Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in September 2017
<<   <   Page 2 / 2
Equifax Breach Won't Be the Last or Worst
Curt Franklin  |  9/13/2017  | 
The Equifax breach shows that a major change in personal records is required, according to a senior Gartner analyst.
FaceID Faces Security Headwind
Simon Marshall  |  9/12/2017  | 
Apple brings facial recognition to the iPhone but some security experts aren't convinced the technology is ready.
Kaspersky & the FBI: Security Meets Politics
Andy Patrizio  |  9/12/2017  | 
Is the FBI's warning on Kaspersky about politics, security or a bit of both?
The 'Team of Teams' Model for Cybersecurity
Commentary  |  9/12/2017  | 
Security leaders can learn some valuable lessons from a real-life military model.
Deception: A Convincing New Approach to Cyber Defense
Commentary  |  9/12/2017  | 
How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.
Why Relaxing Our Password Policies Might Actually Bolster User Safety
Commentary  |  9/11/2017  | 
Recent guidance from NIST may seem counterintuitive.
Equifax Hacked: Profit Before Protection?
Simon Marshall  |  9/11/2017  | 
Millions of personal information records were taken from Equifax. What went wrong?
Dragonfly Targets US Nukes
Simon Marshall  |  9/8/2017  | 
An industrial malware ring targets US nuclear power facilities.
If Blockchain Is the Answer, What Is the Security Question?
Commentary  |  9/8/2017  | 
Like any technology, blockchain has its strengths and weaknesses. But debunking three common myths can help you cut through the hype.
Friday Haiku: A Cat 5 Credit Hack
Curt Franklin  |  9/8/2017  | 
An Equifax hack is an ill wind for the credit world.
DevOps Security Management Goes Central
Simon Marshall  |  9/7/2017  | 
CyberArk is taking a centralized view of DevOps security through Conjur.
Is Public Sector Cybersecurity Adequate?
Commentary  |  9/7/2017  | 
Many governmental organizations are unstaffed, underfunded, and unprepared to fight common attacks, and they could learn a thing or two from the private sector.
SANS Study Says Reputation Is a Cyber-Casualty
Curt Franklin  |  9/7/2017  | 
The latest security study says that you've probably been attacked and your reputation has taken the biggest hit.
Sandbox-Aware Malware Foreshadows Potential Attacks
Commentary  |  9/7/2017  | 
For the continuous monitoring industry to remain relevant, it needs to match the vigor of sandbox vendors against targeted subversion.
CIO or C-Suite: To Whom Should the CISO Report?
Partner Perspectives  |  9/7/2017  | 
Five reasons why the chief information security officer needs to get out from under the control of IT.
BroadSoft Error Exposes TWC PII on AWS S3
Curt Franklin  |  9/6/2017  | 
A mis-configured Amazon Web Storage (AWS) instance has once again exposed millions of private customer records to the public Internet. Is it time for companies to re-think the way they're building their AWS buckets?
AI Just Gets Bigger
Simon Marshall  |  9/6/2017  | 
The market for "friendly" consumer AI continues to expand, but security issues could be lurking in the growth.
Is Your Organization Merely PCI-Compliant or Is It Actually Secure?
Commentary  |  9/6/2017  | 
The Host Identity Protocol might be the answer to inadequate check-the-box security standards.
Workplace IoT Puts Companies on Notice for Smarter Security
Commentary  |  9/6/2017  | 
Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.
Debit Card Fraud Numbers Explode
Simon Marshall  |  9/5/2017  | 
Technology is making it easier than ever for thieves and scammers to steal debit card numbers – and the bank accounts they access.
3 Ways AI Could Help Resolve the Cybersecurity Talent Crisis
Commentary  |  9/5/2017  | 
There's no escaping the fact that there's a skills shortage, and companies aren't doing enough to cultivate talent. AI could relieve some of the pressure.
Qadium Gets $40M Series B for Internet Visibility
Curt Franklin  |  9/5/2017  | 
Qadium indexes every device on the public Internet, a technology that's attracted some big-time Silicon Valley investors.
IoT Security Needs Creative Solutions
Larry Loeb  |  9/5/2017  | 
Not every security solution has a place in the IoT. Professionals must look in new directions to keep the Internet of Things secure.
Friday Haiku: I Authenticate, Therefore, I Am
Curt Franklin  |  9/1/2017  | 
Are we more than our authentication factors?
How Effective Boards Drive Security Mandates
Commentary  |  9/1/2017  | 
The focus on cybersecurity policies must be prioritized from the top down.
New Malware Builder Makes Hacking Easier
Curt Franklin  |  9/1/2017  | 
A free new builder for trojans makes it easier than ever to be a criminal hacker.
Has Facial Recognition's Time Arrived?
Simon Marshall  |  9/1/2017  | 
Startup iProov says it has cracked the code on a reliable, secure facial recognition system.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.