Advertise

Commentary

Content posted in February 2014

View Content By Month

DDoS Attack! Is Regulation The Answer?

Commentary | 2/28/2014 |

9 comments

Four security experts weigh in on why there’s been little progress in combating DDoS attacks and how companies can start fighting back.

Compliance Is Not Hard

Commentary | 2/26/2014 |

1 comment

Compliance requires a new set of healthy habits and the self-discipline to make those habits stick

Lessons Learned From The Target Breach

Commentary | 2/26/2014 |

3 comments

The time is ripe for organizations to take a long, hard look at how they manage employee access and secure sensitive data in cloud environments

How I Secure My Personal Cloud

Commentary | 2/24/2014 |

6 comments

As global cloud traffic grows exponentially, IT pros face the daunting task of securing their personal cloud, data, and workloads.

Solving The Security Workforce Shortage

Commentary | 2/21/2014 |

10 comments

To solve the skills shortage, the industry will need to attract a wider group of people and create an entirely new sort of security professional

Boutique Malware & Hackers For Hire

Commentary | 2/20/2014 |

6 comments

Heads up! Small groups of cyber-mercenaries are now conducting targeted hit-and-run attacks for anyone willing to pay the price.

Securing Data In 4 (Relatively) Easy Steps

Commentary | 2/20/2014 |

2 comments

The key to success in information security is finding the 'right' information in all the data you aim to protect.

'Connect': A Modern Approach To Mobile, Cloud Identity

Commentary | 2/19/2014 |

1 comment

A new protocol from the OpenID Foundation promises enterprises federated single sign-on that can scale.

The Snowden Effect: Who Controls My Data?

Commentary | 2/14/2014 |

9 comments

In today’s post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.

Data Security Dos & Don’ts From The Target Breach

Commentary | 2/13/2014 |

7 comments

The holidays brought attacks on the retail industry. If you aren’t in retail, your industry could be next.

3 Web Security Takeaways From Wikipedia's Near Miss

Commentary | 2/12/2014 |

6 comments

Even the most useful and benevolent websites have the potential to host malware.

Cartoon: Identity Thieves

Commentary | 2/11/2014 |

10 comments

Healthcare Information Security: Still No Respect

Commentary | 2/10/2014 |

17 comments

More than a decade after publication of HIPAA’s security rule, healthcare information security officers still struggle to be heard.

Data Breach Notifications: Time For Tough Love

Commentary | 2/7/2014 |

12 comments

Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.

The 7 Deadly Sins of Application Security

Commentary | 2/6/2014 |

5 comments

How can two organizations with the exact same app security program have such wildly different outcomes over time? The reason is corporate culture.

The Problem With Two-Factor Authentication

Commentary | 2/4/2014 |

32 comments

The failure of corporate security strategies to protect personal identity information from hackers resides more with system architecture than with authentication technology. Here's why.

Infographic: Mobile Security Run Amok

Commentary | 2/3/2014 |

17 comments

Where is your organization in the battle over mobile device management and security?

View Content by Month

[close this box]

Hot Topics

Editors' Choice

12 Free, Ready-to-Use Security Tools

Steve Zurier, Freelance Writer, 10/12/2018

Most IT Security Pros Want to Change Jobs

Dark Reading Staff 10/12/2018

6 Security Trends for 2018/2019

Curtis Franklin Jr., Senior Editor at Dark Reading, 10/15/2018

Webinars

Effective Cyber Risk Assessment

Lambda Architecture with In-Memory Technology

Make Your Organization's Email Safer

Webinar Archives

White Papers

Mobile Devices: The New Support Frontier for IT (IDG Report)

The Incident Responder's Field Guide

Are Your Network Users Over-Privileged?

The Forrester Tech Tide on Everything You Need to Implement a Zero Trust Strategy

10 Endpoint Security Problems Solved by the Cloud for McAfee Users

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Some people never learn, he clicked on another Democrat phishing link again!

Cartoon Archive

Current Issue

The Biggest Cybersecurity Breaches of 2018 (So Far)

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The Risk Management Struggle

The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!

Download Now!

How Data Breaches Affect the Enterprise

0 comments

The State of IT and Cybersecurity

0 comments

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-10839
PUBLISHED: 2018-10-16

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.

CVE-2018-13399
PUBLISHED: 2018-10-16

The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

CVE-2018-18381
PUBLISHED: 2018-10-16

Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.

CVE-2018-18382
PUBLISHED: 2018-10-16

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.

CVE-2018-18374
PUBLISHED: 2018-10-16

XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.

Terms of Service
Privacy Statement
Legal Entities