Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in January 2019
8 Cybersecurity Myths Debunked
Commentary  |  1/31/2019  | 
The last thing any business needs is a swarm of myths and misunderstandings seeding common and frequent errors organizations of all sizes make in safeguarding data and infrastructure.
For a Super Security Playbook, Take a Page from Football
Commentary  |  1/31/2019  | 
Four key questions to consider as you plan out your next winning security strategy.
Yes, You Can Patch Stupid
Commentary  |  1/30/2019  | 
Before you start calling users stupid, remember that behind every stupid user is a stupider security professional.
Open Source & Machine Learning: A Dynamic Duo
Commentary  |  1/30/2019  | 
In recent months, machine-learning code has become readily available in the open source community, putting security analysts on a path toward easier data pattern recognition.
Remote Access & the Diminishing Security Perimeter
Commentary  |  1/29/2019  | 
Where security really matters, the enterprise is only as secure as the endpoints it allows to access its sensitive core systems.
Creating a Security Culture & Solving the Human Problem
Commentary  |  1/29/2019  | 
People are the biggest weakness to security breaches; people can also be your organization's biggest defense.
Why Privacy Is Hard Work
Commentary  |  1/28/2019  | 
For Data Privacy Day, let's commit to a culture of privacy by design, nurtured by a knowledgeable team that can execute an effective operational compliance program.
3 Ways Companies Mess Up GDPR Compliance the Most
Commentary  |  1/28/2019  | 
The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.
The 5 Stages of CISO Success, Past & Future
Commentary  |  1/25/2019  | 
In cybersecurity, as in history, security leaders who forget the lessons of the past will be doomed to repeat them.
Collateral Damage: When Cyberwarfare Targets Civilian Data
Commentary  |  1/24/2019  | 
You can call it collateral damage. You can call it trickledown cyberwarfare. Either way, foreign hacker armies are targeting civilian enterprises as a means of attacking rival government targets.
Why Cybersecurity Must Be a Top Priority for Small & Midsize Businesses
Commentary  |  1/24/2019  | 
The big corporations may grab the headlines, but America's SMBs have the most to lose in the aftermath of a data breach.
The Evolution of SIEM
Commentary  |  1/23/2019  | 
Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.
Think Twice Before Paying a Ransom
Commentary  |  1/23/2019  | 
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
The Fact and Fiction of Homomorphic Encryption
Commentary  |  1/22/2019  | 
The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon.
How Cybercriminals Clean Their Dirty Money
Commentary  |  1/22/2019  | 
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.
Shadow IT, IaaS & the Security Imperative
Commentary  |  1/21/2019  | 
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
The Rx for HIPAA Compliance in the Cloud
Commentary  |  1/18/2019  | 
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Commentary  |  1/17/2019  | 
The network no longer provides an air gap against external threats, but access devices can take up the slack.
Simulating Lateral Attacks Through Email
Commentary  |  1/17/2019  | 
A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Commentary  |  1/16/2019  | 
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
Are You Listening to Your Kill Chain?
Commentary  |  1/16/2019  | 
With the right tools and trained staff, any organization should be able to deal with threats before information is compromised.
Online Fraud: Now a Major Application Layer Security Problem
Commentary  |  1/15/2019  | 
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
Why Cyberattacks Are the No. 1 Risk
Commentary  |  1/15/2019  | 
The paradigm shift toward always-on IT requires business leaders to rethink their defense strategy.
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Commentary  |  1/14/2019  | 
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
Kudos to the Unsung Rock Stars of Security
Commentary  |  1/11/2019  | 
It is great to have heroes, but the real security heroes are the men and women who keep the bad guys out while fighting their own organizations at the same time.
Election Security Isn't as Bad as People Think
Commentary  |  1/10/2019  | 
Make no mistake, however: We'll always have to be on guard. And we can take some lessons from the world of industrial cybersecurity.
6 Best Practices for Managing an Online Educational Infrastructure
Commentary  |  1/10/2019  | 
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.
Cutting Through the Jargon of AI & ML: 5 Key Issues
Commentary  |  1/9/2019  | 
Ask the tough questions before you invest in artificial intelligence and machine learning technology. The security of your enterprise depends on it.
Security at the Speed of DevOps: Maturity, Orchestration, and Detection
Commentary  |  1/9/2019  | 
Container and microservices technologies, including the orchestrator Kubernetes, create an extraordinary opportunity to build infrastructure and applications that are secure by design.
Your Life Is the Attack Surface: The Risks of IoT
Commentary  |  1/8/2019  | 
To protect yourself, you must know where you're vulnerable and these tips can help.
Security Matters When It Comes to Mergers & Acquisitions
Commentary  |  1/8/2019  | 
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.
Threat of a Remote Cyberattack on Today's Aircraft Is Real
Commentary  |  1/7/2019  | 
We need more stringent controls and government action to prevent a catastrophic disaster.
Managing Security in Today's Compliance and Regulatory Environment
Commentary  |  1/4/2019  | 
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
Taming the Digital Wild West
Commentary  |  1/3/2019  | 
Congress must do more to encourage good Samaritan efforts in the cybersecurity community and make it easier for law enforcement to consistently collaborate with them.
Redefining Critical Infrastructure for the Age of Disinformation
Commentary  |  1/3/2019  | 
In an era of tighter privacy laws, it's important to create an online environment that uses threat intelligence productively to defeat disinformation campaigns and bolster democracy.
25 Years Later: Looking Back at the First Great (Cyber) Bank Heist
Commentary  |  1/2/2019  | 
The Citibank hack in 1994 marked a turning point for banking -- and cybercrime -- as we know it. What can we learn from looking back at the past 25 years?


Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18387
PUBLISHED: 2019-10-23
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
CVE-2019-18212
PUBLISHED: 2019-10-23
XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.
CVE-2019-18213
PUBLISHED: 2019-10-23
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response cap...
CVE-2019-18384
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.
CVE-2019-18385
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.