Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in July 2014
InfoSecs Holy Grail: Data Sharing & Collaboration
Commentary  |  7/31/2014  | 
Despite all the best intentions, cooperation around Internet security is still a work in progress. Case in point: Microsofts unilateral action against No-IP.
Phishing: What Once Was Old Is New Again
Commentary  |  7/30/2014  | 
I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!
Dark Reading Radio: Data Loss Prevention (DLP) Fail
Commentary  |  7/29/2014  | 
Learn about newly found vulnerabilities in commercial and open-source DLP software in our latest episode of Dark Reading Radio with security researchers Zach Lanier and Kelly Lum.
The Perfect InfoSec Mindset: Paranoia + Skepticism
Commentary  |  7/29/2014  | 
A little skeptical paranoia will ensure that you have the impulse to react quickly to new threats while retaining the logic to separate fact from fiction.
Weak Password Advice From Microsoft
Commentary  |  7/28/2014  | 
Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
Internet of Things: 4 Security Tips From The Military
Commentary  |  7/25/2014  | 
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. Its time to take a page from their battle plan.
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Commentary  |  7/24/2014  | 
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
RAM Scraper Malware: Why PCI DSS Can't Fix Retail
Commentary  |  7/23/2014  | 
There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data
Dark Reading Radio: The Winners & Losers of Botnet Takedowns
Commentary  |  7/23/2014  | 
Our guests are Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance.
Infographic: With BYOD, Mobile Is The New Desktop
Commentary  |  7/22/2014  | 
Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.
Internet of Things: Security For A World Of Ubiquitous Computing
Commentary  |  7/21/2014  | 
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
CEO Report Card: Low Grades for Risk Management
Commentary  |  7/18/2014  | 
Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
A New Age in Cyber Security: Public Cyberhealth
Commentary  |  7/17/2014  | 
The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.
Passwords & The Future Of Identity: Payment Networks?
Commentary  |  7/16/2014  | 
The solution to the omnipresent and enduring password problem may be closer than you think.
Payment Card Data Theft: Tips For Small Business
Commentary  |  7/15/2014  | 
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
Dark Reading Radio: Where Do Security Startups Come From?
Commentary  |  7/15/2014  | 
This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.
How Next-Generation Security Is Redefining The Cloud
Commentary  |  7/14/2014  | 
Your cloud, datacenter, and infrastructure all contain flexible and agile components. Your security model should be the same.
Strategic Security: Begin With The End In Mind
Commentary  |  7/11/2014  | 
The trouble with traditional infosec methodology is that it doesnt show us how to implement a strategic security plan in the real world.
Cloud & The Fuzzy Math of Shadow IT
Commentary  |  7/10/2014  | 
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Commentary  |  7/9/2014  | 
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
6 Tips for Using Big Data to Hunt Cyberthreats
Commentary  |  7/8/2014  | 
You need to be smart about harnessing big data to defend against todays security threats, data breaches, and attacks.
Dark Reading Radio: The Changing Role Of The CISO
Commentary  |  7/8/2014  | 
Why does the CISO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
Why Your Application Security Program May Backfire
Commentary  |  7/2/2014  | 
You have to consider the human factor when youre designing security interventions, because the best intentions can have completely opposite consequences.
Dark Reading Radio: Oracle Database Security Hacked
Commentary  |  7/1/2014  | 
Learn about newly found vulnerabilities in a key database security feature tomorrow in the next episode of Dark Reading Radio.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...