Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Latest Content
Page 1 / 2   >   >>
2020's COVID Accelerated Digitalization Demands Stronger Cybersecurity in 2021
Commentary  |  1/25/2021  | 
As critical infrastructure faces increasing and sophisticated attacks, these trends will enable the energy sector to shore up its cybersecurity defenses.
Why North Korea Excels in Cybercrime
Commentary  |  1/22/2021  | 
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Commentary  |  1/21/2021  | 
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
Rethinking IoT Security: It's Not About the Devices
Commentary  |  1/21/2021  | 
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
Tips for a Bulletproof War Room Strategy
Commentary  |  1/20/2021  | 
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
The Most Pressing Concerns Facing CISOs Today
Commentary  |  1/19/2021  | 
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
A Security Practitioner's Guide to Encrypted DNS
Commentary  |  1/19/2021  | 
Best practices for a shifting visibility landscape.
How to Achieve Collaboration Tool Compliance
Commentary  |  1/15/2021  | 
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.
Vulnerability Management Has a Data Problem
Commentary  |  1/14/2021  | 
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
The Data-Centric Path to Zero Trust
Commentary  |  1/13/2021  | 
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
How to Boost Executive Buy-In for Security Investments
Commentary  |  1/12/2021  | 
Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite.
Bringing Zero Trust to Secure Remote Access
Commentary  |  1/12/2021  | 
Demand for secure remote access has skyrocketed during the pandemic. Here Omdia profiles more secure alternatives to virtual private network (VPN) technology.
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Commentary  |  1/12/2021  | 
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack
Commentary  |  1/11/2021  | 
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.
When It Comes To Security Tools, More Isn't More
Commentary  |  1/11/2021  | 
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
Top 5 'Need to Know' Coding Defects for DevSecOps
Commentary  |  1/8/2021  | 
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.
The 3 Most Common Types of BEC Attacks (And What You Can Do About Them)
Commentary  |  1/7/2021  | 
Always be skeptical and double check credentials.
How to Protect Your Organization's Digital Footprint
Commentary  |  1/6/2021  | 
As the digital risk landscape evolves and grows, organizations must stay vigilant against online threats.
What You Need to Know About California's New Privacy Rules
Commentary  |  1/5/2021  | 
Proposition 24 will change Californians' rights and business's responsibilities regarding consumer data protection.
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Commentary  |  1/4/2021  | 
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.
How to Build Cyber Resilience in a Dangerous Atmosphere
Commentary  |  12/31/2020  | 
Our polarized climate and COVID-19 are putting the nation's cybersecurity in imminent danger, and it's past time to act.
Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
Commentary  |  12/30/2020  | 
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Commentary  |  12/29/2020  | 
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
India: A Growing Cybersecurity Threat
Commentary  |  12/29/2020  | 
Geopolitical tensions and a dramatic rise in offensive and defensive cyber capabilities lead India to join Iran, Russia, China, and North Korea as a top nation-state adversary.
Defending the COVID-19 Vaccine Supply Chain
Commentary  |  12/28/2020  | 
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
10 Benefits of Running Cybersecurity Exercises
Commentary  |  12/28/2020  | 
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.
Quarterbacking Vulnerability Remediation
Commentary  |  12/24/2020  | 
It's time that security got out of the armchair and out on the field.
Enterprise IoT Security Is a Supply Chain Problem
Commentary  |  12/23/2020  | 
Organizations that wish to take advantage of the potential benefits of IoT systems in enterprise environments should start evaluating third-party risk during the acquisition process.
Prepare to Fight Upcoming Cyber-Threat Innovations
Commentary  |  12/22/2020  | 
Cybercriminals are preparing to use computing performance innovations to launch new types of attacks.
Security as Code: How Repeatable Policy-Driven Deployment Improves Security
Commentary  |  12/22/2020  | 
The SaC approach lets users codify and enforce a secure state of application configuration deployment that limits risk.
We Have a National Cybersecurity Emergency -- Here's How We Can Respond
Commentary  |  12/21/2020  | 
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
2021 Cybersecurity Predictions: The Intergalactic Battle Begins
Commentary  |  12/18/2020  | 
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
VPNs, MFA & the Realities of Remote Work
Commentary  |  12/17/2020  | 
The work-from-home-era is accelerating cloud-native service adoption.
Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data
Commentary  |  12/16/2020  | 
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.
Why the Weakest Links Matter
Commentary  |  12/16/2020  | 
The recent FireEye and SolarWinds compromises reinforce the fact that risks should be understood, controls should be in place, and care should be taken at every opportunity.
SSO and MFA Are Only Half Your Identity Governance Strategy
Commentary  |  12/16/2020  | 
We need better ways to manage user identities for accessing applications, especially given the strain it places on overworked IT and security teams.
Nowhere to Hide: Don't Let Your Guard Down This Holiday Season
Commentary  |  12/15/2020  | 
Harden your defenses to ensure that your holiday downtime doesn't become an open door for cyber threats.
The Private Sector Needs a Cybersecurity Transformation
Commentary  |  12/15/2020  | 
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Commentary  |  12/14/2020  | 
Emerging businesses that don't embrace scalable security do so at their own peril.
Penetration Testing: A Road Map for Improving Outcomes
Commentary  |  12/11/2020  | 
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
Cloud Identity and Access Management: Understanding the Chain of Access
Commentary  |  12/10/2020  | 
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital
Commentary  |  12/10/2020  | 
Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.
The Holiday Shopping Season: A Prime Opportunity for Triangulation Fraud
Commentary  |  12/9/2020  | 
As e-commerce sales increase, so does the risk of hard-to-detect online fraud.
Navigating the Security Maze in a New Era of Cyberthreats
Commentary  |  12/9/2020  | 
Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.
Why Compliance Is No Longer King for Financial Services Cybersecurity
Commentary  |  12/8/2020  | 
Financial services companies' experience in risk management serves them well when it comes to minimizing their cyber-risk.
Attackers Know Microsoft 365 Better Than You Do
Commentary  |  12/8/2020  | 
Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.
Avoiding a 1984-Like Future
Commentary  |  12/7/2020  | 
We must not simply trust technology to be safe. Technology providers and users should agree on severe security practices, and these standards must be implemented wherever data goes.
Flash Dies but Warning Signs Persist: A Eulogy for Tech's Terrible Security Precedent
Commentary  |  12/4/2020  | 
Flash will be gone by the end of the year, but the ecosystem that allowed it to become a software security serial killer is ready to let it happen again.
Cloud Security Threats for 2021
Commentary  |  12/3/2020  | 
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
Commentary  |  12/3/2020  | 
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
Page 1 / 2   >   >>


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting