Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Latest
Page 1 / 2   >   >>
Introducing 'Secure Access Service Edge'
Commentary  |  7/3/2020  | 
The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.
Anatomy of a Long-Con Phish
Expert Insights  |  7/2/2020  | 
A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.
Considerations for Seamless CCPA Compliance
Commentary  |  7/2/2020  | 
Three steps to better serve consumers, ensure maximum security, and achieve compliance with the California Consumer Privacy Act.
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Commentary  |  7/2/2020  | 
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
4 Steps to a More Mature Identity Program
Commentary  |  7/1/2020  | 
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Commentary  |  7/1/2020  | 
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Commentary  |  6/30/2020  | 
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
3 Ways to Flatten the Health Data Hacking Curve
Commentary  |  6/30/2020  | 
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
Commentary  |  6/29/2020  | 
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Commentary  |  6/26/2020  | 
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
Contact Tracing & Threat Intel: Broken Tools & Processes
Commentary  |  6/25/2020  | 
How epidemiology can solve the people problem in security.
Better Collaboration Between Security & Development
Commentary  |  6/25/2020  | 
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.
Average Cost of a Data Breach: $116M
Commentary  |  6/24/2020  | 
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
Rethinking Enterprise Access, Post-COVID-19
Commentary  |  6/24/2020  | 
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
5 Steps for Implementing Multicloud Identity
Commentary  |  6/23/2020  | 
Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations.
Long-Term Effects of COVID-19 on the Cybersecurity Industry
Commentary  |  6/22/2020  | 
The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.
How to Secure Machine Learning
Expert Insights  |  6/19/2020  | 
Part two of a series on avoiding potential security risks with ML.
'New Normal' Caption Contest Winners
Commentary  |  6/19/2020  | 
Competitors submitted lots of clever virus puns, and the prizes go to ...
The Bigger the News, the Bigger the Cyber Threats
Commentary  |  6/18/2020  | 
Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.
CISO Dialogue: How to Optimize Your Security Budget
Commentary  |  6/18/2020  | 
CISOs are never going to have all the finances they want. Hard choices must be made. The CISO of Amazon Prime Video discusses his approaches to a slimmed-down budget.
3 Things Wilderness Survival Can Teach Us About Email Security
Commentary  |  6/17/2020  | 
It's a short hop from shows like 'Naked and Afraid' and 'Alone' to your email server and how you secure it
Too Big to Cyber Fail?
Commentary  |  6/17/2020  | 
How systemic cyber-risk threatens US banks and financial services companies
Ransomware from Your Lawyer's Perspective
Commentary  |  6/16/2020  | 
Three good reasons why your incident response team's first call after a data breach should be to outside counsel.
IoT Security Trends & Challenges in the Wake of COVID-19
Commentary  |  6/16/2020  | 
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here's why.
The Bright Side of the Dark Web
Commentary  |  6/15/2020  | 
As the hitmen and fraudsters retreat, the Dark Web could become freedom's most important ally.
Building Security into Software
Expert Insights  |  6/12/2020  | 
Part 1 of a two-part series about securing machine learning.
The Future Will Be Both Agile and Hardened
Commentary  |  6/12/2020  | 
What COVID-19 has taught us about the digital revolution.
The Hitchhiker's Guide to Web App Pen Testing
Commentary  |  6/11/2020  | 
Time on your hands and looking to learn about web apps? Here's a list to get you started.
What COVID-19 Teaches Us About Social Engineering
Commentary  |  6/11/2020  | 
Unless we do something proactively, social engineering's impact is expected to keep getting worse as people's reliance on technology increases and as more of us are forced to work from home.
The Telehealth Attack Surface
Commentary  |  6/10/2020  | 
Amid the surge in digital healthcare stemming from the coronavirus pandemic, security is taking a backseat to usability.
3 Ways the Pandemic Will Affect Enterprise Security in the Future
Commentary  |  6/10/2020  | 
While CISOs have been focused on immediate threats, it's time to look ahead to what a post-COVID-19 future will look like.
Will Vote-by-App Ever Be Safe?
Commentary  |  6/9/2020  | 
Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders.
CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond
Commentary  |  6/9/2020  | 
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.
Safeguard Your Remote Workforce
Commentary  |  6/8/2020  | 
DDoS attacks on VPN servers can not only bring remote work to a standstill but also cut off admins from accessing their systems. Here are three ways to stay safer.
The Privacy & Security Outlook for Businesses Post-COVID-19
Commentary  |  6/5/2020  | 
Long-term business needs -- and the ethical implications that result -- don't simply go away just because we're navigating a global health crisis.
Strengthening Secure Information Sharing Through Technology & Standards
Commentary  |  6/4/2020  | 
How data sharing, innovation, and regulatory standardization can make it easier for organizations to both contribute and consume critical threat intelligence.
Could Automation Kill the Security Analyst?
Commentary  |  6/4/2020  | 
Five skills to ensure job security in the Age of Automation.
What Government Contractors Need to Know About NIST, DFARS Password Reqs
Commentary  |  6/3/2020  | 
Organizations that fail to comply with these rules can get hit with backbreaking fines and class-action lawsuits.
Social Distancing for Healthcare's IoT Devices
Commentary  |  6/3/2020  | 
Security pros need to double down around prevention of lateral movement by attackers, especially if IoT devices are connected to the network.
Risk Assessment & the Human Condition
Commentary  |  6/2/2020  | 
Five lessons the coronavirus pandemic can teach security professionals to better assess, monitor, manage, and mitigate organizational risk.
Banking on Data Security in a Time of Insecurity
Commentary  |  6/2/2020  | 
How banks can maintain security and data integrity in the middle of a pandemic.
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Commentary  |  6/1/2020  | 
Without the right tools and with not enough cybersecurity pros to fill the void, the talent gap will continue to widen.
Digital Distancing with Microsegmentation
Commentary  |  5/29/2020  | 
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.
3 SMB Cybersecurity Myths Debunked
Commentary  |  5/28/2020  | 
Small and midsize businesses are better at cyber resilience than you might think.
How Elite Protectors Operationalize Security Protection
Commentary  |  5/28/2020  | 
There is no silver bullet for cybersecurity. It takes the right people, with the right mindset, applying the right elements of good security from the data center to the SOC.
Standing Privilege: The Attacker's Advantage
Commentary  |  5/27/2020  | 
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
What the World's Elite Protectors Teach Us about Cybersecurity
Commentary  |  5/27/2020  | 
How to protect anyone and anything, from the perspective of a career Secret Service agent and former special operations marine.
Benefits of a Cloud-Based, Automated Cyber Range
Commentary  |  5/26/2020  | 
A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.
The Problem with Artificial Intelligence in Security
Commentary  |  5/26/2020  | 
Any notion that AI is going to solve the cyber skills crisis is very wide of the mark. Here's why.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.