Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in January 2018
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Commentary  |  1/31/2018  | 
Authentication security methods are getting better all the time, but they are still not infallible.
5 Questions to Ask about Machine Learning
Commentary  |  1/31/2018  | 
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Breach-Proofing Your Data in a GDPR World
Commentary  |  1/30/2018  | 
Here are six key measures for enterprises to prioritize over the next few months.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
Commentary  |  1/30/2018  | 
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
An Action Plan to Fill the Information Security Workforce Gap
Commentary  |  1/29/2018  | 
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Commentary  |  1/26/2018  | 
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
How Containers & Serverless Computing Transform Attacker Methodologies
Commentary  |  1/25/2018  | 
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Commentary  |  1/25/2018  | 
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
Security Automation: Time to Start Thinking More Strategically
Commentary  |  1/24/2018  | 
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
GDPR: Ready or Not, Here It Comes
Commentary  |  1/24/2018  | 
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
Meltdown, Spectre Patches, Performance & My Neighbor's Sports Car
Commentary  |  1/23/2018  | 
When a flaw in the engine of a data center server makes it run more like a Yugo than a Porsche, it's the lawyers who will benefit.
5 Steps to Better Security in Hybrid Clouds
Commentary  |  1/23/2018  | 
Following these tips can improve your security visibility and standardize management across hybrid environments.
9 Steps to More-Effective Organizational Security
Commentary  |  1/22/2018  | 
Too often security is seen as a barrier, but it's the only way to help protect the enterprise from threats. Here are tips on how to strengthen your framework.
Understanding Supply Chain Cyber Attacks
Commentary  |  1/19/2018  | 
While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security.
Tax Reform, Cybersecurity-Style
Commentary  |  1/18/2018  | 
How the security industry can be more effective and efficient by recognizing four hidden "taxes" in the buying and selling process.
How to Keep Blue Teams Happy in an Automated Security World
Commentary  |  1/18/2018  | 
The creativity and intuition of your team members must be developed and nurtured.
Living with Risk: Where Organizations Fall Short
Commentary  |  1/17/2018  | 
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
How AI Would Have Caught the Forever 21 Breach
Commentary  |  1/17/2018  | 
Companies must realize that the days of the desktop/server model are over and focus on "nontraditional" devices.
In Security & Life, Busy Is Not a Badge of Honor
Commentary  |  1/16/2018  | 
All security teams are busy, but not all security teams are productive. The difference between the two is huge.
Mental Models & Security: Thinking Like a Hacker
Commentary  |  1/16/2018  | 
These seven approaches can change the way you tackle problems.
What Can We Learn from Counterterrorism and National Security Efforts?
Commentary  |  1/12/2018  | 
The best practices and technologies that originated in the intelligence realm can help businesses stay safer, too.
Privacy: The Dark Side of the Internet of Things
Commentary  |  1/11/2018  | 
Before letting an IoT device into your business or home, consider what data is being collected and where it is going.
AI in Cybersecurity: Where We Stand & Where We Need to Go
Commentary  |  1/11/2018  | 
How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.
'Shift Left': Codifying Intuition into Secure DevOps
Commentary  |  1/10/2018  | 
Shifting left is more than a catchy phrase. It's a mindset that emphasizes the need to think about security in all phases of the software development life cycle.
'Back to Basics' Might Be Your Best Security Weapon
Commentary  |  1/10/2018  | 
A company's ability to successfully reduce risk starts with building a solid security foundation.
'Tis the Season: Dark Reading Caption Contest Winners
Commentary  |  1/9/2018  | 
Bricked devices, penetration tests, and virtual reality were among the themes submitted in our latest holiday caption competition. And the winners are ...
CISOs' Cyber War: How Did We Get Here?
Commentary  |  1/9/2018  | 
We're fighting the good fight -- but, ultimately, losing the war.
Vulnerability Management: The Most Important Security Issue the CISO Doesn't Own
Commentary  |  1/8/2018  | 
Information security and IT need to team up to make patch management more efficient and effective. Here's how and why.
The Nightmare Before Christmas: Security Flaws Inside our Computers
Commentary  |  1/5/2018  | 
How an Intel design decision with no review by industry security consultants led to one of the biggest vulnerabilities in recent history.
Uber's Biggest Mistake: It Wasn't Paying Ransom
Commentary  |  1/4/2018  | 
Rather than scrambling to deal with attacks after the fact, companies need to focus on improving detection capabilities with tools that help them work within data laws, not outside of them.
The Internet of (Secure) Things Checklist
Commentary  |  1/4/2018  | 
Insecure devices put your company at jeopardy. Use this checklist to stay safer.
In Mobile, It's Back to the Future
Commentary  |  1/3/2018  | 
The mobile industry keeps pushing forward while overlooking some security concerns of the past.
A Pragmatic Approach to Fixing Cybersecurity: 5 Steps
Commentary  |  1/3/2018  | 
The digital infrastructure that supports our economy, protects our national security, and empowers our society must be made more secure, more trusted, and more reliable. Here's how.
The Cybersecurity 'Upside Down'
Commentary  |  1/2/2018  | 
There is no stranger thing than being breached. Here are a few ways to avoid the horror.
The Argument for Risk-Based Security
Commentary  |  1/2/2018  | 
A scanner can identify a vulnerability, but only a deep understanding of cyber exposure will tell you about the seriousness of that risk. Here's how and why.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19729
PUBLISHED: 2019-12-11
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-inpu...
CVE-2019-19373
PUBLISHED: 2019-12-11
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parame...
CVE-2019-19374
PUBLISHED: 2019-12-11
An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the se...
CVE-2014-7257
PUBLISHED: 2019-12-11
SQL injection vulnerability in DBD::PgPP 0.05 and earlier
CVE-2013-4303
PUBLISHED: 2019-12-11
includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-s...