Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Careers & People posted in July 2020
New Initiative Links Cybersecurity Pros to Election Officials
Quick Hits  |  7/31/2020  | 
A University of Chicago Harris School of Public Policy initiative will build a database of cybersecurity volunteers.
Ill-Defined Career Paths Hamper Growth for IT Security Pros
News  |  7/30/2020  | 
Appsec and cloud security skills are the most in demand, and a shortage of staff is wearing on security teams, a new study shows.
5 Tips for Optimizing Your Company's Cyber-Crisis Preparedness
Commentary  |  7/30/2020  | 
Cyber-incident response often addresses short-term needs, but we need to broaden the view of crisis management to be more forward-thinking.
Black Hat Virtually: An Important Time to Come Together as a Community
Commentary  |  7/30/2020  | 
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Commentary  |  7/27/2020  | 
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
Block/Allow: The Changing Face of Hacker Linguistics
News  |  7/27/2020  | 
Terms such as "whitelist," "blacklist," "master," and "slave" are being scrutinized again and by a wider range of tech companies than ever before.
Remote Work Could Help Cybersecuritys Diversity Problem But Will It?
News  |  7/24/2020  | 
Job market data from the second quarter suggests there are increasing opportunities for women and minorities in the world of remote work, but long-standing biases may provide resistance.
Q&A: How Systemic Racism Weakens Cybersecurity
News  |  7/22/2020  | 
Cybersecurity policy expert and attorney Camille Stewart explains how to dismantle systemic racism in the industry and build a more diverse and representative workforce.
Cybersecurity Leaders: Invest In Your People
Commentary  |  7/16/2020  | 
Training, especially cross-training, is insanely powerful when team members are able to experience, train, and work together. It also builds trust.
Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems
News  |  7/15/2020  | 
A researcher shares the unexpected lessons learned in years of creating puzzles and riddles for his cybersecurity colleagues.
'Make Your Bed' and Other Life Lessons for Security
Commentary  |  7/14/2020  | 
Follow this advice from a famous military commanders' commencement speech and watch your infosec team soar.
A Paramedic's Lessons for Cybersecurity Pros
News  |  7/13/2020  | 
A paramedic turned cybersecurity expert shares his experiences in both fields, highlights their similarities, and explains how they can learn from each other.
Biden Campaign Hires 2 Top Cybersecurity Executives
Quick Hits  |  7/10/2020  | 
The campaign has filled the positions of CISO and CTO in the runup to the 2020 presidential election.
Omdia Research Launches Page on Dark Reading
Commentary  |  7/9/2020  | 
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
Fight Phishing with Intention
Commentary  |  7/9/2020  | 
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
Why Cybersecurity's Silence Matters to Black Lives
Commentary  |  7/8/2020  | 
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
Applying the 80-20 Rule to Cybersecurity
Commentary  |  7/7/2020  | 
How security teams can achieve 80% of the benefit for 20% of the work.
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Commentary  |  7/2/2020  | 
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34650
PUBLISHED: 2021-09-20
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6.
CVE-2021-41082
PUBLISHED: 2021-09-20
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were n...
CVE-2020-16630
PUBLISHED: 2021-09-20
TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that...
CVE-2020-26301
PUBLISHED: 2021-09-20
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted inpu...
CVE-2021-39325
PUBLISHED: 2021-09-20
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.