Commentary

Content posted in March 2017
Customized Malware: Confronting an Invisible Threat
Commentary  |  3/31/2017  | 
Hackers are gaining entry to networks through a targeted approach. It takes a rigorous defense to keep them out.
The Business of Security: How your Organization Is Changing beneath You
Commentary  |  3/30/2017  | 
And why its your job to change with it and skate where the puck is headed.
Payment Card Industry Security Compliance: What You Need to Know
Commentary  |  3/30/2017  | 
A quick refresher on all the different PCI SSC security standards that are relevant for organizations that accept electronic payments.
Privacy Babel: Making Sense of Global Privacy Regulations
Commentary  |  3/29/2017  | 
Countries around the world are making their own privacy laws. How can a global company possibly keep up?
To Gain Influence, CISOs Must Get Security's Human Element Right
Commentary  |  3/29/2017  | 
Focusing on certain elements of security in isolation can cause a false sense of security.
Commercial IoT: Big Trouble in Small Devices
Commentary  |  3/28/2017  | 
There are endless scenarios where hackers could wreak havoc on the industrial Internet of Things. Theres also a readily available solution called HIP.
How Identity Deception Increases the Success of Ransomware
Commentary  |  3/28/2017  | 
As scammers hone their skills, their handiwork looks more credible to intended victims, making a successful ransomware scam more likely.
This Week On Dark Reading: Event Calendar
Commentary  |  3/27/2017  | 
Ransomware remediation and recovery this week, with clouds on the horizon.
Data Visualization: Keeping an Eye on Security
Commentary  |  3/27/2017  | 
Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
Prioritizing Threats: Why Most Companies Get It Wrong
Commentary  |  3/24/2017  | 
To stay safer, focus on multiple-threat attack chains rather than on individual threats.
5 Ways CISOs Could Work Better with Their Cyber Insurers
Commentary  |  3/23/2017  | 
Risk management has become increasingly important, making it crucial companies have good relationships with their insurance company.
Phishing Your Employees for Schooling & Security
Commentary  |  3/22/2017  | 
Your education program isn't complete until you test your users with fake phishing emails.
Report: OilRig' Attacks Expanding Across Industries, Geographies
Commentary  |  3/21/2017  | 
Malware targets Middle Eastern airlines, government, financial industries and critical infrastructure with a simple but powerful backdoor created by infected Excel files attached to phishing emails.
Getting Beyond the Buzz & Hype of Threat Hunting
Commentary  |  3/20/2017  | 
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it wont happen overnight.
Embrace the Machine & Other Goals for CISOs
Commentary  |  3/17/2017  | 
Here are five ways we can become more effective for our organizations.
In Cyber, Who Do We Trust to Protect the Business?
Commentary  |  3/16/2017  | 
If business leaders and directors continue to view cybersecurity as mainly a matter for the IT department, they will leave their companies exposed to significant risks.
Ethical Hacking: The Most Important Job No One Talks About
Commentary  |  3/16/2017  | 
If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.
Trust Begins With Layer 1 Encryption
Commentary  |  3/15/2017  | 
In todays distributed environment, cloud and communication service providers can play a key role in providing organizations with a scalable and secure platform for the connection of everything to everything. Heres how.
Security in the Age of Open Source
Commentary  |  3/15/2017  | 
Dramatic changes in the use of open source software over the past decade demands major changes in security testing regimens today. Here's what you need to know and do about it.
Debunking 5 Myths About DNS
Commentary  |  3/14/2017  | 
From the boardroom to IT and the end user, the Domain Name System is often misunderstood, which can leave organizations vulnerable to attacks.
The Industrial Revolution of Application Security
Commentary  |  3/14/2017  | 
DevOps is driving big changes in the industry, but a cultural shift is needed.
What Your SecOps Team Can (and Should) Do
Commentary  |  3/13/2017  | 
If your organization has all of these pieces in place, congratulations!
This Week On Dark Reading: Events Calendar
Commentary  |  3/13/2017  | 
How to become a threat hunter, how to build a cybersecurity architecture that actually defends against today's risks, and much more...
IoT & Liability: How Organizations Can Hold Themselves Accountable
Commentary  |  3/10/2017  | 
To avoid a lawsuit, your company needs to better understand the state of your infrastructure and the devices and applications within it. Here are five areas on which to focus.
Mobile (In)security: Dark Reading Cartoon Caption Contest Winners
Commentary  |  3/9/2017  | 
Clever word play on mobile ransomware, cloud and the Internet of Things. And the winners are
Securing Todays 'Elastic Attack Surface'
Commentary  |  3/9/2017  | 
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
In a Cybersecurity Vendor War, the End User Loses
Commentary  |  3/8/2017  | 
When vulnerability information is disclosed without a patch available, users are the ones really being punished.
Trust, Cloud & the Quest for a Glass Wall around Security
Commentary  |  3/8/2017  | 
In the next year, were going to see a leap towards strategic, business-level objectives that can be resolved by simplifying infrastructure and granting greater visibility in real time.
Googles SHA-1 Countdown Clock Could Undermine Enterprise Security
Commentary  |  3/7/2017  | 
In the wake of a recently documented 'collision' attack, Google researchers should consider delaying the release of the code behind the crack until companies can roll out adequate patches. Here's why
A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
Commentary  |  3/7/2017  | 
A researcher gives us a glimpse into what happened when he found a problem with an IoT device.
New Yorks Cyber Regulations: How to Take Action & Whos Next
Commentary  |  3/6/2017  | 
Even if your company isnt directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.
Threats Converge: IoT Meets Ransomware
Commentary  |  3/6/2017  | 
Ransomware is already a problem. The Internet of Things has had a number of security issues. What happens when the two combine?
How to Use & Share Customer Data without Damaging Trust
Commentary  |  3/3/2017  | 
These five tips for protecting consumer privacy will ensure that your customers will stay customers for the long run.
Three Years after Heartbleed, How Vulnerable Are You?
Commentary  |  3/2/2017  | 
You may have a problem lurking in your open source components and not know it. Start making a list...
Best Practices for Lowering Ransomware Risk
Commentary  |  3/1/2017  | 
The first step is to avoid falling prey in the first place. That means teaching your entire organization - from IT staff to executive management - how not to be a victim.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6487
PUBLISHED: 2019-01-18
TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.
CVE-2018-20735
PUBLISHED: 2019-01-17
** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only...
CVE-2019-0624
PUBLISHED: 2019-01-17
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
CVE-2019-0646
PUBLISHED: 2019-01-17
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
CVE-2019-0647
PUBLISHED: 2019-01-17
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.