Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in December 2017
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Commentary  |  12/29/2017  | 
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
17 Things We Should Have Learned in 2017 But Probably Didn't
Commentary  |  12/29/2017  | 
The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn't already have known?
The Disconnect Between Cybersecurity & the C-Suite
Commentary  |  12/28/2017  | 
Most corporate boards are not taking tangible actions to shape their companies' security strategies or investment plans, a PwC study shows.
The Financial Impact of Cyber Threats
Commentary  |  12/27/2017  | 
Determining the financial impact of specific IT vulnerabilities is a good way to prioritize remediation and prevent attacks.
2017 Security Predictions through the Rear Window
Commentary  |  12/26/2017  | 
If you're going to forecast the future, go big.
Block Threats Faster: Pattern Recognition in Exploit Kits
Commentary  |  12/22/2017  | 
When analysts investigate an indicator of compromise, our primary goal is to determine if it is malicious as quickly as possible. Identifying attack patterns helps you mitigate quicker.
Digital Forensics & the Illusion of Privacy
Commentary  |  12/21/2017  | 
Forensic examiners don't work for bounties. They do what is required to catch criminals, pedophiles, or corporate embezzlers, and now their important security research is finally being acknowledged.
Why Network Visibility Is Critical to Removing Security Blind Spots
Commentary  |  12/21/2017  | 
You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.
Security Worries? Let Policies Automate the Right Thing
Commentary  |  12/20/2017  | 
By programming 'good' cybersecurity practices, organizations can override bad behavior, reduce risk, and improve the bottom line.
Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence
Commentary  |  12/19/2017  | 
CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the "who, what, and why" of a cyber attack.
Advanced Deception: How It Works & Why Attackers Hate It
Commentary  |  12/18/2017  | 
While cyberattacks continue to grow, deception-based technology is providing accurate and scalable detection and response to in-network threats.
Is Your Security Workflow Backwards?
Commentary  |  12/15/2017  | 
The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.
Why Hackers Are in Such High Demand, and How They're Affecting Business Culture
Commentary  |  12/14/2017  | 
White hat hackers bring value to organizations and help them defend against today's advanced threats.
Automation Could Be Widening the Cybersecurity Skills Gap
Commentary  |  12/13/2017  | 
Sticking workers with tedious jobs that AI can't do leads to burnout, but there is a way to achieve balance.
How Good Privacy Practices Help Protect Your Company Brand
Commentary  |  12/12/2017  | 
Follow these five guidelines to keep your organization's data protected.
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Commentary  |  12/11/2017  | 
The number of unfilled jobs in our industry continues to grow. Here's why.
What Slugs in a Garden Can Teach Us About Security
Commentary  |  12/8/2017  | 
Design principles observed in nature serve as a valuable model to improve organizations' security approaches.
Ransomware Meets 'Grey's Anatomy'
Commentary  |  12/7/2017  | 
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
Cyberattack: It Can't Happen to Us (Until It Does)
Commentary  |  12/6/2017  | 
Just because your small or medium-sized business isn't as well known as Equifax or Yahoo doesn't mean you're immune to becoming a cybercrime victim.
Improve Signal-to-Noise Ratio with 'Content Curation:' 5 Steps
Commentary  |  12/5/2017  | 
By intelligently managing signatures, correlation rules, filters and searches, you can see where your security architecture falls down, and how your tools can better defend the network.
The Rising Dangers of Unsecured IoT Technology
Commentary  |  12/4/2017  | 
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
Deception: Why It's Not Just Another Honeypot
Commentary  |  12/1/2017  | 
The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33629
PUBLISHED: 2021-07-26
isula-build before 0.9.5-8 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data.
CVE-2021-37534
PUBLISHED: 2021-07-26
app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.
CVE-2021-26824
PUBLISHED: 2021-07-26
DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on the USB.
CVE-2020-12681
PUBLISHED: 2021-07-26
Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied.
CVE-2020-4623
PUBLISHED: 2021-07-26
IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984.