Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Latest Content
Page 1 / 2   >   >>
What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain
Commentary  |  6/15/2021  | 
Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves.
How Does the Government Buy Its Cybersecurity?
Commentary  |  6/15/2021  | 
The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year.
Know Thy Enemy: Fighting Half-Blind Against Ransomware Won't Work
Commentary  |  6/14/2021  | 
We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that.
Name That Toon: Sight Unseen
Commentary  |  6/14/2021  | 
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Colonial Pipeline Cyberattack Proves a Single Password Isn't Enough
Commentary  |  6/14/2021  | 
Since the attack, it's been revealed that it was down to a single password. Yes, ransomware needs to be on your radar -- but a focus on credentials is vital.
Secure Access Trade-offs for DevSecOps Teams
Commentary  |  6/11/2021  | 
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.
The Workforce Shortage in Cybersecurity Is a Myth
Commentary  |  6/10/2021  | 
What we really have is an automation-in-the-wrong-place problem.
Deepfakes Are on the Rise, but Don't Panic Just Yet
Commentary  |  6/10/2021  | 
Deepfakes will likely give way to deep suspicion, as users try to sort legitimate media from malicious.
Cyber Is the New Cold War & AI Is the Arms Race
Commentary  |  6/10/2021  | 
Continual cyberattacks have pushed us into a new kind of Cold War, with artificial intelligence the basis of this new arms race.
With Cloud, CDO and CISO Concerns Are Equally Important
Commentary  |  6/9/2021  | 
Navigated properly, a melding of these complementary perspectives can help keep an organization more secure.
Hardening the Physical Security Supply Chain to Mitigate the Cyber-Risk
Commentary  |  6/9/2021  | 
Nick Smith, Regional Manager at Genetec, details how physical security professionals can improve their resilience to cyberattacks by reviewing the cybersecurity policies of those they work with in the supply chain. This includes everyone from component vendors to installers and engineers.
Ransomware Is Not the Problem
Commentary  |  6/9/2021  | 
Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.
How Employees Can Keep Their 401(k)s Safe From Cybercriminals
Commentary  |  6/8/2021  | 
As retirement fund balances grow, cybercriminals are becoming more brazen in their efforts to deplete people's savings.
Cyber Resilience: The Emerald City of the Security World
Commentary  |  6/8/2021  | 
Small and midsize businesses and managed service providers must use their heart, brain, and courage as they follow the Yellow Brick Road to cyber resilience.
An Answer to APP Scams You Can Bank On
Commentary  |  6/8/2021  | 
Financial institutions' usual fraud-detection methods can't detect most authorized push payment (APP) scams, putting customers and banks at risk.
Cartoon Caption Winner: Road Trip
Commentary  |  6/7/2021  | 
And the winner of Dark Reading's cartoon caption contest is ...
Cyber Athletes Compete to Form US Cyber Team
Commentary  |  6/7/2021  | 
Here's how security pros can showcase value to future employers: a field of friendly strife to measure their aptitude against competitors.
The US Must Redefine Critical Infrastructure for the Digital Era
Commentary  |  6/7/2021  | 
The template being used to manage essential connectivity isn't just outdated, it's actively counter-productive.
What the FedEx Logo Taught Me About Cybersecurity
Commentary  |  6/4/2021  | 
Cyber threats are staring you in the face, but you can't see them.
The Perfect Storm for PAM to Grow In
Commentary  |  6/4/2021  | 
With more staff working remotely, privileged access management (or PAM) has never been more important. Market forecasts, drivers, and trends are explored.
The True Cost of a Ransomware Attack
Commentary  |  6/3/2021  | 
Companies need to prepare for the costs of an attack now, before they get attacked. Here's a checklist to help.
The Colonial Pipeline Attack Is Your Boardroom Wake-Up Call
Commentary  |  6/3/2021  | 
Why business leaders must adopt a risk-led approach to cybersecurity.
Is Your Adversary James Bond or Mr. Bean?
Commentary  |  6/2/2021  | 
Especially with nation-state attacks, its critical to assess whether you're up against jet fighter strength or a bumbler who tries to pick locks.
Chaos for the Sake of Chaos? Yes, Nation-States Are That Cynical
Commentary  |  6/2/2021  | 
Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.
Return to Basics: Email Security in the Post-COVID Workplace
Commentary  |  6/1/2021  | 
As we reimagine the post-pandemic workplace, we must also reevaluate post-pandemic email security practices.
CISO Confidence Is Rising, but Issues Remain
Commentary  |  6/1/2021  | 
New research reveals how global CISOs dealt with COVID-19 and their plans for 20222023.
3 SASE Misconceptions to Consider
Commentary  |  5/31/2021  | 
SASE is all the rage, promising things IT leaders have long dreamed about, but a purist approach may create consequences.
Most Mobile Apps Can Be Compromised in 15 Minutes or Less
Commentary  |  5/28/2021  | 
In the name of releasing apps quickly and delivering a smooth user experience, mobile app security is often given short shrift.
Acronis: Pandemic Hastened Cloud Migration, Prompting New Security Issues
Commentary  |  5/27/2021  | 
SPONSORED: WATCH NOW -- The COVID-19 pandemic has accelerated an ongoing shift in data away from business data centers to home offices and the cloud, explains Candid Wust, VP of cyber protection research for Acronis.
Let's Stop Blaming Employees for Our Data Breaches
Commentary  |  5/27/2021  | 
Assuming employees want to steal trade secrets pits them against your security teams, creates stress and reduces productivity.
How Menlo Uses Isolation to Secure Mobile Devices in the Cloud
Commentary  |  5/27/2021  | 
SPONSORED: WATCH NOW -- Mobile devices like smartphones and tablets have emerged as popular targets for bad actors looking to break into to cloud-based networks, according to Poornima DeBolle, chief product officer for Menlo Security.
