Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in November 2017
The Critical Difference Between Vulnerabilities Equities & Threat Equities
Commentary  |  11/30/2017  | 
Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
Why Security Depends on Usability -- and How to Achieve Both
Commentary  |  11/29/2017  | 
Any initiative that reduces usability will have consequences that make security less effective.
The Looming War of Good AI vs. Bad AI
Commentary  |  11/28/2017  | 
The rise of artificial intelligence, machine learning, hivenets, and next-generation morphic malware is leading to an arms race that enterprises must prepare for now.
Cyber Forensics: The Next Frontier in Cybersecurity
Commentary  |  11/27/2017  | 
We can now recover evidence from the RAM on a cellphone, even if the account is locked, and use it to prosecute a case.
3 Pillars of Cyberthreat Intelligence
Commentary  |  11/22/2017  | 
Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals.
Time to Pull an Uber and Disclose Your Data Breach Now
Commentary  |  11/22/2017  | 
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
Let's Take a Page from the Credit Card Industry's Playbook
Commentary  |  11/21/2017  | 
Internal security departments would do well to follow the processes of major credit cards.
3 Ways to Retain Security Operations Staff
Commentary  |  11/20/2017  | 
Finding skilled security analysts is hard enough. Once you do, you'll need to fight to keep them working for you. These tips can help.
Tips to Protect the DNS from Data Exfiltration
Commentary  |  11/17/2017  | 
If hackers break in via the Domain Name System, most business wouldn't know until it's too late. These tips can help you prepare.
We're Still Not Ready for GDPR? What is Wrong With Us?
Commentary  |  11/17/2017  | 
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
Forget APTs: Let's Talk about Advanced Persistent Infrastructure
Commentary  |  11/16/2017  | 
Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.
Who Am I? Best Practices for Next-Gen Authentication
Commentary  |  11/15/2017  | 
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.
Deception Technology: Prevention Reimagined
Commentary  |  11/15/2017  | 
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
What the NFL Teaches Us about Fostering a Champion Security Team
Commentary  |  11/14/2017  | 
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
How to Leverage the Rosetta Stone of Information Sharing
Commentary  |  11/13/2017  | 
A common framework will help in the development of cyber-risk management efforts.
Why Common Sense Is Not so Common in Security: 20 Answers
Commentary  |  11/10/2017  | 
Or, questions vendors need to ask themselves before they write a single word of marketing material.
Hypervisors: Now a Tool to Protect against Security Blind Spots
Commentary  |  11/9/2017  | 
By facilitating live introspection of virtual machine memory, the Xen Project is striving to eliminate stealthy attack techniques like EternalBlue.
How Law Firms Can Make Information Security a Higher Priority
Commentary  |  11/8/2017  | 
Lawyers always have been responsible for protecting their clients' information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.
Hiring Outside the Box in Cybersecurity
Commentary  |  11/7/2017  | 
Candidates without years of experience can still be great hires, as long as they are ready, willing, and able.
How I Infiltrated a Fortune 500 Company with Social Engineering
Commentary  |  11/7/2017  | 
Getting into the company proved surprisingly easy during a contest. Find out how to make your company better prepared for real-world attacks.
4 Proactive Steps to Avoid Being the Next Data Breach Victim
Commentary  |  11/7/2017  | 
Despite highly publicized data breaches, most companies are not taking the necessary actions to prevent them.
When Ransomware Strikes: 7 Steps You Can Take Now to Prepare
Commentary  |  11/6/2017  | 
Ransomware is still on the rise. These operational tips can help lessen the blow if you're hit.
Russian Election-Tampering & Enterprise Security Plans
Commentary  |  11/3/2017  | 
Take our new flash poll and tells us if the current political climate is making you rethink disaster recovery and business continuity planning.
4 Ways the Next Generation of Security Is Changing
Commentary  |  11/3/2017  | 
The CISO's job will get easier because of trends in the industry. Here's how.
What Blue Teams Need to Know about Targeted Attacks
Commentary  |  11/2/2017  | 
A malicious intruder only has to be right once. But defenders must be right 100% of the time.
How AI Can Help Prevent Data Breaches in 2018 and Beyond
Commentary  |  11/1/2017  | 
Artificial intelligence startups are tackling four key areas that will help companies avoid becoming the next Equifax.


Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...
CVE-2019-4409
PUBLISHED: 2019-10-18
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entere...