Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


posted in September 2017
Page 1 / 2   >   >>
Friday Haiku: The Quantum Future
Curt Franklin  |  9/29/2017  | 
The Friday Haiku reflects on a week in Orlando's heat.
Consumers Think Security When Choosing Brands
Simon Marshall  |  9/29/2017  | 
Consumers are beginning to pay attention to security reputation when choosing which brands to support.
Authentication Tackles Forests at Microsoft Ignite
Curt Franklin  |  9/29/2017  | 
Authentication is an issue on a personal computer. It's a complex problem in AD forest management.
Analyzing Cybersecurity's Fractured Educational Ecosystem
Commentary  |  9/29/2017  | 
We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.
Fortanix Has Series A Funding for Run-Time Encryption
Simon Marshall  |  9/28/2017  | 
Fortanix has introduced new technology for run-time encryption to protect sensitive data.
Equihax: Identifying & Wrangling Vulnerabilities
Commentary  |  9/28/2017  | 
Now that we know what was taken from Equifax, how it was taken, and what is being sold, what more do we need to learn before the next time?
TrickBot Rapidly Expands its Targets in August
Partner Perspectives  |  9/28/2017  | 
TrickBot shifted its focus to U.S banks and credit card companies, soaring past the 1,000 target URL mark in a single configuration.
Three Reasons Facial Recognition Will Win
Curt Franklin  |  9/27/2017  | 
Facial recognition technology is coming to a device near you. Here are three reasons it's inevitable.
Deloitte Hack Still Has More Questions Than Answers
Simon Marshall  |  9/27/2017  | 
The huge hack of global accounting firm Deloitte is still presenting more questions than answers for security professionals.
How to Live by the Code of Good Bots
Commentary  |  9/27/2017  | 
Following these four tenets will show the world that your bot means no harm.
Microsoft Ignite: 9 Things to Know
Curt Franklin  |  9/26/2017  | 
Microsoft's largest annual conference, Ignite, is underway in Orlando, Fla. Security Now is there and here's what we're seeing.
Safety Starts With Data: An Interview With GM's Head of Product Cybersecurity
Simon Marshall  |  9/26/2017  | 
An insightful Security Now interview with Jeff Massimilla, vice president global vehicle safety and product cybersecurity at General Motors.
Splunk Ups Machine IQ in Software Updates
Curt Franklin  |  9/26/2017  | 
Splunk has increased machine intelligence and analytics capabilities in a series of software updates.
Why Your Business Must Care about Privacy
Commentary  |  9/26/2017  | 
It might not have something to hide, but it definitely has something to protect.
Microsoft's Nadella Shares the Future at Ignite
Curt Franklin  |  9/25/2017  | 
Satya Nadella's keynote address can be boiled down to four phrases or words. Here's what you need to know to get ready for the Microsoft future.
Encryption: 6 Ways to Make It Matter
Curt Franklin  |  9/25/2017  | 
A Security Now special report provides best practice notes for encryption in the enterprise.
Law Comes to the Self-Driving Wild West, Part 2
Simon Marshall  |  9/25/2017  | 
Legislators and regulators are scrambling to build a legal framework to support intelligent, connected and self-driving cars.
Security's #1 Problem: Economic Incentives
Commentary  |  9/25/2017  | 
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
Right & Wrong Lessons From the Equifax Breach
Curt Franklin  |  9/22/2017  | 
There are lots of lessons to learn from the Equifax breach. Just make sure you're learning the right ones.
Friday Haiku: Gem or Not?
Curt Franklin  |  9/22/2017  | 
How will CISOs respond to the pressure of recent breaches? The Friday haiku asks the question.
Law Comes to Self-Driving Wild West
Simon Marshall  |  9/22/2017  | 
Legislation has begun focusing on the security needs of self-driving cars. Part one of a two-part article.
Health IT & Cybersecurity: 5 Hiring Misconceptions to Avoid
Commentary  |  9/22/2017  | 
Why healthcare organizations need a good strategy to find talent, or get left behind.
Where Do Security Vulnerabilities Come From?
Partner Perspectives  |  9/22/2017  | 
There are three major causes: code quality, complexity, and trusted data inputs.
A New, Invisible Threat Jumps the Air Gap
Curt Franklin  |  9/21/2017  | 
The infrared capabilities of security cameras provide a new way for attackers to reach systems that have no connection to the Internet.