Prevention Is the Only Cure: The Dangers of Legacy Systems
Commentary  |  5/27/2021  | 
Prolonged exposure to poorly managed legacy IT devices proves time and time again the familiar adage: What can go wrong will go wrong.
ExtraHop Explains How Advanced Threats Dominate Threat Landscape
Commentary  |  5/27/2021  | 
SPONSORED: WATCH NOW -- How do SOC professionals build a strategy when they lack basic information about how such threats operate? Advanced threats by their very nature create plenty of uncertainty, according to Matt Cauthorn, VP of cloud security for ExtraHop.
Cisco: Reduced Complexity in the SOC Improves Enterprise Security
Commentary  |  5/26/2021  | 
SPONSORED: WATCH NOW -- All it took was a global pandemic and a shift to working from home to expose security operations centers' open secret: Too much software, systems, and data to filter. Dug Song, chief strategy officer of Cisco Secure, makes a strong case for why reducing that complexity is the only tenable way forward for security professionals.
Bug Bounties and the Cobra Effect
Commentary  |  5/26/2021  | 
Are bug bounty programs allowing software companies to skirt their responsibility to make better, more secure products from the get-go?
Devo: SIEM Continues to Evolve with Tech Trends and Emerging Threats
Commentary  |  5/26/2021  | 
SPONSORED: WATCH NOW -- Some organizations split the difference with a hybrid of premises- and cloud-based SIEM, says Ted Julian, senior VP of product at Devo. As security data volumes continue to increase, SIEM's evolution will only continue.
Messaging Apps: The Latest Hotbed in the Fraud Ecosystem
Commentary  |  5/26/2021  | 
Telegram and other secure messaging apps have become a haven for professional criminals to wreak havoc and turn a profit.
Orange: Your Leaky Security is Coming from Inside the House!
Commentary  |  5/26/2021  | 
SPONSORED: Your home WiFi router may be screaming fast, but it's also a major point of vulnerability in this work-from-home era, says Charl van der Walt, head of security research at Orange Cyberdefense. And while Zero Trust offers some relief, he offers up some how-to advice to ensure it's properly deployed.
Axis Fosters Work-From-Home Momentum with Zero Trust Network Access
Commentary  |  5/25/2021  | 
SPONSORED: Watch now -- VPN and VDI, while still useful, lack the hardened security required to keep users secure. That's created an opening for Zero Trust network access.
Your Network's Smallest Cracks Are Now Its Biggest Threats
Commentary  |  5/25/2021  | 
Bad actors have flipped the script by concentrating more on low-risk threats. Here's how to address the threat and the tactics.
Uptycs Offers Resilience Formula to Boost Business Continuity
Commentary  |  5/25/2021  | 
SPONSORED CONTENT: Breaches and data loss are inevitable, but customers can bounce back more readily with some planning and foresight, says Ganesh Pai, CEO and founder of Uptycs. He suggests a trajectory for customers looking to improve their own resilience, starting with proactiveness, followed by reactivity, then predictive capabilities and better protection.
The Adversary Within: Preventing Disaster From Insider Threats
Commentary  |  5/25/2021  | 
Insiders are in a position of trust, and their elevated permissions provide opportunities to cause serious harm to critical business applications and processes.
Turn the Tables: Supply Chain Defense Needs Some Offense, Fortinet Says
Commentary  |  5/25/2021  | 
SPONSORED CONTENT: Watch now -- While the SolarWinds hack put fresh attention on supply chain vulnerabilities, Derek Manky of Fortinet's Fortiguard Labs suggests dismantling cybercriminals' own supply chains.
Sophos Research Uncovers Widespread Use of TLS By Cybercriminals
Commentary  |  5/24/2021  | 
SPONSORED CONTENT: Nearly half of all malware is being disseminated via the Transport Layer Security cryptographic protocol, says Dan Schiappa, executive VP and chief product officer for Sophos.
Work from Home Modifies the Endpoint Security Equation, Cisco Says
Commentary  |  5/24/2021  | 
SPONSORED CONTENT: As customers get to grips with this new WFH reality, they'll need to simplify their implementations and make more use of automation, says Cisco Secure's Al Huger.
As Threat Hunting Matures, Malware Labs Emerge
Commentary  |  5/24/2021  | 
By leveraging their analysis outputs, security pros can update detection rules engines and establish a stronger security posture in the process.
The Changing Face of Cybersecurity Awareness
Commentary  |  5/21/2021  | 
In the two decades since cybersecurity awareness programs emerged, they've been transformed from a good idea to a business imperative.
Security Providers Describe New Solutions (& Growing Threats) at RSAC
Commentary  |  5/20/2021  | 
SPONSORED CONTENT: Watch now -- Leading security companies meet Dark Reading in the RSA Conference Broadcast Alley to talk about tackling insider threat, SOC complexity, cyber resilience, mobile security, attacker evasion, supply chain threats, ransomware, and more.
3 Ways Anti-Vaxxers Will Undercut Security With Misinformation
Commentary  |  5/20/2021  | 
Misinformation campaigns thrive on inequality of knowledge, which bad actors use to drive a wedge between communities.
How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World
Commentary  |  5/20/2021  | 
A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.
Page 1 / 2   >   >>


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This gives a new meaning to blind leading the blind.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21441
PUBLISHED: 2021-06-16
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS A...
CVE-2020-9493
PUBLISHED: 2021-06-16
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
CVE-2021-28815
PUBLISHED: 2021-06-16
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link vers...
CVE-2021-3535
PUBLISHED: 2021-06-16
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. ...
CVE-2021-32685
PUBLISHED: 2021-06-16
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-5...