Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in December 2013
Sticking It To The ATM
Commentary  |  12/31/2013  | 
The folly of not preemptively disabling 'boot from USB' on an ATM
NSA's TAO
Commentary  |  12/30/2013  | 
NSA's Q-branch upgrades Omega laser watch with Huawei backdoors
Security, Privacy & The Democratization Of Data
Commentary  |  12/30/2013  | 
Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?
Target's Christmas Data Breach
Commentary  |  12/26/2013  | 
Why, oh, why would Target be storing debit card PINs?
2013: The Year Of Security Certification Bashing
Commentary  |  12/26/2013  | 
As security professionals argued among themselves about how useless certifications are, organizations that needed security services had no place to turn for good advice.
Mobility & Cloud: A Double Whammy For Securing Data
Commentary  |  12/23/2013  | 
In 2014, legacy security solutions like firewalls and intrusion detection systems will no longer be sufficient to protect corporate data against BYOD and cybercrime.
Update Now! A Holiday Carol
Commentary  |  12/20/2013  | 
In the spirit of the holidays, a cautionary tale set to the tune of a classic Christmas song
Yes, In The Internet Of Everything, Things Will Have Passwords
Commentary  |  12/20/2013  | 
Things would have no problem remembering passwords like "[email protected]" But even for things, passwords are less than ideal.
Secure Code Starts With Measuring What Developers Know
Commentary  |  12/19/2013  | 
I recently discovered Ive been teaching blindly about application security. I assumed that I know what students need to learn. Nothing could be further from the truth.
My 5 Wishes For Security In 2014
Commentary  |  12/18/2013  | 
Security skeptic Dave Piscitello tells why his end-of-year InfoSec predictions are like a fine wine.
Is Mob-Busting RICO Overkill For Combating Cybercrime?
Commentary  |  12/17/2013  | 
The milestone conviction of 22-year-old David Camez for his participation in a Russian-run "carder" forum raises legitimate questions about the role of RICO in taking down cybercrime.
The State of IT Security: Its Broken
Commentary  |  12/16/2013  | 
Its time to move past the hyperbole of next-gen security and look to new approaches that show enterprises how to understand and assess their unique risks.
Why Fed Cybersecurity Reboot Plan Fails To Convince
Commentary  |  12/13/2013  | 
Does a presidential commission's hodgepodge analysis and suggestions for improving federal cybersecurity tells us anything we didn't already know?
Time For An 'Active Defense' Against Security Attacks
Commentary  |  12/12/2013  | 
Today's threat landscape and the mobility of our data demand much more than a castle wall approach to keep hackers at bay.
How To Win A Cartoon Caption Contest (Tech Version)
Commentary  |  12/11/2013  | 
Take home the gold in our brand new cartoon caption contest by following these simple rules: Be funnier and enter more.
Name That Toon, Win a Prize
Commentary  |  12/11/2013  | 
2013: Rest In Peace, Passwords
Commentary  |  12/10/2013  | 
In the future, we will look back on 2013 as the year two-factor authentication killed passwords.
Don't Be Overprotective About BYOD
Commentary  |  12/9/2013  | 
Too many IT departments are putting a crimp in bring-your-own-device programs with overbearing security precautions.
Cyber Monday And The Threat Of Economic Espionage
Commentary  |  12/8/2013  | 
All signs point to such an event becoming a very real possibility
Microsoft Goes Toe-To-Two With Largest Customer
Commentary  |  12/8/2013  | 
Microsoft follows Google in attempting to thwart NSA surveillance efforts
IT Security Risk Management: Is It Worth The Cost?
Commentary  |  12/6/2013  | 
The attitude that IT security risk shouldn't be governed by traditional measures of cost and benefit is ludicrous.
A Virus Of Biblical Distortions
Commentary  |  12/5/2013  | 
Taking a second look at the Stuxnet 'myrtus' text string
Why Security Awareness Is Like An Umbrella
Commentary  |  12/5/2013  | 
A small security awareness program will protect you as much as a small umbrella. So dont complain when you get wet.
Do Antivirus Companies Whitelist NSA Malware?
Commentary  |  12/4/2013  | 
Microsoft, Symantec, and McAfee fail to respond to a transparency plea from leading privacy and security experts.
Weighing Costs Vs. Benefits Of NSA Surveillance
Commentary  |  12/3/2013  | 
What the tech industry needs the NSA to know about aligning a national security agenda with the realities of a global Internet.
Zero-Day Drive-By Attacks: Accelerating & Expanding
Commentary  |  12/2/2013  | 
The zero-day attack business is no longer just about money, and patching is no longer the best defense.


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...