Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in November 2016
The Rise Of SecBizOps & Why It Matters
Commentary  |  11/30/2016  | 
By aligning security dollars and technology with core business requirements, infosec can become a business enabler, not a business impediment.
Cybersecurity User Training That Sticks: 3 Steps
Commentary  |  11/29/2016  | 
People are eager for common-sense advice that gives them control over their environment and helps them stay safe online.
Time For Security & Privacy To Come Out Of Their Silos
Commentary  |  11/28/2016  | 
By working separately, these two teams aren't operating as efficiently as they could and are missing huge opportunities.
Security Automation: Striking The Right Balance
Commentary  |  11/23/2016  | 
What a smart toaster oven taught me about the importance of learning how to do a task versus the efficiency of automating the work.
Raising The Nation's Cybersecurity IQ: 'Learn To Code'
Commentary  |  11/22/2016  | 
We need to ensure that the students of today are prepared for the security challenges of tomorrow.
Balancing The Risk & Promise Of The Internet Of Things
Commentary  |  11/21/2016  | 
You can't defend against something you don't understand. So make sure you consider IoT's risks before embracing its functionality.
Cyber Monday, Consumers & The Bottom Line Of A Data Breach
Commentary  |  11/18/2016  | 
Yes retailers can achieve ROI for their investments in cybersecurity during the upcoming holiday season - and for the rest of the year, too! Heres how.
Insider Threat: The Domestic Cyber Terrorist
Commentary  |  11/17/2016  | 
It is dangerously naive for business and government leaders to dismiss the risk of radicalized privileged users inside our critical industries.
Internet Of Things 'Pollutants' & The Case For A Cyber EPA
Commentary  |  11/16/2016  | 
Recent IoT-executed DDoS attacks have been annoying, not life threatening. Should device makers be held liable if something worse happens?
Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'
Commentary  |  11/15/2016  | 
Join us, HackerOne's Alex Rice, and Veracode's Chris Wysopal for the next episode of Dark Reading Radio, today, Wednesday Nov. 16, at 1pmET.
Back To Basics: Maximizing Cybersecurity Capabilities
Commentary  |  11/15/2016  | 
A number of prevention techniques that have existed for years remain fundamental components of any modern security program.
Dark Reading Virtual Event Seeks To Break Security Myths, Conventional Wisdom
Commentary  |  11/14/2016  | 
Three keynotes, two panel sessions offer new ways to think about enterprise information security.
Preparing For The Future Of Online Threats
Commentary  |  11/14/2016  | 
Gaze into the crystal balls of a panel of forward-thinking security experts during Dark Readings virtual event Nov. 15.
Learning To Trust Cloud Security
Commentary  |  11/14/2016  | 
Cloud-centric computing is inevitable, so you need to face your concerns and be realistic about risks.
Sharing Threat Intel: Easier Said Than Done
Commentary  |  11/11/2016  | 
For cyber intelligence-sharing to work, organizations need two things: to trust each other and better processes to collect, exchange, and act on information quickly.
How To Build A Comprehensive Security Architecture
Commentary  |  11/10/2016  | 
Dark Reading's virtual event features a panel discussion on what it takes to get away from the daily firefighting method of responding to threats and attacks.
The Drug Dealer In Your Web Browser
Commentary  |  11/10/2016  | 
Illicit dealings once isolated to the Dark Web are spilling out into the light.
How Security Scorecards Advance Security, Reduce Risk
Commentary  |  11/10/2016  | 
CISO Josh Koplik offers practical advice about bridging the gap between security and business goals in a consumer-facing media and Internet company.
The Big Lesson We Must Learn From The Dyn DDoS Attack
Commentary  |  11/9/2016  | 
The vulnerabilities that make IoT devices susceptible to being used in a botnet also make them the perfect avenue into our data centers and clouds.
Stay Vigilant To The Evolving Threat Of Social Engineering
Commentary  |  11/8/2016  | 
Even the most cyber-savvy individuals can easily get tripped up by a social engineering attack. But users can trip-up a threat simply by paying attention.
Is Fingerprint Authentication Making The Password Problem Worse?
Commentary  |  11/8/2016  | 
Problems emerge when users switch to a new phone.
Changing IoT Passwords Won't Stop Attacks. Here's What Will.
Commentary  |  11/7/2016  | 
The solution will take an industry-wide effort, it won't happen overnight, and the problem is not the users' fault!
Transitioning From The Server Room To The Boardroom
Commentary  |  11/5/2016  | 
How can IT professionals balance business goals and information security?
Election 2016 & WikiLeaks: Bad, But Not Your Worst Nightmare
Commentary  |  11/4/2016  | 
John Podesta may be the poster child for poor user security practices but the real problem is rigid regulatory compliance frameworks that perpetuate ineffective perimeter defenses.
Managing Multi-Cloud Security Whether You Want to or Not
Commentary  |  11/3/2016  | 
Yes, it is possible to orchestrate security across multiple clouds without creating performance hurdles. Heres how.
It's Time To Address The Cybersecurity Gender Gap Before It's Too Late
Commentary  |  11/2/2016  | 
It will take years to substantively raise the percentage of women in cybersecurity, so the tech industry better start working at it now.
Why Enterprise Security Teams Must Grow Their Mac Skills
Commentary  |  11/1/2016  | 
From coffee shops to corporate boardrooms, Apple devices are everywhere. So why are organizations so doggedly focused on Windows-only machines?
7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers
Commentary  |  11/1/2016  | 
The Internet of Things has alarming holes in security. The industry should look to video games for some answers.


Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26244
PUBLISHED: 2020-12-02
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expecte...
CVE-2020-28206
PUBLISHED: 2020-12-02
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also ...
CVE-2017-14451
PUBLISHED: 2020-12-02
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send m...
CVE-2017-2910
PUBLISHED: 2020-12-02
An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.
CVE-2020-13493
PUBLISHED: 2020-12-02
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an atta...