Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Latest
Page 1 / 2   >   >>
Third-Party IoT Vulnerabilities: We Need a Cybersecurity Paradigm Shift
Commentary  |  7/16/2020  | 
The only entities equipped to safeguard Internet of Things devices against risks are the IoT device manufacturers themselves.
How Nanotechnology Will Disrupt Cybersecurity
Commentary  |  7/15/2020  | 
Tangible solutions related to cryptography, intelligent threat detection and consumer security are closer than you think.
Top 5 Questions (and Answers) About GRC Technology
Commentary  |  7/15/2020  | 
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.
'Make Your Bed' and Other Life Lessons for Security
Commentary  |  7/14/2020  | 
Follow this advice from a famous military commanders' commencement speech and watch your infosec team soar.
Crypto-Primer: Encryption Basics Every Security Pro Should Know
Commentary  |  7/14/2020  | 
With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques.
Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
Commentary  |  7/13/2020  | 
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Commentary  |  7/10/2020  | 
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Omdia Research Launches Page on Dark Reading
Commentary  |  7/9/2020  | 
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
Fight Phishing with Intention
Commentary  |  7/9/2020  | 
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
Pen Testing ROI: How to Communicate the Value of Security Testing
Commentary  |  7/9/2020  | 
There are many reasons to pen test, but the financial reasons tend to get ignored.
Fresh Options for Fighting Fraud in Financial Services
Commentary  |  7/8/2020  | 
Fraud prevention requires a consumer-centric, data sharing approach.
Why Cybersecurity's Silence Matters to Black Lives
Commentary  |  7/8/2020  | 
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
Framing the Security Story: The Simplest Threats Are the Most Dangerous
Commentary  |  7/7/2020  | 
Don't be distracted by flashy advanced attacks and ignore the more mundane ones.
Applying the 80-20 Rule to Cybersecurity
Commentary  |  7/7/2020  | 
How security teams can achieve 80% of the benefit for 20% of the work.
How to Assess More Sophisticated IoT Threats
Commentary  |  7/6/2020  | 
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.
Introducing 'Secure Access Service Edge'
Commentary  |  7/3/2020  | 
The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.
Anatomy of a Long-Con Phish
Expert Insights  |  7/2/2020  | 
A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.
Considerations for Seamless CCPA Compliance
Commentary  |  7/2/2020  | 
Three steps to better serve consumers, ensure maximum security, and achieve compliance with the California Consumer Privacy Act.
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Commentary  |  7/2/2020  | 
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
4 Steps to a More Mature Identity Program
Commentary  |  7/1/2020  | 
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Commentary  |  7/1/2020  | 
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Commentary  |  6/30/2020  | 
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
3 Ways to Flatten the Health Data Hacking Curve
Commentary  |  6/30/2020  | 
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
Commentary  |  6/29/2020  | 
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Commentary  |  6/26/2020  | 
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
Contact Tracing & Threat Intel: Broken Tools & Processes
Commentary  |  6/25/2020  | 
How epidemiology can solve the people problem in security.
Better Collaboration Between Security & Development
Commentary  |  6/25/2020  | 
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.
Average Cost of a Data Breach: $116M
Commentary  |  6/24/2020  | 
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
Rethinking Enterprise Access, Post-COVID-19
Commentary  |  6/24/2020  | 
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
5 Steps for Implementing Multicloud Identity
Commentary  |  6/23/2020  | 
Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations.
Long-Term Effects of COVID-19 on the Cybersecurity Industry
Commentary  |  6/22/2020  | 
The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.
How to Secure Machine Learning
Expert Insights  |  6/19/2020  | 
Part two of a series on avoiding potential security risks with ML.
'New Normal' Caption Contest Winners
Commentary  |  6/19/2020  | 
Competitors submitted lots of clever virus puns, and the prizes go to ...
The Bigger the News, the Bigger the Cyber Threats
Commentary  |  6/18/2020  | 
Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.
CISO Dialogue: How to Optimize Your Security Budget
Commentary  |  6/18/2020  | 
CISOs are never going to have all the finances they want. Hard choices must be made. The CISO of Amazon Prime Video discusses his approaches to a slimmed-down budget.
3 Things Wilderness Survival Can Teach Us About Email Security
Commentary  |  6/17/2020  | 
It's a short hop from shows like 'Naked and Afraid' and 'Alone' to your email server and how you secure it
Too Big to Cyber Fail?
Commentary  |  6/17/2020  | 
How systemic cyber-risk threatens US banks and financial services companies
Ransomware from Your Lawyer's Perspective
Commentary  |  6/16/2020  | 
Three good reasons why your incident response team's first call after a data breach should be to outside counsel.
IoT Security Trends & Challenges in the Wake of COVID-19
Commentary  |  6/16/2020  | 
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here's why.
The Bright Side of the Dark Web
Commentary  |  6/15/2020  | 
As the hitmen and fraudsters retreat, the Dark Web could become freedom's most important ally.
Building Security into Software
Expert Insights  |  6/12/2020  | 
Part 1 of a two-part series about securing machine learning.
The Future Will Be Both Agile and Hardened
Commentary  |  6/12/2020  | 
What COVID-19 has taught us about the digital revolution.
The Hitchhiker's Guide to Web App Pen Testing
Commentary  |  6/11/2020  | 
Time on your hands and looking to learn about web apps? Here's a list to get you started.
What COVID-19 Teaches Us About Social Engineering
Commentary  |  6/11/2020  | 
Unless we do something proactively, social engineering's impact is expected to keep getting worse as people's reliance on technology increases and as more of us are forced to work from home.
The Telehealth Attack Surface
Commentary  |  6/10/2020  | 
Amid the surge in digital healthcare stemming from the coronavirus pandemic, security is taking a backseat to usability.
3 Ways the Pandemic Will Affect Enterprise Security in the Future
Commentary  |  6/10/2020  | 
While CISOs have been focused on immediate threats, it's time to look ahead to what a post-COVID-19 future will look like.
Will Vote-by-App Ever Be Safe?
Commentary  |  6/9/2020  | 
Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders.
CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond
Commentary  |  6/9/2020  | 
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.
Safeguard Your Remote Workforce
Commentary  |  6/8/2020  | 
DDoS attacks on VPN servers can not only bring remote work to a standstill but also cut off admins from accessing their systems. Here are three ways to stay safer.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4462
PUBLISHED: 2020-07-16
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive i...
CVE-2019-4747
PUBLISHED: 2020-07-16
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887.
CVE-2019-4748
PUBLISHED: 2020-07-16
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.
CVE-2020-14000
PUBLISHED: 2020-07-16
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code ...
CVE-2020-15027
PUBLISHED: 2020-07-16
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. This was patched in 2020.7 and in a hotfix for 2019.12.