Commentary

Content posted in November 2012
IAM: The Reason Why OWASP Top 10 Doesn't Change
Commentary  |  11/30/2012
OWASP's AppSec conference is easily one of the best in the infosec industry. Where will it be held this year? Why not Punxsutawney?
Should LulzSec Suspect Face Life In Prison?
Commentary  |  11/29/2012
Computer hacking, identity theft, and fraudulent credit card charges could add up to 30 years to life for alleged Stratfor hacker Jeremy Hammond.
Managing The Multi-Vendor Backup
Commentary  |  11/29/2012
Backup management applications go a step beyond monitoring, but they remain limited. It's time to develop a framework-driven approach.
Threats And Security Countermeasures
Commentary  |  11/28/2012
Big data and relational database protections are very similar. What's available to end users is not
Log All The Things
Commentary  |  11/26/2012
How the growing granularity in computing is going to affect monitoring
A Backhanded Thanks
Commentary  |  11/25/2012
As we recover from the Thanksgiving weekend, let's give our brand of security thanks for all the good (and not so good) in our world
The Business Of Commercial Exploit Development
Commentary  |  11/20/2012
A closer look at the debate surrounding this market
Take Two Aspirin And Steal My Data
Commentary  |  11/19/2012
HIPAA and information security aren't suggestions. They're the law
Threat Intelligence Hype
Commentary  |  11/16/2012
How to measure the IQ of the data you're being fed
All Security Technologies Are Not Data Loss Prevention
Commentary  |  11/15/2012
While security technologies may share the common goal of protecting an organization's sensitive data, not all can -- or should -- be called data loss prevention
Petraeus Mission Impossible: Cloaking Email, Online Identities
Commentary  |  11/14/2012
So-called security experts making basic information security errors isn't a new occurrence. Arguably, it even led to the rise of the Anonymous hacktivist collective.
When Cloud Met Mobile
Commentary  |  11/14/2012
Identity must link the disparate worlds of mobile and cloud
The Petraeus Affair: Surveillance State Stopper?
Commentary  |  11/13/2012
Lawmakers, now reminded of their own vulnerability, need to strengthen email privacy protections. Companies need to do more to help customers protect content.
Puzzle Logic
Commentary  |  11/9/2012
Authentication is an enduring mystery, but solving authorization puzzles may be a better use of your security resources
Consolidation At The Disk Backup Appliance
Commentary  |  11/5/2012
With a few enhancements, such as tape support and improved reporting capabilities, backup appliances could become the perfect solution for consolidating data protection.


8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Microsegmentation: Strong Security in Small Packages
Avishai Wool, Co-Founder and CTO at AlgoSec,  4/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.