Why Size Doesn't Matter in DDoS Attacks
Commentary  |  9/21/2017  | 
Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."
CISOs Under Fire: New Poll Shows Progress & Peril
Curt Franklin  |  9/20/2017  | 
A new report by F5 and Ponemon looks at the state of the CISO in modern enterprises.
Survey Finds Companies Don't Know Cloud Security
Curt Franklin  |  9/20/2017  | 
Companies are worried about security in the public cloud, but a new survey shows they don't understand the basics.
Artificial Intelligence: Getting the Results You Want
Partner Perspectives  |  9/20/2017  | 
Finding a vendor that doesnt claim to do AI is hard these days. But getting the benefits you need and expect is even harder.
Software Assurance: Thinking Back, Looking Forward
Commentary  |  9/20/2017  | 
Ten personal observations that aim to bolster state-of-the-art and state-of-practice in application security.
Get Serious about IoT Security
Commentary  |  9/20/2017  | 
These four best practices will help safeguard your organization in the Internet of Things.
Intent-Based Security Is New Path for Vendors
Curt Franklin  |  9/19/2017  | 
A growing number of security and networking vendors are talking about intent-based security as a next-gen solution.
CCleaner Infection Reveals Sophisticated Hack
Simon Marshall  |  9/19/2017  | 
The hack that put malware on an update of a popular security program was not the work of a first-time malware author.
GDPR & the Rise of the Automated Data Protection Officer
Commentary  |  9/19/2017  | 
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Commentary  |  9/19/2017  | 
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
RouteX Hijacks Netgear Routers
Larry Loeb  |  9/18/2017  | 
Malware called RouteX can give an attacker control of popular wireless routers.
Vigilance Brings Machines & Humans Together to Defeat Threats
Simon Marshall  |  9/18/2017  | 
Vigilance, from SentinelOne, ties the strengths of humans and machines together in a threat-resolution system.
To Be Ready for the Security Future, Pay Attention to the Security Past
Commentary  |  9/18/2017  | 
It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.
Protect DNS: A Conversation With Dave Dufour of Webroot
Curt Franklin  |  9/15/2017  | 
DNS is vulnerable and must be protected. An interview with Dave Dufour explains the vulnerabilities and some of the protection.
Friday Haiku: No Safety in Bluetooth
Curt Franklin  |  9/15/2017  | 
Bluetooth's vulnerability might be the biggest security story of the year.
Swirlds Seeks End to Financial Attacks
Simon Marshall  |  9/15/2017  | 
Startup Swirlds is promising better-than-blockchain technology for financial transactions.
Security Orchestration & Automation: Parsing the Options
Commentary  |  9/15/2017  | 
Once you head down the path of orchestration, security teams will need to decide how much automation they are ready for. Here's how.
AWS Elasticsearch Servers Host Malware
Curt Franklin  |  9/14/2017  | 
Two strains of POS malware have been using Elasticsearch servers on AWS as hiding places.
Cloud Security's Shared Responsibility Is Foggy
Commentary  |  9/14/2017  | 
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
Encryption: A New Boundary for Distributed Infrastructure
Commentary  |  9/14/2017  | 
As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?
The Hunt for IoT: The Rise of Thingbots
Partner Perspectives  |  9/14/2017  | 
Across all of our research, every indication is that todays "thingbots" botnets built exclusively from Internet of Things devices will become the infrastructure for a future Darknet.
BlueBorne Threatens 5 Billion Bluetooth Devices
Curt Franklin  |  9/13/2017  | 
More than 5 billion devices are vulnerable to a set of eight Bluetooth flaws, even if they aren't in discoverable mode.
5 Problems That Keep CISOs Awake at Night
Commentary  |  9/13/2017  | 
The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.
Solving the Problems of an Equifax
Simon Marshall  |  9/13/2017  | 
The Equifax breach has brought problems to businesses and consumers. Here are steps each can take to make it past the emergency.
20 Questions to Help Achieve Security Program Goals
Commentary  |  9/13/2017  | 
There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.
Detection, Prevention & the Single-Vendor Syndrome
Partner Perspectives  |  9/13/2017  | 
Why security teams need to integrate 'Defense in Depth' principles into traditional solutions designed with integration and continuity in mind.
Page 1 / 2   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.