Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in May 2018
The Good News about Cross-Domain Identity Management
Commentary  |  5/31/2018  | 
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
Commentary  |  5/31/2018  | 
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
Commentary  |  5/30/2018  | 
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
Getting Revolutionary (Not Evolutionary) about Cybersecurity
Commentary  |  5/30/2018  | 
Being a security revolutionary isn't purely about new, ground-breaking ideas. It's about anticipating, outpacing, and influencing your world, both internally and externally. Here are five keys to success.
How to Empower Today's 'cISOs'
Commentary  |  5/29/2018  | 
Although many security leaders have a C in their title, not all are true capital-C "Chiefs." Here are three ways to live up to the job description.
New Threats, Old Threats: Everywhere a Threat
Commentary  |  5/29/2018  | 
First-quarter data shows cryptojacking on the rise -- but don't count out some "classic" threats just yet.
Bridging the Cybersecurity Talent Gap
Commentary  |  5/25/2018  | 
There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
The Good & Bad News about Blockchain Security
Commentary  |  5/23/2018  | 
Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.
Is Threat Intelligence Garbage?
Commentary  |  5/23/2018  | 
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Commentary  |  5/22/2018  | 
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
The State of Information Sharing 20 Years after the First White House Mandate
Commentary  |  5/22/2018  | 
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Commentary  |  5/21/2018  | 
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
How to Hang Up on Fraud
Commentary  |  5/18/2018  | 
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
The Risks of Remote Desktop Access Are Far from Remote
Commentary  |  5/17/2018  | 
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
Why Isn't Integrity Getting the Attention It Deserves?
Commentary  |  5/17/2018  | 
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
Want Your Daughter to Succeed in Cyber? Call Her John
Commentary  |  5/16/2018  | 
It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.
Taming the Chaos of Application Security: 'We Built an App for That'
Commentary  |  5/15/2018  | 
Want to improve the state of secure software coding? Hide the complexity from developers.
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Commentary  |  5/14/2018  | 
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
The New Security Playbook: Get the Whole Team Involved
Commentary  |  5/11/2018  | 
Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
Commentary  |  5/10/2018  | 
With the addition of secure enclaves, secure boot, and related features of "Clear," the only ones that will be able to test this code are Apple, well-resourced nations, and vendors who sell jailbreaks.
Ready or Not: Transport Layer Security 1.3 Is Coming
Commentary  |  5/10/2018  | 
Better encryption could mean weaker security if you're not careful.
20 Signs You Are Heading for a Retention Problem
Commentary  |  5/9/2018  | 
If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Commentary  |  5/9/2018  | 
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
Properly Framing the Cost of a Data Breach
Commentary  |  5/8/2018  | 
The expenses and actions typically associated with a cyberattack are not all created equal. Here's how to explain what's important to the C-suite and board.
Breakout Time: A Critical Key Cyber Metric
Commentary  |  5/8/2018  | 
Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.
Defending Against an Automated Attack Chain: Are You Ready?
Commentary  |  5/7/2018  | 
Recent threats like AutoSploit bring malware-as-a-service to a whole new level. Here are four ways to be prepared.
We're Doing Security Wrong!
Commentary  |  5/4/2018  | 
When you simply heap technology onto a system, you limit your hiring pool and spread your employees too thin. Focus on your people instead.
GDPR Requirements Prompt New Approach to Protecting Data in Motion
Commentary  |  5/3/2018  | 
The EU's General Data Protection Regulation means that organizations must look at new ways to keep data secure as it moves.
Spring Clean Your Security Systems: 6 Places to Start
Commentary  |  5/2/2018  | 
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
Commentary  |  5/1/2018  | 
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38258
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
CVE-2021-38260
PUBLISHED: 2021-10-25
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
CVE-2021-39223
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.t...
CVE-2021-39224
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is locat...
CVE-2021-39225
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. Ther...