Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in June 2016
The Newbies 'How To Survive Black Hat' Guide
Commentary  |  6/29/2016  | 
Theres little chance you wont be totally exhausted after drinking from the information firehose all week. But if you follow these eight steps, it will be a very satisfying kind of fatigue.
Microsoft + LinkedIn: How To Spot Insider Trading Risk Early
Commentary  |  6/28/2016  | 
With the explosion of mobile, cloud, and the blurring of work and personal data, companies considering M&A have a lot to worry about when it comes to insider threats.
The Blind Spot Between The Cloud & The Data Center
Commentary  |  6/27/2016  | 
Ask most enterprise security analysts responsible for detection and response about their visibility into identity access risks and youre likely to get some confused looks. Heres why.
Mind The Gap: CISOs Versus 'Operators'
Commentary  |  6/25/2016  | 
How open communication among security execs and analysts, incidents responders, and engineers can help organizations stay on top of the constantly changing threat landscape.
Security Lessons from My Financial Planner
Commentary  |  6/24/2016  | 
Security investments can be viewed as a portfolio. If we think in portfolio terms, we realize that ROI is a backwards-looking measure. What else can we learn from financial planners?
Internet Of Things & The Platform Of Parenthood
Commentary  |  6/23/2016  | 
A new fathers musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up.
Bug Poachers: A New Breed of Cybercriminal
Commentary  |  6/22/2016  | 
As if security researchers dont have enough to worry about, we now have to contend with extortionists who take advantage of the well-established fact that applications are a ripe target for exploitation.
Phishing, Whaling & The Surprising Importance Of Privileged Users
Commentary  |  6/21/2016  | 
By bagging a privileged user early on, attackers can move from entry point to mission accomplished in no time at all.
Privacy Shield: Can the US Earn the EUs Trust Post Apple vs. FBI?
Commentary  |  6/20/2016  | 
Rebuilding the privacy framework for data transfer between the US and its European trading partners wont be easy but its still a worthwhile effort.
The Gamble Behind Cyber Threat Intelligence Sharing
Commentary  |  6/18/2016  | 
In theory, sharing threat intel makes sense. But in cybersecurity you're not dealing with known individuals, youre dealing with anonymous adversaries capable of rapid change.
How Secure is Secure? Tips For Investing In The Right Strategy
Commentary  |  6/17/2016  | 
Business alignment, defense-in-depth and a phased approach are three principles to follow when building out a solid security program.
Pretty Good Passwords: Cartoon Caption Contest Winners
Commentary  |  6/16/2016  | 
Sticky notes, multi-factor authentication, password reuse and Donald Trump. And the winner is...
What CISOs Need to Tell The Board About Cyber Risk
Commentary  |  6/15/2016  | 
To avoid devastating financial losses, boards and the C-suite must have a deep understating of the cyber risks their organizations face. Heres what they need to hear from the security team
A Look Back At Dark Reading's Best 10 Years (So Far)
Commentary  |  6/14/2016  | 
The past decade in security -- from botnets that were bigger than some service provider networks to vulnerabilities that affected not only whole industries but the very fabric of the internet. And much, much more...
5 Soft Skills Young Cybersecurity Professionals Need to Get Ahead
Commentary  |  6/14/2016  | 
Todays employers arent looking for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply security expertise across the business to yield bottom-line results.
Self-Service Password Reset & Social Engineering: A Match Made In Hell
Commentary  |  6/13/2016  | 
A sad tale of how hackers compromised a CEOs corporate account by trolling Facebook and LInkedin for answers to six common authentication questions. (And how to avoid that happening to you)
IoT Security: Onus On Developers, Security Researchers
Commentary  |  6/11/2016  | 
Security teams and DevOps need to team up on 'lean security' processes that make safety a top priority before a product reaches the market.
Revealing Lessons About Vulnerability Research
Commentary  |  6/10/2016  | 
Its not clear why a dozen FBI agents showed up at a security researchers door last month but as cyber becomes more a factor in product safety, our judicial system needs to get a better grasp on who the real criminals are.
The End Of A Security Decade -- And The Beginning Of A New One
Commentary  |  6/10/2016  | 
Dark Reading wraps up its 10th anniversary coverage with a final look back at the decade -- and a look ahead.
Google Dorking: Exposing The Hidden Threat
Commentary  |  6/9/2016  | 
Google Dorking sounds harmless, but it can take your company down. Here's what you need to know to avoid being hacked.
Deconstructing The Impact Of Ransomware On Healthcares IoT
Commentary  |  6/8/2016  | 
If ransomware targets medical devices, exactly how will an attacker deliver the ransom note to the victim?
Microsegmentation & The Need For An Intelligent Attack Surface
Commentary  |  6/7/2016  | 
There is a fundamental difference in the security posture and technology for protecting the White House versus a Social Security office in California. So, too, for the critical apps and systems that are likely targets in your enterprise.
BYOD Security: How To Shift Device Control & Grant Users More Choice
Commentary  |  6/3/2016  | 
Gartners managed diversity model offers an ITIL-compliant information security solution to the problem of Shadow IT.
How Facebook Raises A Generation Of Intelligence Analysts
Commentary  |  6/2/2016  | 
In the process of creating and administering groups, users learn how to read data points, create a risk profile in their head, and watch for changes over time.
How Agile Changed Security At Dun & Bradstreet
Commentary  |  6/1/2016  | 
Chief Security Officer Jon Rose shares the whys and wherefores of integrating agile software development methodology into a traditional security environment.


How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17666
PUBLISHED: 2019-10-17
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2019-17607
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVE-2019-17608
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVE-2019-17609
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
CVE-2019-17610
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.