Commentary

Content posted in May 2014
Flash Poll: The Hunt For Cyber Talent
Commentary  |  5/30/2014  | 
Our latest flash poll paints a nuanced picture of how the security skills shortage is playing out in hiring strategies for the SOC.
Indicting Chinese Military Officers Is A Huge Mistake
Commentary  |  5/29/2014  | 
Blaming soldiers following lawful orders only deflects from the government's responsibility to impose trade sanctions and take more useful measures.
Dissecting Dendroid: An In-Depth Look Inside An Android RAT Kit
Commentary  |  5/28/2014  | 
Dendroid is full of surprises to assist it in subverting traditional security tactics through company-issued Android phones or BYOD.
Dark Reading Radio: The Real Reason Security Jobs Remain Vacant
Commentary  |  5/27/2014  | 
Join us Wednesday, May 28, at 1:00 p.m. Eastern, to learn why good security staff really are not hard to find, if you know what to look for.
eBay Breach: Is Your Identity Up For Auction?
Commentary  |  5/23/2014  | 
In a sick twist of events, the roles may just have been reversed on eBay users. Its their social media identities and data that now have the greatest value in the cyber underground.
Women In Security: We've Still Got A Long Way To Go, Baby
Commentary  |  5/23/2014  | 
Research shows that the gender gap in IT remains a real problem, but getting girls interested in technology is not the issue.
The Only 2 Things Every Developer Needs To Know About Injection
Commentary  |  5/22/2014  | 
Theres no simple solution for preventing injection attacks. There are effective strategies that can stop them in their tracks.
Why Security & Profitability Go Hand-In-Hand
Commentary  |  5/21/2014  | 
Its never been more critical to put security on the front line to protect your company's bottom line.
Dark Reading To Launch Weekly Internet Radio Show
Commentary  |  5/20/2014  | 
DR Radio will take place every Wednesday at 1:00 p.m. ET and will feature live chat; first topic will be "A Day in the Life of a Penetration Tester."
6 Tips For Securing Social Media In The Workplace
Commentary  |  5/20/2014  | 
Empower employees by training them to be aware and secure, and in how to avoid becoming a statistic.
How To Talk About InfoSec To Your Board Of Directors
Commentary  |  5/19/2014  | 
Today's cybersecurity challenges cannot be met by a compartmentalized IT strategy because every piece of the modern enterprise runs on connectivity and data.
Tech Insight: Free Tools For Offensive Security
Commentary  |  5/19/2014  | 
A professional penetration tester offers a look at the latest free and open-source tools available for pen testing and offensive tactics.
Apple Picking: 5 Ways to Lose (& Retrieve) Mac Data
Commentary  |  5/16/2014  | 
Apple platforms are far from invincible, as these common loss scenarios demonstrate.
Beware Cognitive Bias
Commentary  |  5/15/2014  | 
Cognitive bias can compromise any profession. But when cognitive bias goes unrecognized in cyber security, far-reaching and serious consequences follow.
Dispelling The Myths Of Cyber Security
Commentary  |  5/14/2014  | 
Perfect security that focuses on eliminating threats is too expensive and impossible to achieve. Better to think about consequence management.
Infographic: The Story Of A Phish
Commentary  |  5/13/2014  | 
Are your employees like Troy, blissfully unaware of the dangers of spear phishing?
Into The Breach: The Limits Of Data Security Technology
Commentary  |  5/12/2014  | 
When it comes to cyberdefense spending, the smart money should bet on people and compliance as much as on machines.
A New Approach to Endpoint Security: Think Positive
Commentary  |  5/9/2014  | 
It's time to move away from traditional blacklisting models that define what should be restricted and implicitly allow everything else.
The Cyber Security Market Is Hot! Heres Why
Commentary  |  5/8/2014  | 
A dozen years ago the $3.5 billion security market was dominated by five vendors. Last year, VCs bankrolled 230 startups. My, how things have changed!
Why Threat Intelligence Is Like Teenage Sex
Commentary  |  5/7/2014  | 
Everyone thinks everyone else is doing it, and most of the few people who are actually doing it aren't doing it all that well.
NextGen Authentication: There's A Really Smart Phone In Your Future
Commentary  |  5/6/2014  | 
The mobile device is the latest platform to reinvent access controls, and it's putting enterprise IT back in the driver's seat of security and data protection.
Flash Poll: Your Take On The IT Security Skills Gap
Commentary  |  5/6/2014  | 
How would you describe the posture of your companys current security team and hiring practices? Take our new poll.
Defending Against Identity Theft In The Military
Commentary  |  5/5/2014  | 
Our military troops are twice as likely to be victims of identity theft as the general population. The reason is in the structure of military culture.
Why Perimeter Defenses Are No Longer Enough
Commentary  |  5/2/2014  | 
When it comes to corporate information security and data protection, the new normal is "due care" in managing day-to-day operations.
How To Avoid Sloppy Authentication
Commentary  |  5/1/2014  | 
Viewing authentication as a process, not simply as an encryption or algorithm, is the key to defending corporate resources from attacks.
Dark Reading Celebrates Eighth Anniversary
Commentary  |  5/1/2014  | 
Now the web's largest online info security community, Dark Reading's 2006 charter hasn't changed: to help security pros do their jobs.


High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8980
PUBLISHED: 2019-02-21
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2019-8979
PUBLISHED: 2019-02-21
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
CVE-2013-7469
PUBLISHED: 2019-02-21
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2018-20146
PUBLISHED: 2019-02-21
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
CVE-2019-5727
PUBLISHED: 2019-02-21
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.