Commentary
Latest Content
|
Inside a SamSam Ransomware Attack
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
Improving the Adoption of Security Automation
Four barriers to automation and how to overcome them.
How to Prepare for 'WannaCry 2.0'
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Do 'cloud-first' strategies create a security-second mindset?
3 Tips for Driving User Buy-in to Security Policies
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Modern Cybersecurity Demands a Different Corporate Mindset
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
Meet 'Bro': The Best-Kept Secret of Network Security
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
LeBron vs. Steph: The NBA Version of Cyber Defense vs. Cyberattacks
It takes an aggressive, swarming approach to overcome the most dangerous threats today.
Why CISOs Need a Security Reality Check
We deserve a seat at the executive table, and we'll be much better at our jobs once we take it.
'Shift Left' & the Connected Car
How improving application security in the automotive industry can shorten product development time, reduce costs, and save lives.
Weaponizing IPv6 to Bypass IPv4 Security
Just because you're not yet using IPv6 doesn't mean you're safe from the protocol's attack vectors.
6 Ways Greed Has a Negative Effect on Cybersecurity
How the security industry can both make money and stay true to its core values, and why that matters.
Threat Landscape: Dark Reading Caption Contest Winners
Insider threats -- desktop attacks, security awareness, caffeine -- all worthy contenders in our cartoon caption competition. And the winners are ...
Side-Channel Attacks & the Importance of Hardware-Based Security
Reliably evaluating the security of modern infrastructure requires a solid understanding of the hardware supporting it.
In Pursuit of Cryptography's Holy Grail
Homomorphic encryption eliminates the need for data exposure at any point — something that certainly would be welcome these days.
DOD Looks to the Cloud for Browser Security
The US Department of Defense just published its cloud browser strategy. What's yours?
'Strutting' Past the Equifax Breach: Lessons Learned
In hindsight, there were two likely causes for last year's massive breach: the decision to use Apache Struts, and a failure to patch in a timely fashion. Both are still a recipe for disaster.
'EFAIL' Is Why We Can’t Have Golden Keys
A deep dive into the issues surrounding an HTML email attack.
I, for One, Welcome Our Robotic Security Overlords
Automation will come in more subtle ways than C-3PO — and it's transforming cybersecurity.
Building a Safe, Efficient, Cost-Effective Security Infrastructure
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
Cybercrime Is Skyrocketing as the World Goes Digital
If cybercrime were a country, it would have the 13th highest GDP in the world.
The Good News about Cross-Domain Identity Management
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
Getting Revolutionary (Not Evolutionary) about Cybersecurity
Being a security revolutionary isn't purely about new, ground-breaking ideas. It's about anticipating, outpacing, and influencing your world, both internally and externally. Here are five keys to success.
How to Empower Today's 'cISOs'
Although many security leaders have a C in their title, not all are true capital-C "Chiefs." Here are three ways to live up to the job description.
New Threats, Old Threats: Everywhere a Threat
First-quarter data shows cryptojacking on the rise -- but don't count out some "classic" threats just yet.
Bridging the Cybersecurity Talent Gap
There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
The Good & Bad News about Blockchain Security
Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.
Is Threat Intelligence Garbage?
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
The State of Information Sharing 20 Years after the First White House Mandate
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
How to Hang Up on Fraud
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
The Risks of Remote Desktop Access Are Far from Remote
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
Why Isn't Integrity Getting the Attention It Deserves?
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
Want Your Daughter to Succeed in Cyber? Call Her John
It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.
Taming the Chaos of Application Security: 'We Built an App for That'
Want to improve the state of secure software coding? Hide the complexity from developers.
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
The New Security Playbook: Get the Whole Team Involved
Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
With the addition of secure enclaves, secure boot, and related features of "Clear," the only ones that will be able to test this code are Apple, well-resourced nations, and vendors who sell jailbreaks.
Ready or Not: Transport Layer Security 1.3 Is Coming
Better encryption could mean weaker security if you're not careful.
20 Signs You Are Heading for a Retention Problem
If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
Properly Framing the Cost of a Data Breach
The expenses and actions typically associated with a cyberattack are not all created equal. Here's how to explain what's important to the C-suite and board.
Breakout Time: A Critical Key Cyber Metric
Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.
Defending Against an Automated Attack Chain: Are You Ready?
Recent threats like AutoSploit bring malware-as-a-service to a whole new level. Here are four ways to be prepared.
|
White Papers
Video
0 Comments
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-0363
PUBLISHED: 2018-06-21
PUBLISHED: 2018-06-21
PUBLISHED: 2018-06-21
PUBLISHED: 2018-06-21
PUBLISHED: 2018-06-21
From DHS/US-CERT's National Vulnerability Database CVE-2018-0363
PUBLISHED: 2018-06-21
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulne...
CVE-2018-0364PUBLISHED: 2018-06-21
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSR...
CVE-2018-0365PUBLISHED: 2018-06-21
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protecti...
CVE-2018-0371PUBLISHED: 2018-06-21
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a craf...
CVE-2018-0373PUBLISHED: 2018-06-21
A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper ...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This