Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in March 2021
What's So Great About XDR?
Commentary  |  3/31/2021  | 
XDR is a significant advance in threat detection and response technology, but few enterprises understand why. Omdia identifies four catalysts driving the emergence of XDR.
Advice From Security Experts: How to Approach Security in the New Normal
Commentary  |  3/31/2021  | 
Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.
3 Ways Vendors Can Inspire Customer Trust Amid Breaches
Commentary  |  3/31/2021  | 
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
Watch Out for These Cyber-Risks
Commentary  |  3/30/2021  | 
It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Commentary  |  3/30/2021  | 
The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one.
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Commentary  |  3/30/2021  | 
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
4 Open Source Tools to Add to Your Security Arsenal
Commentary  |  3/29/2021  | 
Open source solutions can offer an accessible and powerful way to enhance your security-testing capabilities.
Data Bias in Machine Learning: Implications for Social Justice
Commentary  |  3/26/2021  | 
Take historically biased data, then add AI and ML to compound and exacerbate the problem.
Moving from DevOps to CloudOps: The Four-Box Problem
Commentary  |  3/26/2021  | 
With SOC teams running services on multiple cloud platforms, their big concern is how to roll up configuration of 200+ servers in a comprehensive way.
Security Operations in the World We Live in Now
Commentary  |  3/25/2021  | 
Despite the challenges of remote work, security operations teams can position themselves well for the future.
The CIO's Shifting Role: Improving Security With Shared Responsibility
Commentary  |  3/25/2021  | 
CIOs must create a culture centered around cybersecurity that is easily visible and manageable.
How Personally Identifiable Information Can Put Your Company at Risk
Commentary  |  3/25/2021  | 
By being more mindful of how and where they share PII, employees will deprive cybercriminals of their most useful tool.
What a Federal Data Privacy Law Would Mean for Consumers
Commentary  |  3/24/2021  | 
With an array of serious proposals from both sides of the political divide, it looks as though the US may finally have a national privacy law.
Prioritizing Application & API Security After the COVID Cloud Rush
Commentary  |  3/24/2021  | 
As companies hit the gas to accommodate the rapid shift to work-from-home, security fell behind. Now, it's time to close those gaps.
Disrupting the Cybercriminal Supply Chain
Commentary  |  3/23/2021  | 
It is time to turn the tables on cybercriminals and use their own tactics against them.
Data Protection Is a Group Effort
Commentary  |  3/23/2021  | 
When every employee is well-versed in customer data privacy principles, the DPO knows the enterprise's sensitive data is in good hands.
Top 3 Cybersecurity Lessons Learned From the Pandemic
Commentary  |  3/22/2021  | 
Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.
On the Road to Good Cloud Security: Are We There Yet?
Commentary  |  3/22/2021  | 
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
How Us Shady Geeks Put Others Off Security
Commentary  |  3/19/2021  | 
Early adopters of security and privacy tools may be perceived by others as paranoid, which, in turn, may repel non-experts from protecting themselves online.
Women's History Month: Making Mentorship Meaningful
Commentary  |  3/18/2021  | 
This month is a perfect opportunity for us to take a step back and think about what role we want to play as women in the technology sector.
Beware the Package Typosquatting Supply Chain Attack
Commentary  |  3/18/2021  | 
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
What CISOs Can Learn From Big Breaches: Focus on the Root Causes
Commentary  |  3/18/2021  | 
Address these six technical root causes of breaches in order to keep your company safer.
COVID, Healthcare Data & the Dark Web: A Toxic Stew
Commentary  |  3/17/2021  | 
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.
Enterprises Wrestle With Executive Social Media Risk Management
Commentary  |  3/17/2021  | 
Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.
Best Practices for Securing Service Accounts
Commentary  |  3/16/2021  | 
While service accounts solve many of the challenges presented by automation, they can also create serious problems when it comes to cybersecurity.
Combating Call Center Fraud in the Age of COVID
Commentary  |  3/16/2021  | 
With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.
Name That Toon: Something Seems Afoul
Commentary  |  3/15/2021  | 
Dark Reading's March cartoon caption contest is here, along with a few new feathered friends.
How to Choose the Right Cybersecurity Framework
Commentary  |  3/15/2021  | 
Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.
Power Equipment: A New Cybersecurity Frontier
Commentary  |  3/12/2021  | 
Power systems, HVAC systems, and other network-connected devices are exposing new vulnerabilities that must be secured.
Actionable Tips for Engaging the Board on Cybersecurity
Commentary  |  3/11/2021  | 
Up your game with your company's board of directors to help them understand your cybersecurity priorities.
5 Steps for Investigating Phishing Attacks
Commentary  |  3/11/2021  | 
Phishing is a common and effective cybercrime tool, but even the most sophisticated threat actors make mistakes that you can leverage in your investigations.
Hiding in Plain Sight: Protecting Enterprises from the 'New' Shadow IT
Commentary  |  3/10/2021  | 
Three steps to fight this increasingly vexing problem.
Digitally Transforming Trusted Transactions Through Biometrics, ML & AI
Commentary  |  3/10/2021  | 
The pandemic has increased the appetite for e-commerce and contactless payments, and biometrics and artificial intelligence are playing a larger role in securing those transactions.
Dark Reading 'Name That Toon' Winner: Gather 'Round the Campfire
Commentary  |  3/9/2021  | 
And the winner of Dark Reading's February cartoon caption contest is ...
COVID-19 Contact-Tracing Apps Signal Broader Mobile App Security Concerns
Commentary  |  3/9/2021  | 
The rapid launch of contract-tracing apps to control COVID-19's spread opened the door to multiple security and privacy vulnerabilities.
Look to Banking as a Model for Stopping Crime-as-a-Service
Commentary  |  3/9/2021  | 
The first step toward prevention is understanding the six most common CaaS services.
Why Data Privacy Should Be on President Biden's Agenda for His First 100 Days
Commentary  |  3/8/2021  | 
The new administration is in an excellent position to make significant progress on data privacy -- not just because it's needed, but also because it's time.
On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.
Commentary  |  3/5/2021  | 
On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.
Make Sure That Stimulus Check Lands in the Right Bank Account
Commentary  |  3/5/2021  | 
If you haven't already, it's time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials.
Secure Laptops & the Enterprise of the Future
Commentary  |  3/4/2021  | 
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
Why We Need More Blue Team Voices at the Table
Commentary  |  3/4/2021  | 
The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
How SolarWinds Busted Up Our Assumptions About Code Signing
Commentary  |  3/3/2021  | 
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
Design, Security, Tech Is the New Stack You Should Be Building
Commentary  |  3/3/2021  | 
Instead of different departments managing information systems, Ally Financial has combined data, digitization, security, and design into a single "stack" of human resources.
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Commentary  |  3/2/2021  | 
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
Why Cloud Security Risks Have Shifted to Identities and Entitlements
Commentary  |  3/2/2021  | 
Traditional security tools focus on the network perimeter, leaving user and service accounts vulnerable to hackers.
Building a Next-Generation SOC Starts With Holistic Operations
Commentary  |  3/1/2021  | 
The proper template for a modernized SOC team is one that operates seamlessly across domains with a singular, end-to-end view.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41163
PUBLISHED: 2021-10-20
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discour...
CVE-2021-42299
PUBLISHED: 2021-10-20
Microsoft Surface Pro 3 Security Feature Bypass Vulnerability
CVE-2021-42771
PUBLISHED: 2021-10-20
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
CVE-2021-42764
PUBLISHED: 2021-10-20
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain.
CVE-2021-42765
PUBLISHED: 2021-10-20
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service (indefinite stalling of consensus decisions).