Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in February 2014
DDoS Attack! Is Regulation The Answer?
Commentary  |  2/28/2014  | 
Four security experts weigh in on why theres been little progress in combating DDoS attacks and how companies can start fighting back.
Compliance Is Not Hard
Commentary  |  2/26/2014  | 
Compliance requires a new set of healthy habits and the self-discipline to make those habits stick
Lessons Learned From The Target Breach
Commentary  |  2/26/2014  | 
The time is ripe for organizations to take a long, hard look at how they manage employee access and secure sensitive data in cloud environments
How I Secure My Personal Cloud
Commentary  |  2/24/2014  | 
As global cloud traffic grows exponentially, IT pros face the daunting task of securing their personal cloud, data, and workloads.
Solving The Security Workforce Shortage
Commentary  |  2/21/2014  | 
To solve the skills shortage, the industry will need to attract a wider group of people and create an entirely new sort of security professional
Boutique Malware & Hackers For Hire
Commentary  |  2/20/2014  | 
Heads up! Small groups of cyber-mercenaries are now conducting targeted hit-and-run attacks for anyone willing to pay the price.
Securing Data In 4 (Relatively) Easy Steps
Commentary  |  2/20/2014  | 
The key to success in information security is finding the 'right' information in all the data you aim to protect.
'Connect': A Modern Approach To Mobile, Cloud Identity
Commentary  |  2/19/2014  | 
A new protocol from the OpenID Foundation promises enterprises federated single sign-on that can scale.
The Snowden Effect: Who Controls My Data?
Commentary  |  2/14/2014  | 
In todays post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.
Data Security Dos & Donts From The Target Breach
Commentary  |  2/13/2014  | 
The holidays brought attacks on the retail industry. If you arent in retail, your industry could be next.
3 Web Security Takeaways From Wikipedia's Near Miss
Commentary  |  2/12/2014  | 
Even the most useful and benevolent websites have the potential to host malware.
Cartoon: Identity Thieves
Commentary  |  2/11/2014  | 
Healthcare Information Security: Still No Respect
Commentary  |  2/10/2014  | 
More than a decade after publication of HIPAAs security rule, healthcare information security officers still struggle to be heard.
Data Breach Notifications: Time For Tough Love
Commentary  |  2/7/2014  | 
Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.
The 7 Deadly Sins of Application Security
Commentary  |  2/6/2014  | 
How can two organizations with the exact same app security program have such wildly different outcomes over time? The reason is corporate culture.
The Problem With Two-Factor Authentication
Commentary  |  2/4/2014  | 
The failure of corporate security strategies to protect personal identity information from hackers resides more with system architecture than with authentication technology. Here's why.
Infographic: Mobile Security Run Amok
Commentary  |  2/3/2014  | 
Where is your organization in the battle over mobile device management and security?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.