Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in July 2016
How to Roll Your Own Threat Intelligence Team
Commentary  |  7/29/2016  | 
A lot of hard work needs to go into effectively implementing an intelligence-driven security model. It starts with five critical factors.
How To Stay Safe On The Black Hat Network: Dont Connect To It
Commentary  |  7/28/2016  | 
Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and theres no better place to do it than Black Hat.
The Internet Of Tiny Things: What Lurks Inside
Commentary  |  7/27/2016  | 
Hackers can now use a tiny $2 embedded chip -- at scale -- to launch thousands of infected 'things' out into the ether to capture data and soften consumers up for an attack.
In Security, Know That You Know Nothing
Commentary  |  7/26/2016  | 
Only when security professionals become aware of what they dont know, can they start asking the right questions and implementing the right security controls.
Building Black Hat: Locking Down One Of The Worlds Biggest Security Conferences
Commentary  |  7/25/2016  | 
For security pros, being asked to help secure Black Hat is like being asked to play on the Olympic basketball team.
5 Failsafe Techniques For Interviewing Security Candidates
Commentary  |  7/22/2016  | 
Filling critical information security roles with the right people is never easy. But learning how to separate the 'wheat from the chaff' is a smart step in the right direction.
Tools & Training To Hack Yourself Into Better Security
Commentary  |  7/21/2016  | 
How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.
5 Mr. Robot Hacks That Could Happen in Real Life
Commentary  |  7/20/2016  | 
As season two of the popular TV series gets underway, we reality-check anti-hero Elliots hacking prowess against real-life security and attack scenarios.
Deconstructing Connected Cars: A Hack Waiting To Happen
Commentary  |  7/19/2016  | 
Why your automobiles simple and reliable Controller Area Network will put you at risk in the brave new world of connected and autonomous driving.
Beyond Data: Why CISOs Must Pay Attention To Physical Security
Commentary  |  7/18/2016  | 
Information security professionals are missing the big picture if they think of vulnerabilities and threats only in terms of data protection, password hygiene and encryption.
What's Next For Canadas Surveillance Landscape?
Commentary  |  7/14/2016  | 
Edward Snowden headlines SecTor security conference as Canadian privacy advocates await the Trudeau governments next move in the countrys complex privacy and security debate.
72% of Black Hat Attendees Expect To Be Hit By 'Major' Data Breach Within A Year
Commentary  |  7/14/2016  | 
End users are the biggest weakness, and we're not doing enough to address the problem.
What I Expect to See At Black Hat 2016: 5 Themes
Commentary  |  7/13/2016  | 
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Heres what piques my interest this year.
EUs General Data Protection Regulation Is Law: Now What?
Commentary  |  7/12/2016  | 
Organizations have two years to prepare to act as borrowers, not owners, of customer data. Here are seven provisions of the new GPDR you ignore at your peril.
Dark Reading Launches Best Of Black Hat Awards Program; Finalists Selected
Commentary  |  7/12/2016  | 
New awards recognize innovation on Black Hat exhibit floor, including startups, emerging companies, and industry thinkers.
Does Defense In Depth Still Work Against Todays Cyber Threats?
Commentary  |  7/11/2016  | 
Yes. But not for much longer unless the industry shifts to an automated security and zero trust model.
A Holistic Approach to Cybersecurity Wellness: 3 Strategies
Commentary  |  7/7/2016  | 
Security professionals need to rely on more than vaccinations to protect the health and safety of company systems and data.
Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick
Commentary  |  7/6/2016  | 
Whether its due to lack of attention, poor capital planning or alert fatigue, there are lots of reasons why an SOC can become unhealthy. Heres how to make it better.
How Not To Write A Pen Test RFP
Commentary  |  7/5/2016  | 
The downside of a failed request for a penetration test proposal is a no-win situation for everyone. Here are five common mistakes to avoid.
Big Business Ransomware: A Lucrative Market in the Underground Economy
Commentary  |  7/1/2016  | 
Why lock and/or pilfer a persons files worth hundreds of dollars when corporate data is infinitely more valuable?


Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19782
PUBLISHED: 2019-12-13
The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.
CVE-2019-19777
PUBLISHED: 2019-12-13
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
CVE-2019-19778
PUBLISHED: 2019-12-13
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.
CVE-2019-16777
PUBLISHED: 2019-12-13
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of pa...
CVE-2019-16775
PUBLISHED: 2019-12-13
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publi...