Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in February 2018
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018  | 
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
How to Secure 'Permissioned' Blockchains
Commentary  |  2/28/2018  | 
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
March Dark Reading Event Calendar Spans BlackOps to SecDevOps
Commentary  |  2/27/2018  | 
These upcoming webinars will help you comprehend the mysterious machinations inside the minds of hackers and in-house developers.
Security Starts with the User Experience
Commentary  |  2/27/2018  | 
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.
Incident 'Management': What IT Security Can Learn from Public Safety
Commentary  |  2/27/2018  | 
How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018  | 
Expect more as the year goes on: more breaches, more IoT attacks, more fines
Leveraging Security to Enable Your Business
Commentary  |  2/23/2018  | 
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Commentary  |  2/22/2018  | 
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
Anatomy of an Attack on the Industrial IoT
Commentary  |  2/22/2018  | 
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
Takeaways from the Russia-Linked US Senate Phishing Attacks
Commentary  |  2/21/2018  | 
The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Commentary  |  2/20/2018  | 
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
Rise of the 'Hivenet': Botnets That Think for Themselves
Commentary  |  2/16/2018  | 
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
Democracy & DevOps: What Is the Proper Role for Security?
Commentary  |  2/15/2018  | 
Security experts need a front-row seat in the application development process but not at the expense of the business.
From DevOps to DevSecOps: Structuring Communication for Better Security
Commentary  |  2/15/2018  | 
A solid approach to change management can help prevent problems downstream.
3 Tips to Keep Cybersecurity Front & Center
Commentary  |  2/14/2018  | 
In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.
Fileless Malware: Not Just a Threat, but a Super-Threat
Commentary  |  2/14/2018  | 
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
Can Android for Work Redefine Enterprise Mobile Security?
Commentary  |  2/13/2018  | 
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Commentary  |  2/13/2018  | 
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
Better Security Analytics? Clean Up the Data First!
Commentary  |  2/12/2018  | 
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
Tracking Bitcoin Wallets as IOCs for Ransomware
Commentary  |  2/12/2018  | 
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
Back to Basics: AI Isn't the Answer to What Ails Us in Cyber
Commentary  |  2/9/2018  | 
The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.
20 Signs You Need to Introduce Automation into Security Ops
Commentary  |  2/8/2018  | 
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
Ticking Time Bombs in Your Data Center
Commentary  |  2/7/2018  | 
The biggest security problems inside your company may result from problems it inherited.
AutoSploit: Mass Exploitation Just Got a Lot Easier
Commentary  |  2/6/2018  | 
But the response to the new hacking tool, now readily available to the masses of script kiddies, has been a mix of outrage, fear, some applause, and more than a few shrugs.
Mastering Security in the Zettabyte Era
Commentary  |  2/5/2018  | 
Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.
3 Ways Hackers Steal Your Company's Mobile Data
Commentary  |  2/2/2018  | 
The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.
Securing Cloud-Native Apps
Commentary  |  2/1/2018  | 
A useful approach for securing cloud-native platforms can be adapted for securing apps running on top of the platform as well.
Thinking about a Career Move in Cybersecurity?
Commentary  |  2/1/2018  | 
The numbers show career opportunities for cyber defenders.


Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16404
PUBLISHED: 2019-10-21
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
CVE-2019-17400
PUBLISHED: 2019-10-21
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
CVE-2019-17498
PUBLISHED: 2019-10-21
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a ...
CVE-2019-16969
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16974
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.