Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Latest Content
Page 1 / 2   >   >>
WFH Summer 2020 Caption Contest Winners
Commentary  |  8/14/2020  | 
Clever wordplay on sandcastles, sandboxes, zero trust. and granular controls. And the winners are ...
Secure Development Takes a (Remote) Village
Commentary  |  8/13/2020  | 
The shift to work from home isn't just about giving your Dev team the physical tools they need.
Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity
Commentary  |  8/13/2020  | 
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.
With iOS's Privacy Nutrition Label, Apple Upstages Regulators
Commentary  |  8/13/2020  | 
New iOS privacy features require developers to disclose what data they're collecting, how they're using it, and with whom they share it.
Using 'Data for Good' to Control the Pandemic
Commentary  |  8/12/2020  | 
The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.
Threats vs. Thrift: Running Effective AppSec During a Global Crisis
Commentary  |  8/12/2020  | 
By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.
EU-US Privacy Shield Dissolution: What Happens Next?
Commentary  |  8/11/2020  | 
In a world that isn't private by design, security and liability implications for US-based cloud companies are huge.
How to Help Spoil the Cybercrime Economy
Commentary  |  8/11/2020  | 
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.
Vulnerability Prioritization: Are You Getting It Right?
Commentary  |  8/10/2020  | 
Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
IoT Security During COVID-19: What We've Learned & Where We're Going
Commentary  |  8/7/2020  | 
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Commentary  |  8/6/2020  | 
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
3 Tips For Better Security Across the Software Supply Chain
Commentary  |  8/6/2020  | 
It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
3 Tips for Securing Open Source Software
Commentary  |  8/5/2020  | 
Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.
Why Confidential Computing Is a Game Changer
Commentary  |  8/5/2020  | 
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.
Retooling the SOC for a Post-COVID World
Commentary  |  8/4/2020  | 
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
Securing IoT as a Remote Workforce Strategy
Commentary  |  8/4/2020  | 
Digital transformation with Internet of Things devices offers organizations a way forward in the era of COVID-19. Optimizing this approach for the future will need to start with security.
Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020
Commentary  |  8/3/2020  | 
Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees.
A Patriotic Solution to the Cybersecurity Skills Shortage
Commentary  |  8/3/2020  | 
Why now is the right time for the security industry to invest in the human capital that will make technology better, smarter, and safer.
3 Ways Social Distancing Can Strengthen Your Network
Commentary  |  7/31/2020  | 
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
5 Tips for Optimizing Your Company's Cyber-Crisis Preparedness
Commentary  |  7/30/2020  | 
Cyber-incident response often addresses short-term needs, but we need to broaden the view of crisis management to be more forward-thinking.
Black Hat Virtually: An Important Time to Come Together as a Community
Commentary  |  7/30/2020  | 
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
Using the Attack Cycle to Up Your Security Game
Commentary  |  7/30/2020  | 
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Commentary  |  7/29/2020  | 
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
The Future's Biggest Cybercrime Threat May Already Be Here
Commentary  |  7/29/2020  | 
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
Autonomous IT: Less Reacting, More Securing
Commentary  |  7/28/2020  | 
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
Commentary  |  7/28/2020  | 
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Commentary  |  7/27/2020  | 
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
Banning TikTok Won't Solve Our Privacy Problems
Commentary  |  7/24/2020  | 
Preventing the use of an apps based solely on its country of origin (no matter how hostile) is merely a Band-Aid that won't fully address all privacy and security concerns.
Data Privacy Challenges for California COVID-19 Contact Tracing Technology
Commentary  |  7/23/2020  | 
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.
Deepfakes & James Bond Research Project: Cool but Dangerous
Commentary  |  7/23/2020  | 
Open source software for creating deepfakes is getting better and better, to the chagrin of researchers
Ripple20's Effects Will Impact IoT Cybersecurity for Years to Come
Commentary  |  7/22/2020  | 
A series of newly discovered TCP/IP software vulnerabilities pose a threat to millions of IoT devices. Undiscovered since the early 1990s, they highlight the need to improve security in an increasingly precarious IoT supply chain.
The InfoSec Barrier to AI
Commentary  |  7/22/2020  | 
Information security challenges are proving to be a huge barrier for the artificial intelligence ecosystem. Conversely, AI is causing headaches for CISOs. Here's why.
Cybersecurity Lessons from the Pandemic
Commentary  |  7/22/2020  | 
How does cybersecurity support business and society? The pandemic shows us.
The Data Privacy Loophole Federal Agencies Are Still Missing
Commentary  |  7/21/2020  | 
Why knowledge-based authentication is leaving federal contact centers vulnerable to an increasingly sophisticated hacker community.
Leading Through Uncertainty: Be Proactive in Your Dark Web Intelligence Strategy
Commentary  |  7/21/2020  | 
Having a strong Dark Web intelligence posture helps security teams understand emerging vulnerability trends.
UK Data Privacy Legislation Cannot Be Bypassed to Limit Spread of COVID-19
Commentary  |  7/20/2020  | 
The UK faces GDPR data privacy challenges regarding its COVID-19 "Test and Trace" program. Despite the importance of contact tracing, its intent to ignore privacy legislation is extremely worrying.
What Organizations Need to Know About IoT Supply Chain Risk
Commentary  |  7/20/2020  | 
Here are some factors organizations should consider as they look to limit the risk posed by risks like Ripple20.
Cybersecurity Leaders: Invest In Your People
Commentary  |  7/16/2020  | 
Training, especially cross-training, is insanely powerful when team members are able to experience, train, and work together. It also builds trust.
Third-Party IoT Vulnerabilities: We Need a Cybersecurity Paradigm Shift
Commentary  |  7/16/2020  | 
The only entities equipped to safeguard Internet of Things devices against risks are the IoT device manufacturers themselves.
How Nanotechnology Will Disrupt Cybersecurity
Commentary  |  7/15/2020  | 
Tangible solutions related to cryptography, intelligent threat detection and consumer security are closer than you think.
Top 5 Questions (and Answers) About GRC Technology
Commentary  |  7/15/2020  | 
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.
'Make Your Bed' and Other Life Lessons for Security
Commentary  |  7/14/2020  | 
Follow this advice from a famous military commanders' commencement speech and watch your infosec team soar.
Crypto-Primer: Encryption Basics Every Security Pro Should Know
Commentary  |  7/14/2020  | 
With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques.
Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
Commentary  |  7/13/2020  | 
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Commentary  |  7/10/2020  | 
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Omdia Research Launches Page on Dark Reading
Commentary  |  7/9/2020  | 
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
Fight Phishing with Intention
Commentary  |  7/9/2020  | 
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
Pen Testing ROI: How to Communicate the Value of Security Testing
Commentary  |  7/9/2020  | 
There are many reasons to pen test, but the financial reasons tend to get ignored.
Fresh Options for Fighting Fraud in Financial Services
Commentary  |  7/8/2020  | 
Fraud prevention requires a consumer-centric, data sharing approach.
Why Cybersecurity's Silence Matters to Black Lives
Commentary  |  7/8/2020  | 
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.