Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in February 2019
Solving Security: Repetition or Redundancy?
Commentary  |  2/28/2019  | 
To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.
In 2019, Cryptomining Just Might Have an Even Better Year
Commentary  |  2/28/2019  | 
The practice today is so pervasive that cryptojacking scripts are said to be running on an estimated 3% of all sites that users visit.
Stay Ahead of the Curve by Using AI in Compliance
Commentary  |  2/27/2019  | 
Although human oversight is required, advanced technologies built on AI will become pivotal in building safer financial markets and a safer world.
Embracing DevSecOps: 5 Processes to Improve DevOps Security
Commentary  |  2/27/2019  | 
In the cyber threat climate of the 21st century, sticking with DevOps is no longer an option.
DIY Botnet Detection: Techniques and Challenges
Commentary  |  2/26/2019  | 
Botnets continue to spread to places never dreamed of a few years ago. But you can fight them off, and these tips can help.
A 'Cloudy' Future for OSSEC
Commentary  |  2/26/2019  | 
As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses.
Secure the System, Help the User
Commentary  |  2/25/2019  | 
The enterprise must do its part in deploying and maintaining secure systems so that end users stand a chance against attackers.
To Mitigate Advanced Threats, Put People Ahead of Tech
Commentary  |  2/22/2019  | 
Preventative technologies are only part of the picture and often come at the expense of the humans behind them.
Why Cybersecurity Burnout Is Real (and What to Do About It)
Commentary  |  2/21/2019  | 
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
Security Analysts Are Only Human
Commentary  |  2/21/2019  | 
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
9 Years After: From Operation Aurora to Zero Trust
Commentary  |  2/20/2019  | 
How the first documented nation-state cyberattack is changing security today.
The Anatomy of a Lazy Phish
Commentary  |  2/20/2019  | 
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
Making the Case for a Cybersecurity Moon Shot
Commentary  |  2/19/2019  | 
There are severe and unsolved problems in our industry that justify a sustained effort and substantial investment. It's worth picking one.
Security Leaders Are Fallible, Too
Commentary  |  2/19/2019  | 
Security leaders set the tone for their organizations, and there are many places where the process can go wrong. Second in a six-part series.
Privacy Ops: The New Nexus for CISOs & DPOs
Commentary  |  2/18/2019  | 
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Commentary  |  2/15/2019  | 
These programs are now an essential strategy in keeping the digital desperados at bay.
Diversity Is Vital to Advance Security
Commentary  |  2/14/2019  | 
Meet five female security experts who are helping to propel our industry forward.
How to Create a Dream Team for the New Age of Cybersecurity
Commentary  |  2/14/2019  | 
When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.
5 Expert Tips for Complying with the New PCI Software Security Framework
Commentary  |  2/13/2019  | 
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
Lessons Learned from a Hard-Hitting Security Review
Commentary  |  2/13/2019  | 
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
Cybersecurity and the Human Element: We're All Fallible
Commentary  |  2/12/2019  | 
We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.
Identifying, Understanding & Combating Insider Threats
Commentary  |  2/12/2019  | 
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
What the Government Shutdown Teaches Us about Cybersecurity
Commentary  |  2/11/2019  | 
As lawmakers face a Friday deadline to prevent the federal government from closing a second time, we examine the cost to the digital domain, both public and private.
A Dog's Life: Dark Reading Caption Contest Winners
Commentary  |  2/8/2019  | 
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...
We Need More Transparency in Cybersecurity
Commentary  |  2/8/2019  | 
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.
4 Payment Security Trends for 2019
Commentary  |  2/7/2019  | 
Visa's chief risk officer anticipates some positive changes ahead.
When 911 Goes Down: Why Voice Network Security Must Be a Priority
Commentary  |  2/7/2019  | 
When there's a DDoS attack against your voice network, are you ready to fight against it?
4 Practical Questions to Ask Before Investing in AI
Commentary  |  2/6/2019  | 
A pragmatic, risk-based approach can help CISOs plan for an efficient, effective, and economically sound implementation of AI for cybersecurity.
Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service
Commentary  |  2/6/2019  | 
How much do companies really gain from offloading security duties to the cloud? Let's do the math.
Mitigating the Security Risks of Cloud-Native Applications
Commentary  |  2/5/2019  | 
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
Taming the Wild, West World of Security Product Testing
Commentary  |  2/5/2019  | 
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
IoT Security's Coming of Age Is Overdue
Commentary  |  2/4/2019  | 
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.
KISS, Cyber & the Humble but Nourishing Chickpea
Commentary  |  2/1/2019  | 
The combination of simple, straightforward, and methodical ingredients are the keys to developing a balanced and well-rounded security program.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...