Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in January 2014
Super Bowl Tech: A Supersized Role For Security
Commentary  |  1/31/2014  | 
The cold weather has been the strongest story line throughout the entire NFL season. Sundays game will be no exception -- behind the scenes and on the field.
Finding The Balance Between Compliance & Security
Commentary  |  1/30/2014  | 
IT departments can reduce security risks by combining the flexibility of ISO 27000 with the stringent requirements of PCI. Heres how.
Red Or Blue, I'm Usually The Only Woman On The Team
Commentary  |  1/30/2014  | 
Women are still few and far between in the cybersecurity field
For SMBs: How To Implement PCI DSS 3
Commentary  |  1/29/2014  | 
How PCI DSS v3.0 requirements affect the management of service providers for SMBs
The Scariest End-User Security Question: What Changed?
Commentary  |  1/29/2014  | 
Hitting employees over the head with fear, uncertainty, and doubt does little to help protect them from security threats. Is multi-factor authentication "by force" a better approach?
Data Security: 4 Questions For Road Warriors
Commentary  |  1/28/2014  | 
Traveling with electronic gear containing sensitive data carries a greater security risk today than ever before.
Target Breach: Why Smartcards Wont Stop Hackers
Commentary  |  1/24/2014  | 
"Chip and PIN" smartcard adoption in the United States is long overdue. But the security improvement wouldn't have stopped Targets BlackPOS malware attackers.
Future Shock: The Internet of Compromised Things
Commentary  |  1/23/2014  | 
Its doubtful that the average consumer would be aware that his or her refrigerator was participating in a DDoS attack. Even fewer would have any idea how to stop it.
Target Mocks, Not Helps, Its Data Breach Victims
Commentary  |  1/22/2014  | 
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Target Breach: 5 Unanswered Security Questions
Commentary  |  1/22/2014  | 
Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers.
HIPAA, SOX & PCI: The Coming Compliance Crisis In IT Security
Commentary  |  1/21/2014  | 
New mandates around datacenter virtualization, enterprise apps, and BYOD will stretch IT security staffs and budgets to the max in 2014.
What Would Judge Leon Say About The 'Big 8'?
Commentary  |  1/21/2014  | 
Why Apple, Facebook, Google, Microsoft, Twitter, and others' open letter against NSA spying practices rings of hypocrisy
Malware: More Hype Than Reality
Commentary  |  1/17/2014  | 
Sure, malware exists, but is it really as bad as the news suggests?
What Healthcare Can Teach Us About App Security
Commentary  |  1/15/2014  | 
The Centers for Disease Control protects people from health threats and increases the health security of our nation. Its a mission thats not so different from InfoSec.
Why IT Security RFPs Are Like Junk Food
Commentary  |  1/13/2014  | 
Buying the latest security technology won't save you if your company isn't carrying out basic health checks.
NSA Fallout: Why Foreign Firms Wont Buy American Tech
Commentary  |  1/10/2014  | 
Mounting evidence points to billions of dollars in lost US business thanks to the NSA's collect-everything mindset.
Cloud Gazing: 3 Security Trends To Watch
Commentary  |  1/9/2014  | 
The ultimate success of cloud computing depends on the security solutions we wrap around it.
Why I Pulled Out Of The RSA Conference
Commentary  |  1/8/2014  | 
Dave Kearns can't abide RSA's reported dealings with the NSA or its suspect security practices.
How Cloud Security Drives Business Agility
Commentary  |  1/7/2014  | 
Cloud computing represents a unique opportunity to re-think enterprise security and risk management.
Name That Toon: Contest Winners Named
Commentary  |  1/6/2014  | 
We enjoyed all the laughs on the road to choosing the winner of our first cartoon caption contest. Check out the funniest entries.
3 Themes For Implementing PCI DSS 3.0 For SMBs
Commentary  |  1/6/2014  | 
How the new PCI DSS v3.0 requirements affect the scope of cardholder data systems
Physical & Network Security: Better Together In 2014
Commentary  |  1/2/2014  | 
How ready are you for the day you discover there are more networked IP security cameras than laptops in your infrastructure – and none adheres to 802.1x standards?


A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing Writer,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17612
PUBLISHED: 2019-10-15
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter.
CVE-2019-17613
PUBLISHED: 2019-10-15
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...
CVE-2019-17395
PUBLISHED: 2019-10-15
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
CVE-2019-17602
PUBLISHED: 2019-10-15
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
CVE-2019-17394
PUBLISHED: 2019-10-15
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.