Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in December 2015
The Changing Face Of Encryption: What You Need To Know Now
Commentary  |  12/30/2015  | 
Encryption today is now an absolute must and the fact that it is difficult does not change the fact that you have to use it.
The Fraud Tsunami Heads To The Sharing Economy
Commentary  |  12/29/2015  | 
When it comes to cyberfraud, online marketplaces like AirBnB can expect an uphill battle in the wake of the rollout of new chip card technology in 2016.
The Rise Of Community-Based Information Security
Commentary  |  12/28/2015  | 
The more vendors, service providers, and companies band together to fight security threats, the more difficult it will become for attacks to succeed.
A Hidden Insider Threat: Visual Hackers
Commentary  |  12/23/2015  | 
Ponemon experiment shows how low-tech white-hat hackers, posing as temps, captured information from exposed documents and computer screens in nearly nine out of ten attempts.
The Industrial Cyber Myth: Its No Fantasy
Commentary  |  12/22/2015  | 
As threats become more sophisticated, the industry is still playing catch-up.
Security Tech: Its Not What You Buy, Its How You Deploy
Commentary  |  12/21/2015  | 
Good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts.
When RATs Become a Social Engineers Best Friend
Commentary  |  12/18/2015  | 
Hacking humans in the banking industry through rogue help desks is becoming a significant problem.
The InfoSec Gender Divide: Practical Advice For Empowering Women
Commentary  |  12/17/2015  | 
There is no one-size-fits-all approach for women to succeed in IT security. What you need is a roadmap and a little help from your friends.
An Ill Wynd Blowing But No Safe Harbor
Commentary  |  12/16/2015  | 
What will state-of-the-art for cybersecurity look like in 2016? The regulatory headwinds on both sides of the Atlantic portend big changes.
To Better Defend Yourself, Think Like A Hacker
Commentary  |  12/15/2015  | 
As attacks become more sophisticated and attackers more determined, organizations need to adopt an offensive approach to security that gets inside the head of the hacker.
Making Security Everyones Job, One Carrot At A Time
Commentary  |  12/14/2015  | 
These five user education strategies will turn employee bad behavior into bulletproof policies that protect data and systems.
How Digital Forensic Readiness Reduces Business Risk
Commentary  |  12/11/2015  | 
These six real-world scenarios show how to turn reactive investigative capabilities into proactive, problem-solving successes.
The Lizard Squad: Cyber Weapon or Business?
Commentary  |  12/10/2015  | 
Even a hacker with the noblest intentions can run afoul of the law by not following six important dos and donts.
Re-innovating Static Analysis: 4 Steps
Commentary  |  12/9/2015  | 
Before we pronounce the death of static analysis, lets raise the bar with a modern framework that keeps pace with the complexity and size found in todays software.
How CISOs Can Reframe The Conversation Around Security: 4 Steps
Commentary  |  12/8/2015  | 
Security professionals often complain that people are the weak link in the data security system. But in reality, they could be your biggest asset and ally.
Playing It Straight: Building A Risk-Based Approach To InfoSec
Commentary  |  12/7/2015  | 
What a crooked haircut can teach you about framing the discussion about organizational security goals and strategies.
The Power of Prevention: What SMBs Need to Know About Cybersecurity
Commentary  |  12/4/2015  | 
There is no such thing as a company that can't afford security. But where do you start?
Congress Clears Path for Information Sharing But Will It Help?
Commentary  |  12/3/2015  | 
The key challenge companies will face with the new Cybersecurity Information Sharing Act of 2015 is how quickly they can separate data they need to share with data they need to protect.
Into the Breach: Why Self Detection Leads To Faster Recovery
Commentary  |  12/2/2015  | 
When an organization can identify network and system intrusions in their early phases it takes the advantage away from its adversaries. Heres how.
How CISOs Can Change The Game of Cybersecurity
Commentary  |  12/1/2015  | 
In the modern enterprise, chief information security officers need a broad mandate over security and risk management across all operational silos, not just the datacenter.


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...