Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in May 2011
Sharing Relational Data In The Cloud
Commentary  |  5/31/2011  | 
Databases are designed to share data, so it's easy to leverage built-in security for cloud services
A Tale Of Two Hacks
Commentary  |  5/31/2011  | 
The similarities and differences in the Lockheed and RSA attacks
Dark Reading Revamps SMB Security Tech Center
Commentary  |  5/31/2011  | 
As cybercriminals take aim at small businesses, Dark Reading offers new coverage
Scareware Is Evolving
Commentary  |  5/24/2011  | 
That's right -- scareware is still proving an effective way for threat actors to make quick cash on the Internet
Oracle 11G Available On AWS
Commentary  |  5/24/2011  | 
When testing Oracle on Amazon AWS, consider how you will secure your data
From Device to Device, From Site To Site
Commentary  |  5/23/2011  | 
Obama administration's digital identities initiative relies on private industry to come together and make it work
Sony A Poster Child For Self-Destructive Security
Commentary  |  5/20/2011  | 
Sony has repeatedly made poor decisions in security and control -- costing the company billions of dollars and giving critical markets it once controlled to Apple, Microsoft, and Nintendo
Schwartz On Security: Developers Battle Piracy Channels
Commentary  |  5/18/2011  | 
Business Software Alliance report finds widespread software piracy, but experts say market pressures are to blame.
Reduce Your Android Security Risks
Commentary  |  5/17/2011  | 
Threats against Google's mobile platform have increased 400% in the last year, but common sense will protect users against many of the attacks.
Success, Failure And The Advanced Threat
Commentary  |  5/16/2011  | 
You can't judge the sophistication of an attack by its success or failure
Mobile Security Needs Executive Involvement
Commentary  |  5/13/2011  | 
IT managers need a plan for managing a highly variable fleet of devices through mobile device management, according to panelists at InformationWeek Analytics Live sessions at Interop 2011.
Schwartz On Security: Sony Must Do More
Commentary  |  5/12/2011  | 
Forget free ID theft monitoring. Sony should release its police reports, so that 101 million people can obtain a free credit freeze to proactively battle ID thieves.
Presidential Alerts Soon Mandatory On Your Phone
Commentary  |  5/10/2011  | 
The U.S. Government and major wireless carriers announced a new messaging system that supplements the current emergency system. While some alerts will be optional, presidential alerts will be mandatory.
Secure Access To Relational Data
Commentary  |  5/10/2011  | 
How to secure relational data in cloud data centers
If An ESIM Falls In The Woods, Does Anyone Care?
Commentary  |  5/10/2011  | 
To the operationally minded, the loss of security monitoring capabilities will almost always play second fiddle to availability for Internet and internetworked resources
A National Monitoring Infrastructure
Commentary  |  5/10/2011  | 
It's theoretically possible, but who could orchestrate such a huge collaborative endeavor, and would it be possible to bring both private and public data under government oversight?
We Will Get Fooled Again
Commentary  |  5/6/2011  | 
It's time to start a quiet revolution against security marketing buffoonery
How To Respond To The Sony Attacks
Commentary  |  5/4/2011  | 
How to protect yourself from similar database attacks
Dark Reading's First Five Years: A Look Back -- And Ahead
Commentary  |  5/3/2011  | 
Taking a moment to celebrate DR's fifth anniversary of publication
U.S. Intelligence Connects The Dots On Bin Laden
Commentary  |  5/3/2011  | 
Intelligence agencies are leveraging new surveillance technologies and IT architectures to facilitate information sharing in their anti-terrorism and other national security efforts.
Police Car DVR P0wnage
Commentary  |  5/3/2011  | 
Another security failure in an embedded technology leads to unanticipated risks for police forces and a vendor denial


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38258
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
CVE-2021-38260
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
CVE-2021-39223
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.t...
CVE-2021-39224
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is locat...
CVE-2021-39225
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. Ther...