Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Latest Content
Page 1 / 2   >   >>
2020 Changed Identity Forever; What's Next?
Commentary  |  4/20/2021  | 
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
Beware the Bug Bounty
Commentary  |  4/20/2021  | 
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
SolarWinds: A Catalyst for Change & a Cry for Collaboration
Commentary  |  4/19/2021  | 
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.
How the Biden Administration Can Make Digital Identity a Reality
Commentary  |  4/16/2021  | 
A digital identity framework is the answer to the US government's cybersecurity dilemma.
6 Tips for Managing Operational Risk in a Downturn
Commentary  |  4/15/2021  | 
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
Nation-State Attacks Force a New Paradigm: Patching as Incident Response
Commentary  |  4/15/2021  | 
IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.
Bolstering Our Nation's Defenses Against Cybersecurity Attacks
Commentary  |  4/14/2021  | 
Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address.
Dark Reading to Upgrade Site Design, Performance
Commentary  |  4/13/2021  | 
Improvements will make site content easier to navigate, faster, and more functional.
5 Objectives for Establishing an API-First Security Strategy
Commentary  |  4/13/2021  | 
With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever.
Clear & Present Danger: Data Hoarding Undermines Better Security
Commentary  |  4/13/2021  | 
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
Wake Up and Smell the JavaScript
Commentary  |  4/12/2021  | 
The SolarWinds attack showed the true meaning of a supply chain breach. And it's the canary in the coal mine for sensitive data on the Web.
Omdia Research Spotlight: XDR
Commentary  |  4/12/2021  | 
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help
Commentary  |  4/9/2021  | 
Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.
Handcuffs Over AI: Solving Security Challenges With Law Enforcement
Commentary  |  4/8/2021  | 
We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
Rethinking Cyberattack Response: Prevention & Preparedness
Commentary  |  4/7/2021  | 
The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.
5 Ways to Transform Your Phishing Defenses Right Now
Commentary  |  4/7/2021  | 
By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.
Cartoon Caption Winner: Something Seems Afoul
Commentary  |  4/7/2021  | 
And the winner of Dark Readings's March cartoon caption contest is ...
Ryuk's Rampage Has Lessons for the Enterprise
Commentary  |  4/6/2021  | 
The Ryuk ransomware epidemic is no accident. The cybercriminals responsible for its spread have systematically exploited weaknesses in enterprise defenses that must be addressed.
NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets
Commentary  |  4/6/2021  | 
Compromised NFT accounts highlight security concerns inherent in the design of centralized systems.
7 Ways to Reduce Cyber Threats From Remote Workers
Commentary  |  4/5/2021  | 
The pandemic's decline won't stop the work-from-home trend nor the implications for cybersecurity, so it's crucial to minimize the threats.
US Tech Dominance Rides on Securing Intellectual Property
Commentary  |  4/2/2021  | 
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
Solving the Leadership Buy-In Impasse With Data
Commentary  |  4/1/2021  | 
Justify your requirements with real numbers to get support for security investments.
The Role of Visibility in Securing Cloud Applications
Commentary  |  4/1/2021  | 
Traditional data center approaches aren't built for securing modern cloud applications.
What's So Great About XDR?
Commentary  |  3/31/2021  | 
XDR is a significant advance in threat detection and response technology, but few enterprises understand why. Omdia identifies four catalysts driving the emergence of XDR.
Advice From Security Experts: How to Approach Security in the New Normal
Commentary  |  3/31/2021  | 
Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.
3 Ways Vendors Can Inspire Customer Trust Amid Breaches
Commentary  |  3/31/2021  | 
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
Watch Out for These Cyber-Risks
Commentary  |  3/30/2021  | 
It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Commentary  |  3/30/2021  | 
The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one.
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Commentary  |  3/30/2021  | 
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
4 Open Source Tools to Add to Your Security Arsenal
Commentary  |  3/29/2021  | 
Open source solutions can offer an accessible and powerful way to enhance your security-testing capabilities.
Data Bias in Machine Learning: Implications for Social Justice
Commentary  |  3/26/2021  | 
Take historically biased data, then add AI and ML to compound and exacerbate the problem.
Moving from DevOps to CloudOps: The Four-Box Problem
Commentary  |  3/26/2021  | 
With SOC teams running services on multiple cloud platforms, their big concern is how to roll up configuration of 200+ servers in a comprehensive way.
Security Operations in the World We Live in Now
Commentary  |  3/25/2021  | 
Despite the challenges of remote work, security operations teams can position themselves well for the future.
The CIO's Shifting Role: Improving Security With Shared Responsibility
Commentary  |  3/25/2021  | 
CIOs must create a culture centered around cybersecurity that is easily visible and manageable.
How Personally Identifiable Information Can Put Your Company at Risk
Commentary  |  3/25/2021  | 
By being more mindful of how and where they share PII, employees will deprive cybercriminals of their most useful tool.
What a Federal Data Privacy Law Would Mean for Consumers
Commentary  |  3/24/2021  | 
With an array of serious proposals from both sides of the political divide, it looks as though the US may finally have a national privacy law.
Prioritizing Application & API Security After the COVID Cloud Rush
Commentary  |  3/24/2021  | 
As companies hit the gas to accommodate the rapid shift to work-from-home, security fell behind. Now, it's time to close those gaps.
Disrupting the Cybercriminal Supply Chain
Commentary  |  3/23/2021  | 
It is time to turn the tables on cybercriminals and use their own tactics against them.
Data Protection Is a Group Effort
Commentary  |  3/23/2021  | 
When every employee is well-versed in customer data privacy principles, the DPO knows the enterprise's sensitive data is in good hands.
Top 3 Cybersecurity Lessons Learned From the Pandemic
Commentary  |  3/22/2021  | 
Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.
On the Road to Good Cloud Security: Are We There Yet?
Commentary  |  3/22/2021  | 
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
How Us Shady Geeks Put Others Off Security
Commentary  |  3/19/2021  | 
Early adopters of security and privacy tools may be perceived by others as paranoid, which, in turn, may repel non-experts from protecting themselves online.
Women's History Month: Making Mentorship Meaningful
Commentary  |  3/18/2021  | 
This month is a perfect opportunity for us to take a step back and think about what role we want to play as women in the technology sector.
Beware the Package Typosquatting Supply Chain Attack
Commentary  |  3/18/2021  | 
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
What CISOs Can Learn From Big Breaches: Focus on the Root Causes
Commentary  |  3/18/2021  | 
Address these six technical root causes of breaches in order to keep your company safer.
COVID, Healthcare Data & the Dark Web: A Toxic Stew
Commentary  |  3/17/2021  | 
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.
Enterprises Wrestle With Executive Social Media Risk Management
Commentary  |  3/17/2021  | 
Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.
Best Practices for Securing Service Accounts
Commentary  |  3/16/2021  | 
While service accounts solve many of the challenges presented by automation, they can also create serious problems when it comes to cybersecurity.
Combating Call Center Fraud in the Age of COVID
Commentary  |  3/16/2021  | 
With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.
Name That Toon: Something Seems Afoul
Commentary  |  3/15/2021  | 
Dark Reading's March cartoon caption contest is here, along with a few new feathered friends.
Page 1 / 2   >   >>


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...