Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Latest Content
Page 1 / 2   >   >>
Why Humans Are Phishing's Weakest Link
Commentary  |  4/6/2020  | 
And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoof
Want to Improve Cloud Security? It Starts with Logging
Commentary  |  4/3/2020  | 
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
Commentary  |  4/2/2020  | 
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
A Hacker's Perspective on Securing VPNs As You Go Remote
Commentary  |  4/2/2020  | 
As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful
Best Practices to Manage Third-Party Cyber-Risk Today
Commentary  |  4/2/2020  | 
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
Why All Employees Are Responsible for Company Cybersecurity
Commentary  |  4/1/2020  | 
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
Active Directory Attacks Hit the Mainstream
Commentary  |  4/1/2020  | 
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
The SOC Emergency Room Faces Malware Pandemic
Commentary  |  4/1/2020  | 
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.
Why Third-Party Risk Management Has Never Been More Important
Commentary  |  3/31/2020  | 
Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.
How Much Downtime Can Your Company Handle?
Commentary  |  3/31/2020  | 
Why every business needs cyber resilience and quick recovery times.
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Commentary  |  3/30/2020  | 
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
The Wild, Wild West(world) of Cybersecurity
Commentary  |  3/27/2020  | 
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
3 Mobile Security Problems That Most Security Teams Haven't Fixed Yet
Commentary  |  3/26/2020  | 
Mobility must be included in the security operations workflow so that company data is protected regardless of where remote workers are located.
Introducing Zero-Trust Access
Commentary  |  3/26/2020  | 
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
Do DevOps Teams Need a Company Attorney on Speed Dial?
Commentary  |  3/25/2020  | 
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
COVID-19: Getting Ready for the Next Business Continuity Challenge
Commentary  |  3/25/2020  | 
What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time.
How to Secure Your Kubernetes Deployments
Commentary  |  3/24/2020  | 
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
Vulnerability Management Isn't Just a Numbers Game
Commentary  |  3/24/2020  | 
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.
From Zero to Hero: CISO Edition
Commentary  |  3/23/2020  | 
It's time for organizations to realize that an empowered CISO can effectively manage enterprise risk and even grow the business along the way.
Security Ratings Are a Dangerous Fantasy
Commentary  |  3/20/2020  | 
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
Cyber Resilience Benchmarks 2020
Commentary  |  3/19/2020  | 
Here are four things that separate the leaders from the laggards when fighting cyber threats.
Achieving DevSecOps Requires Cutting Through the Jargon
Commentary  |  3/19/2020  | 
Establishing a culture where security can work easily with developers starts with making sure they can at least speak the same language.
Facebook Got Tagged, but Not Hard Enough
Commentary  |  3/18/2020  | 
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
What the Battle of Britain Can Teach Us About Cybersecurity's Human Element
Commentary  |  3/18/2020  | 
During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
Commentary  |  3/17/2020  | 
As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.
Needed: A Cybersecurity Good Samaritan Law
Commentary  |  3/17/2020  | 
Legislation should protect the good hackers who are helping to keep us safe, not just go after the bad.
4 Ways Thinking 'Childishly' Can Empower Security Professionals
Commentary  |  3/16/2020  | 
Younger minds -- more agile and less worried by failure -- provide a useful model for cyber defenders to think more creatively.
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us?
Commentary  |  3/13/2020  | 
Law-abiding folks like us applauded Texas for its bravery but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
Working from Home? These Tips Can Help You Adapt
Commentary  |  3/12/2020  | 
COVID-19 means many people are doing their jobs from outside the confines of the office. That may not be as easy as it sounds.
Back to the Future: A Threat Intelligence Journey
Commentary  |  3/12/2020  | 
Threat intelligence needs the problem solvers, the curious ones, the mission seekers, the analytical minds, the defenders, and the fierce -- whatever their gender.
How the Rise of IoT Is Changing the CISO Role
Commentary  |  3/11/2020  | 
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
Why CSP Isn't Enough to Stop Magecart-Like Attacks
Commentary  |  3/11/2020  | 
As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.
3 Tips to Stay Secure When You Lose an Employee
Commentary  |  3/10/2020  | 
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.
How Network Metadata Can Transform Compromise Assessment
Commentary  |  3/10/2020  | 
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
Cyber Resiliency, Cloud & the Evolving Role of the Firewall
Commentary  |  3/9/2020  | 
Today's defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here's why.
Threat Awareness: A Critical First Step in Detecting Adversaries
Commentary  |  3/9/2020  | 
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.
Securing Our Elections Requires Change in Technology, People & Attitudes
Commentary  |  3/6/2020  | 
Increasing security around our election process and systems will take a big effort from many different parties. Here's how.
6 Steps CISOs Should Take to Secure Their OT Systems
Commentary  |  3/5/2020  | 
The first question each new CISO must answer is, "What should I do on Monday morning?" My suggestion: Go back to basics. And these steps will help.
Advanced Tech Needs More Ethical Consideration & Security
Commentary  |  3/5/2020  | 
Unintended consequences and risks need board-level attention and action.
CISOs Who Want a Seat at the DevOps Table Better Bring Value
Commentary  |  3/4/2020  | 
Here are four ways to make inroads with the DevOps team -- before it's too late.
3 Ways to Strengthen Your Cyber Defenses
Commentary  |  3/4/2020  | 
By taking proactive action, organizations can face down threats with greater agility and earned confidence.
Avoiding the Perils of Electronic Communications
Commentary  |  3/3/2020  | 
Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
The Cybercrime Pandemic Keeps Spreading
Commentary  |  3/3/2020  | 
The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.
What Disney+ Can Teach Businesses About Customer Security
Commentary  |  3/2/2020  | 
Businesses must prioritize customer protection by taking on some of the responsibility to prevent credential stuffing attacks through multipronged authentication and identity management.
Reducing Risk with Data Minimization
Commentary  |  2/28/2020  | 
Putting your company on a data diet that reduces the amount of the sensitive data you store or use is a smart way to achieve compliance with GDPR and CCPA.
How We Enabled Ransomware to Become a Multibillion-Dollar Industry
Commentary  |  2/27/2020  | 
As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.
What Your Company Needs to Know About Hardware Supply Chain Security
Commentary  |  2/27/2020  | 
By establishing a process and framework, you can ensure you're not giving more advanced attackers carte blanche to your environment.
Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions
Commentary  |  2/26/2020  | 
Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.
5 Ways to Up Your Threat Management Game
Commentary  |  2/26/2020  | 
Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.
Ensure Your Cloud Security Is as Modern as Your Business
Commentary  |  2/25/2020  | 
Take a comprehensive approach to better protect your organization. Security hygiene is a must, but also look at your risk posture through a data protection lens.
Page 1 / 2   >   >>


HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5300
PUBLISHED: 2020-04-06
In Hydra (an OAuth2 Server and OpenID Certifiedâ„¢ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the t...
CVE-2019-19699
PUBLISHED: 2020-04-06
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To e...
CVE-2020-11102
PUBLISHED: 2020-04-06
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
CVE-2020-11507
PUBLISHED: 2020-04-06
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded.
CVE-2020-11544
PUBLISHED: 2020-04-06
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for...