Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in July 2011
Personal Mobile Devices Still Vex IT
Commentary  |  7/26/2011  | 
Two thirds of large enterprises surveyed by Courion say that employees are causing security breaches by connecting personal mobile devices to the corporate network.
Future Clouds: Centralized Or Decentralized?
Commentary  |  7/25/2011  | 
The trend might be moving toward putting more eggs in fewer, more secure baskets
How to Choose A Cloud Storage Provider: Security
Commentary  |  7/21/2011  | 
In the first of a three-part series, we outline security considerations in selecting a place to store your data in the cloud.
A 'Spooks And Suits' Red Team Game
Commentary  |  7/20/2011  | 
Social media apps meet national security
LulzSec Hacks Murdoch's Sun, Cisco Sheds 6,500 Jobs
Commentary  |  7/19/2011  | 
LulzSec's retirees came out of self-imposed exile and played a mean game of bingo against Rupert Murdoch Monday.
Cyber Strategies: National Security Versus Child Pornography
Commentary  |  7/18/2011  | 
Among the interesting findings of an audit of the FBI's cyber crime capabilities: how Congress budgets the bureau, as well as the extent to which all cyber crime is local.
Don't Foist Euro-Style Online Privacy On The U.S.
Commentary  |  7/13/2011  | 
As Congress debates numerous privacy bills, don't assume that the tougher protections afforded by EU law are the right model for the U.S.
Antisec Attacks An Urgent Wake-Up: InformationWeek Now
Commentary  |  7/12/2011  | 
It's difficult to gauge the ethos of these next generation hackers. If I could summarize, it's this: Punish.
Federated Data And Security
Commentary  |  7/12/2011  | 
'Data virtualization' is a misnomer -- it's 'federated data.' Here's why it's important
Murdoch Kills 'News of the World': The Coming Security Backlash
Commentary  |  7/8/2011  | 
News Corp. scandal demonstrates massive shift in how privacy is perceived
Simple Isn't Simple
Commentary  |  7/7/2011  | 
It's time to admit security is hard, and to stop blaming the victims for being human
Low And Slow, Persistence, Loud And Proud, And The Fundamentals
Commentary  |  7/5/2011  | 
The attackers are changing (again), but security fundamentals remain the same -- and we still suck at them


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Your new device is too complex. Me stick with iWheel.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21312
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...
CVE-2021-21313
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper...
CVE-2021-21314
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.
CVE-2021-27931
PUBLISHED: 2021-03-03
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.
CVE-2021-27935
PUBLISHED: 2021-03-03
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.