Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in December 2015
The Changing Face Of Encryption: What You Need To Know Now
Commentary  |  12/30/2015  | 
Encryption today is now an absolute must and the fact that it is difficult does not change the fact that you have to use it.
The Fraud Tsunami Heads To The Sharing Economy
Commentary  |  12/29/2015  | 
When it comes to cyberfraud, online marketplaces like AirBnB can expect an uphill battle in the wake of the rollout of new chip card technology in 2016.
The Rise Of Community-Based Information Security
Commentary  |  12/28/2015  | 
The more vendors, service providers, and companies band together to fight security threats, the more difficult it will become for attacks to succeed.
A Hidden Insider Threat: Visual Hackers
Commentary  |  12/23/2015  | 
Ponemon experiment shows how low-tech white-hat hackers, posing as temps, captured information from exposed documents and computer screens in nearly nine out of ten attempts.
The Industrial Cyber Myth: Its No Fantasy
Commentary  |  12/22/2015  | 
As threats become more sophisticated, the industry is still playing catch-up.
Security Tech: Its Not What You Buy, Its How You Deploy
Commentary  |  12/21/2015  | 
Good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts.
When RATs Become a Social Engineers Best Friend
Commentary  |  12/18/2015  | 
Hacking humans in the banking industry through rogue help desks is becoming a significant problem.
The InfoSec Gender Divide: Practical Advice For Empowering Women
Commentary  |  12/17/2015  | 
There is no one-size-fits-all approach for women to succeed in IT security. What you need is a roadmap and a little help from your friends.
An Ill Wynd Blowing But No Safe Harbor
Commentary  |  12/16/2015  | 
What will state-of-the-art for cybersecurity look like in 2016? The regulatory headwinds on both sides of the Atlantic portend big changes.
To Better Defend Yourself, Think Like A Hacker
Commentary  |  12/15/2015  | 
As attacks become more sophisticated and attackers more determined, organizations need to adopt an offensive approach to security that gets inside the head of the hacker.
Making Security Everyones Job, One Carrot At A Time
Commentary  |  12/14/2015  | 
These five user education strategies will turn employee bad behavior into bulletproof policies that protect data and systems.
How Digital Forensic Readiness Reduces Business Risk
Commentary  |  12/11/2015  | 
These six real-world scenarios show how to turn reactive investigative capabilities into proactive, problem-solving successes.
The Lizard Squad: Cyber Weapon or Business?
Commentary  |  12/10/2015  | 
Even a hacker with the noblest intentions can run afoul of the law by not following six important dos and donts.
Re-innovating Static Analysis: 4 Steps
Commentary  |  12/9/2015  | 
Before we pronounce the death of static analysis, lets raise the bar with a modern framework that keeps pace with the complexity and size found in todays software.
How CISOs Can Reframe The Conversation Around Security: 4 Steps
Commentary  |  12/8/2015  | 
Security professionals often complain that people are the weak link in the data security system. But in reality, they could be your biggest asset and ally.
Playing It Straight: Building A Risk-Based Approach To InfoSec
Commentary  |  12/7/2015  | 
What a crooked haircut can teach you about framing the discussion about organizational security goals and strategies.
The Power of Prevention: What SMBs Need to Know About Cybersecurity
Commentary  |  12/4/2015  | 
There is no such thing as a company that can't afford security. But where do you start?
Congress Clears Path for Information Sharing But Will It Help?
Commentary  |  12/3/2015  | 
The key challenge companies will face with the new Cybersecurity Information Sharing Act of 2015 is how quickly they can separate data they need to share with data they need to protect.
Into the Breach: Why Self Detection Leads To Faster Recovery
Commentary  |  12/2/2015  | 
When an organization can identify network and system intrusions in their early phases it takes the advantage away from its adversaries. Heres how.
How CISOs Can Change The Game of Cybersecurity
Commentary  |  12/1/2015  | 
In the modern enterprise, chief information security officers need a broad mandate over security and risk management across all operational silos, not just the datacenter.


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29458
PUBLISHED: 2021-04-19
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An att...
CVE-2021-31254
PUBLISHED: 2021-04-19
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
CVE-2021-31255
PUBLISHED: 2021-04-19
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-31256
PUBLISHED: 2021-04-19
Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
CVE-2021-31257
PUBLISHED: 2021-04-19
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.