Commentary

Content posted in April 2013
Big Data Makes A Big Target
Commentary  |  4/29/2013  | 
LivingSocial.com is another in a long line of "big scores" for data attackers
The Many Faces Of The Verizon Data Breach Investigation Report
Commentary  |  4/23/2013  | 
Verizon's annual data breach report offers volumes of data -- and even more interpretations
Did The Dog Bark In the Night?
Commentary  |  4/23/2013  | 
What we still don't know, despite the data
Scan My Eyeball, Already
Commentary  |  4/22/2013  | 
Could consumers be the catalyst for the password's ultimate demise?
Trickle-Down Threat Intelligence
Commentary  |  4/20/2013  | 
Tiers are not enough when intel is at stake
What Every CFO Should Know About Security Breaches
Commentary  |  4/19/2013  | 
Panelists say chief financial officers should know the difference between good security spending and bad
Boston Bombers Can't Elude City's Tech Infrastructure
Commentary  |  4/19/2013  | 
Video surveillance played a key role in identifying the suspects in Monday's tragic Boston Marathon bombing, setting a precedent for increasing use of sophisticated security IT systems nationwide.
ACLU Issues Wake-Up Call To Android Service Providers
Commentary  |  4/18/2013  | 
In complaint to FTC, civil liberties organization accuses AT&T, Verizon, Sprint, and T-Mobile of "unfair and deceptive business practices"
What IAM Can Learn From Bill Gates
Commentary  |  4/18/2013  | 
In identity and access management, it pays to be long-term aggressive and short-term conservative
Safeguarding Your Data Against The Two-Bit Ne'er-Do-Well
Commentary  |  4/17/2013  | 
A real-life data breach incident underscores the importance of employing even the most basic levels of security protection
How Do You Use DAM For Blocking? You Don't
Commentary  |  4/17/2013  | 
Curiously, many view blocking malicious Web application requests via WAFs as the appropriate approach
A New Look For Dark Reading
Commentary  |  4/17/2013  | 
New site layout, functionality will make it easier for Dark Reading's IT security readers to find the information they need
Laws Can't Save Banks From DDoS Attacks
Commentary  |  4/16/2013  | 
A threat information-sharing bill wouldn't do much to help banks defend themselves against distributed denial-of-services (DDoS) attacks
A NAC Is a NAC, Alack Alack
Commentary  |  4/16/2013  | 
Mobile's inevitable return to the network flock
Your Data Is Gone, Have A Nice Day
Commentary  |  4/16/2013  | 
Complete data loss and theft remain all too common
Android MDM Fragmentation: Does It Matter?
Commentary  |  4/11/2013  | 
Of all the major mobile operating systems, Android provides the least in terms of mobile security and device management. Google has let its customers down
How To Bug Mitch McConnell's Office
Commentary  |  4/10/2013  | 
'Bugging' in the context of politics raises images of burglars messing with telephones and clunky tape recorders in the Oval Office. Now you'd just use malware
Office 2003, Windows XP Support Ends In One Year
Commentary  |  4/8/2013  | 
If you're still using Windows XP, then you won't let a little thing like unpatched public vulnerabilities stop you. But many Office 2003 users will be surprised to find themselves cut loose by Microsoft
Is There Any Real Measurement In Monitoring?
Commentary  |  4/5/2013  | 
Show me metrics that aren't marketing
Laws Can't Save Banks From DDoS Attacks
Commentary  |  4/4/2013  | 
A threat information-sharing bill wouldn't do much to help banks defend themselves against distributed denial of services (DDoS) attacks.
Indoor Location Tracking Has Lost Common Sense
Commentary  |  4/2/2013  | 
Technology to help people navigate indoors is all the rage. But unless you really want to be tracked through the mall, it's largely unnecessary.


WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17300
PUBLISHED: 2018-09-21
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
CVE-2018-17301
PUBLISHED: 2018-09-21
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.
CVE-2018-17302
PUBLISHED: 2018-09-21
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.
CVE-2018-17292
PUBLISHED: 2018-09-21
An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than...
CVE-2018-17293
PUBLISHED: 2018-09-21
An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application c...