Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in April 2021
The Ticking Time Bomb in Every Company's Code
Commentary  |  4/30/2021  | 
Developers must weigh the benefits and risks of using third-party code in Web apps.
Your Digital Identity's Evil Shadow
Commentary  |  4/29/2021  | 
In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents.
The Challenge of Securing Non-People Identities
Commentary  |  4/29/2021  | 
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
How to Secure Employees' Home Wi-Fi Networks
Commentary  |  4/28/2021  | 
Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.
Is Your Cloud Raining Sensitive Data?
Commentary  |  4/28/2021  | 
Learn common Kubernetes vulnerabilities and ways to avoid them.
4 Ways CISOs Can Strengthen Their Security Resilience
Commentary  |  4/27/2021  | 
Security pros must remember bad actors will target their infrastructure, using counter-incident response technology in the process.
Challenging Our Education System to Nurture the Cyber Pipeline
Commentary  |  4/27/2021  | 
Let's teach students how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers.
Shift Left: From Concept to Practice
Commentary  |  4/26/2021  | 
By moving security into development, your team can find and fix vulnerabilities before they become expensive, difficult, and publicly embarrassing problems.
SOC 2 Attestation Tips for SaaS Companies
Commentary  |  4/23/2021  | 
Attestation helps SaaS vendors demonstrate that digital security is a primary focus.
Improving the Vulnerability Reporting Process With 5 Steps
Commentary  |  4/22/2021  | 
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
Name That Toon: Greetings, Earthlings
Commentary  |  4/22/2021  | 
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Looking for Greater Security Culture? Ask an 8-Bit Plumber
Commentary  |  4/22/2021  | 
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
Business Email Compromise Costs Businesses More Than Ransomware
Commentary  |  4/21/2021  | 
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.
How to Attack Yourself Better in 2021
Commentary  |  4/21/2021  | 
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
2020 Changed Identity Forever; What's Next?
Commentary  |  4/20/2021  | 
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
Beware the Bug Bounty
Commentary  |  4/20/2021  | 
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
SolarWinds: A Catalyst for Change & a Cry for Collaboration
Commentary  |  4/19/2021  | 
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.
How the Biden Administration Can Make Digital Identity a Reality
Commentary  |  4/16/2021  | 
A digital identity framework is the answer to the US government's cybersecurity dilemma.
6 Tips for Managing Operational Risk in a Downturn
Commentary  |  4/15/2021  | 
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
Nation-State Attacks Force a New Paradigm: Patching as Incident Response
Commentary  |  4/15/2021  | 
IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.
Bolstering Our Nation's Defenses Against Cybersecurity Attacks
Commentary  |  4/14/2021  | 
Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address.
Dark Reading to Upgrade Site Design, Performance
Commentary  |  4/13/2021  | 
Improvements will make site content easier to navigate, faster, and more functional.
5 Objectives for Establishing an API-First Security Strategy
Commentary  |  4/13/2021  | 
With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever.
Clear & Present Danger: Data Hoarding Undermines Better Security
Commentary  |  4/13/2021  | 
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
Wake Up and Smell the JavaScript
Commentary  |  4/12/2021  | 
The SolarWinds attack showed the true meaning of a supply chain breach. And it's the canary in the coal mine for sensitive data on the Web.
Omdia Research Spotlight: XDR
Commentary  |  4/12/2021  | 
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help
Commentary  |  4/9/2021  | 
Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.
Handcuffs Over AI: Solving Security Challenges With Law Enforcement
Commentary  |  4/8/2021  | 
We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
Rethinking Cyberattack Response: Prevention & Preparedness
Commentary  |  4/7/2021  | 
The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.
5 Ways to Transform Your Phishing Defenses Right Now
Commentary  |  4/7/2021  | 
By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.
Cartoon Caption Winner: Something Seems Afoul
Commentary  |  4/7/2021  | 
And the winner of Dark Readings's March cartoon caption contest is ...
Ryuk's Rampage Has Lessons for the Enterprise
Commentary  |  4/6/2021  | 
The Ryuk ransomware epidemic is no accident. The cybercriminals responsible for its spread have systematically exploited weaknesses in enterprise defenses that must be addressed.
NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets
Commentary  |  4/6/2021  | 
Compromised NFT accounts highlight security concerns inherent in the design of centralized systems.
7 Ways to Reduce Cyber Threats From Remote Workers
Commentary  |  4/5/2021  | 
The pandemic's decline won't stop the work-from-home trend nor the implications for cybersecurity, so it's crucial to minimize the threats.
US Tech Dominance Rides on Securing Intellectual Property
Commentary  |  4/2/2021  | 
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
Solving the Leadership Buy-In Impasse With Data
Commentary  |  4/1/2021  | 
Justify your requirements with real numbers to get support for security investments.
The Role of Visibility in Securing Cloud Applications
Commentary  |  4/1/2021  | 
Traditional data center approaches aren't built for securing modern cloud applications.


News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google Maps is taking "interactive" to a whole new level!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15279
PUBLISHED: 2021-05-18
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research.
CVE-2021-3423
PUBLISHED: 2021-05-18
Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business S...
CVE-2020-18194
PUBLISHED: 2021-05-17
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
CVE-2020-18195
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
CVE-2020-18198
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."