Commentary

Content posted in May 2015
How I Would Secure The Internet With $4 Billion
Commentary  |  5/29/2015  | 
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesnt go far enough.
FUD Watch: The Marketing Of Security Vulnerabilities
Commentary  |  5/28/2015  | 
Im all for raising awareness, but making designer vulnerabilities, catchy logos and content part of the disclosure process is a step in the wrong direction.
Escalating Cyberattacks Threaten US Healthcare Systems
Commentary  |  5/27/2015  | 
Electronic health records are prime targets because healthcare organizations lack the resources, processes, and technologies to protect them. And its only going to get worse.
State-Sponsored Cybercrime: A Growing Business Threat
Commentary  |  5/26/2015  | 
You dont have to be the size of Sony -- or even mock North Korea -- to be a target.
DR Radio: Incident Response War-Gaming
Commentary  |  5/25/2015  | 
Learn how to practice the post-breach panicking.
Cyber Threat Analysis: A Call for Clarity
Commentary  |  5/22/2015  | 
The general public deserves less hyperbole and more straight talk
Data Encryption In The Cloud: Square Pegs In Round Holes
Commentary  |  5/21/2015  | 
Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. Format-preserving encryption could change all that.
5 Signs Credentials In Your Network Are Being Compromised
Commentary  |  5/20/2015  | 
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Commentary  |  5/19/2015  | 
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
Why We Can't Afford To Give Up On Cybersecurity Defense
Commentary  |  5/18/2015  | 
There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices.
The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals
Commentary  |  5/15/2015  | 
Brazil loses over $8 billion a year to Internet crime, making it the second-largest cybercrime generator in the world.
When Encrypted Communication Is Not Good Enough
Commentary  |  5/14/2015  | 
For the vast majority of conversations -- on paper, by phone or computer -- encryption is a perfectly adequate form of protection. Unless, of course, a life or livelihood is at stake.
Taking A Security Program From Zero To Hero
Commentary  |  5/13/2015  | 
Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organizations security capabilities. Here are six steps to get you started.
Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research
Commentary  |  5/12/2015  | 
There is a lesson to be learned from a locksmith living 150 years ago: Attackers and criminals are the only parties who benefit when security researchers fear the consequences for reporting issues.
Protecting The Data Lifecycle From Network To Cloud
Commentary  |  5/12/2015  | 
Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.
Deconstructing Mobile Fraud Risk
Commentary  |  5/5/2015  | 
Todays enterprise security solutions dont do enough to manage BYOD risk, credit card theft and the reputational damage resulting from a major data breach.
Building a Stronger Security Strategy: 6 Tips
Commentary  |  5/4/2015  | 
CIO offers his formula for achieving the right balance between data security and employee productivity and convenience
Nine Years Later, IT Security Is Even More Important To Business
Commentary  |  5/1/2015  | 
As Dark Reading celebrates its ninth year of publication, the security industry prepares for its next round of evolution.


Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19349
PUBLISHED: 2018-11-17
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19350
PUBLISHED: 2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19341
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...
CVE-2018-19342
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000...
CVE-2018-19343
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...