Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Careers & People posted in October 2020
Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach
Commentary  |  10/30/2020  | 
As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
SANS Launches New CyberStart Program for All High School Students
News  |  10/30/2020  | 
Free program lets students solve real-world security problems - and learn about cybersecurity.
How Healthcare Organizations Can Combat Ransomware
Commentary  |  10/29/2020  | 
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
Breaking the Glass Ceiling: Tough for Women, Tougher for Women of Color
News  |  10/28/2020  | 
Security practitioners shed light on obstacles limiting career growth and the steps businesses can take to achieve their promises of a more diverse workforce.
5 Human Factors That Affect Secure Software Development
Commentary  |  10/27/2020  | 
With the move to remote work, it's especially important to understand how to support, discourage, and monitor conditions for development teams.
New Report Links Cybersecurity and Sustainability
Quick Hits  |  10/26/2020  | 
Some have also created the role of chief sustainability officer, according to Kaspersky.
FIRST Announces Cyber-Response Ethical Guidelines
Quick Hits  |  10/21/2020  | 
The 12 points seek to provide security professionals with advice on ethical behavior during incident response.
Dealing With Insider Threats in the Age of COVID
Commentary  |  10/21/2020  | 
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Commentary  |  10/21/2020  | 
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
Building the Human Firewall
Commentary  |  10/20/2020  | 
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
Security Officers, Are Your Employees Practicing Good Habits from Home?
Commentary  |  10/12/2020  | 
Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.
Why MSPs Are Hacker Targets, and What To Do About It
Commentary  |  10/9/2020  | 
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.
John McAfee Indicted on Tax Charges
Quick Hits  |  10/5/2020  | 
The indictment alleging tax evasion and failure to file returns was unsealed after his arrest in Spain.
'It Won't Happen to Me': Employee Apathy Prevails Despite Greater Cybersecurity Awareness
Commentary  |  10/1/2020  | 
To protect your organization from all emerging file-borne threats, the security and leadership teams must align to develop a streamlined approach to file security.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-43705
PUBLISHED: 2022-11-27
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
CVE-2022-45934
PUBLISHED: 2022-11-27
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45931
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
CVE-2022-45932
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
CVE-2022-45933
PUBLISHED: 2022-11-27
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side proj...