.
Security Orchestration & Automation: Parsing the Options
Commentary  |  9/15/2017  | 
Once you head down the path of orchestration, security teams will need to decide how much automation they are ready for. Here's how.
AWS Elasticsearch Servers Host Malware
Curt Franklin  |  9/14/2017  | 
Two strains of POS malware have been using Elasticsearch servers on AWS as hiding places.
Cloud Security's Shared Responsibility Is Foggy
Commentary  |  9/14/2017  | 
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
Encryption: A New Boundary for Distributed Infrastructure
Commentary  |  9/14/2017  | 
As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?
The Hunt for IoT: The Rise of Thingbots
Partner Perspectives  |  9/14/2017  | 
Across all of our research, every indication is that todays "thingbots" botnets built exclusively from Internet of Things devices will become the infrastructure for a future Darknet.
BlueBorne Threatens 5 Billion Bluetooth Devices
Curt Franklin  |  9/13/2017  | 
More than 5 billion devices are vulnerable to a set of eight Bluetooth flaws, even if they aren't in discoverable mode.
5 Problems That Keep CISOs Awake at Night
Commentary  |  9/13/2017  | 
The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.
Solving the Problems of an Equifax
Simon Marshall  |  9/13/2017  | 
The Equifax breach has brought problems to businesses and consumers. Here are steps each can take to make it past the emergency.
20 Questions to Help Achieve Security Program Goals
Commentary  |  9/13/2017  | 
There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.
Detection, Prevention & the Single-Vendor Syndrome
Partner Perspectives  |  9/13/2017  | 
Why security teams need to integrate 'Defense in Depth' principles into traditional solutions designed with integration and continuity in mind.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.