Commentary
Latest Content
|
To Mitigate Advanced Threats, Put People Ahead of Tech
Preventative technologies are only part of the picture and often come at the expense of the humans behind them.
Why Cybersecurity Burnout Is Real (and What to Do About It)
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
Security Analysts Are Only Human
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
9 Years After: From Operation Aurora to Zero Trust
How the first documented nation-state cyberattack is changing security today.
The Anatomy of a Lazy Phish
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
Making the Case for a Cybersecurity Moon Shot
There are severe and unsolved problems in our industry that justify a sustained effort and substantial investment. It's worth picking one.
Security Leaders Are Fallible, Too
Security leaders set the tone for their organizations, and there are many places where the process can go wrong. Second in a six-part series.
Privacy Ops: The New Nexus for CISOs & DPOs
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
These programs are now an essential strategy in keeping the digital desperados at bay.
Diversity Is Vital to Advance Security
Meet five female security experts who are helping to propel our industry forward.
How to Create a Dream Team for the New Age of Cybersecurity
When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.
5 Expert Tips for Complying with the New PCI Software Security Framework
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
Lessons Learned from a Hard-Hitting Security Review
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
Cybersecurity and the Human Element: We're All Fallible
We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.
Identifying, Understanding & Combating Insider Threats
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
What the Government Shutdown Teaches Us about Cybersecurity
As lawmakers face a Friday deadline to prevent the federal government from closing a second time, we examine the cost to the digital domain, both public and private.
A Dog's Life: Dark Reading Caption Contest Winners
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...
We Need More Transparency in Cybersecurity
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.
4 Payment Security Trends for 2019
Visa's chief risk officer anticipates some positive changes ahead.
When 911 Goes Down: Why Voice Network Security Must Be a Priority
When there's a DDoS attack against your voice network, are you ready to fight against it?
4 Practical Questions to Ask Before Investing in AI
A pragmatic, risk-based approach can help CISOs plan for an efficient, effective, and economically sound implementation of AI for cybersecurity.
Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service
How much do companies really gain from offloading security duties to the cloud? Let's do the math.
Mitigating the Security Risks of Cloud-Native Applications
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
Taming the Wild, West World of Security Product Testing
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
IoT Security's Coming of Age Is Overdue
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.
KISS, Cyber & the Humble but Nourishing Chickpea
The combination of simple, straightforward, and methodical ingredients are the keys to developing a balanced and well-rounded security program.
8 Cybersecurity Myths Debunked
The last thing any business needs is a swarm of myths and misunderstandings seeding common and frequent errors organizations of all sizes make in safeguarding data and infrastructure.
For a Super Security Playbook, Take a Page from Football
Four key questions to consider as you plan out your next winning security strategy.
Yes, You Can Patch Stupid
Before you start calling users stupid, remember that behind every stupid user is a stupider security professional.
Open Source & Machine Learning: A Dynamic Duo
In recent months, machine-learning code has become readily available in the open source community, putting security analysts on a path toward easier data pattern recognition.
Remote Access & the Diminishing Security Perimeter
Where security really matters, the enterprise is only as secure as the endpoints it allows to access its sensitive core systems.
Creating a Security Culture & Solving the Human Problem
People are the biggest weakness to security breaches; people can also be your organization's biggest defense.
Why Privacy Is Hard Work
For Data Privacy Day, let's commit to a culture of privacy by design, nurtured by a knowledgeable team that can execute an effective operational compliance program.
3 Ways Companies Mess Up GDPR Compliance the Most
The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.
The 5 Stages of CISO Success, Past & Future
In cybersecurity, as in history, security leaders who forget the lessons of the past will be doomed to repeat them.
Collateral Damage: When Cyberwarfare Targets Civilian Data
You can call it collateral damage. You can call it trickledown cyberwarfare. Either way, foreign hacker armies are targeting civilian enterprises as a means of attacking rival government targets.
Why Cybersecurity Must Be a Top Priority for Small & Midsize Businesses
The big corporations may grab the headlines, but America's SMBs have the most to lose in the aftermath of a data breach.
The Evolution of SIEM
Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.
Think Twice Before Paying a Ransom
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
The Fact and Fiction of Homomorphic Encryption
The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon.
How Cybercriminals Clean Their Dirty Money
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.
Shadow IT, IaaS & the Security Imperative
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
The Rx for HIPAA Compliance in the Cloud
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
The network no longer provides an air gap against external threats, but access devices can take up the slack.
Simulating Lateral Attacks Through Email
A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
Are You Listening to Your Kill Chain?
With the right tools and trained staff, any organization should be able to deal with threats before information is compromised.
Online Fraud: Now a Major Application Layer Security Problem
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
Why Cyberattacks Are the No. 1 Risk
The paradigm shift toward always-on IT requires business leaders to rethink their defense strategy.
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
|
White Papers
Video
10 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-6485
PUBLISHED: 2019-02-22
PUBLISHED: 2019-02-22
PUBLISHED: 2019-02-22
PUBLISHED: 2019-02-22
PUBLISHED: 2019-02-22
From DHS/US-CERT's National Vulnerability Database CVE-2019-6485
PUBLISHED: 2019-02-22
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5...
CVE-2019-9020PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc...
CVE-2019-9021PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file...
CVE-2019-9022PUBLISHED: 2019-02-22
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parser...
CVE-2019-9023PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcom...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This