Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Careers & People posted in June 2020
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Commentary  |  6/30/2020  | 
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Commentary  |  6/26/2020  | 
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
'New Normal' Caption Contest Winners
Commentary  |  6/19/2020  | 
Competitors submitted lots of clever virus puns, and the prizes go to ...
CISO Dialogue: How to Optimize Your Security Budget
Commentary  |  6/18/2020  | 
CISOs are never going to have all the finances they want. Hard choices must be made. The CISO of Amazon Prime Video discusses his approaches to a slimmed-down budget.
7 Tips for Employers Navigating Remote Recruitment
Slideshows  |  6/17/2020  | 
Hiring experts explain how companies should approach recruitment when employers and candidates are working remotely.
Collaboration Undermined When Security Teams Work Remotely, Some Argue
News  |  6/17/2020  | 
Knowledge workers are perfectly suited for remote work, but the benefits of collaboration and the requirements of proving identity make fully remote security teams problematic.
3 Ways the Pandemic Will Affect Enterprise Security in the Future
Commentary  |  6/10/2020  | 
While CISOs have been focused on immediate threats, it's time to look ahead to what a post-COVID-19 future will look like.
CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond
Commentary  |  6/9/2020  | 
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.
Could Automation Kill the Security Analyst?
Commentary  |  6/4/2020  | 
Five skills to ensure job security in the Age of Automation.
Companies Fall Short on Mandatory Reporting of Cybercrimes
News  |  6/2/2020  | 
Understaffed and under fire, companies fail to report cybercrimes even when they are legally obligated to notify authorities, results of a new survey show.
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Commentary  |  6/1/2020  | 
Without the right tools and with not enough cybersecurity pros to fill the void, the talent gap will continue to widen.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41011
PUBLISHED: 2021-09-22
LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.
CVE-2021-40875
PUBLISHED: 2021-09-22
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresp...
CVE-2021-31836
PUBLISHED: 2021-09-22
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.
CVE-2021-31841
PUBLISHED: 2021-09-22
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrar...
CVE-2021-31847
PUBLISHED: 2021-09-22
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, thro...