Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in July 2016
How to Roll Your Own Threat Intelligence Team
Commentary  |  7/29/2016  | 
A lot of hard work needs to go into effectively implementing an intelligence-driven security model. It starts with five critical factors.
How To Stay Safe On The Black Hat Network: Dont Connect To It
Commentary  |  7/28/2016  | 
Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and theres no better place to do it than Black Hat.
The Internet Of Tiny Things: What Lurks Inside
Commentary  |  7/27/2016  | 
Hackers can now use a tiny $2 embedded chip -- at scale -- to launch thousands of infected 'things' out into the ether to capture data and soften consumers up for an attack.
In Security, Know That You Know Nothing
Commentary  |  7/26/2016  | 
Only when security professionals become aware of what they dont know, can they start asking the right questions and implementing the right security controls.
Building Black Hat: Locking Down One Of The Worlds Biggest Security Conferences
Commentary  |  7/25/2016  | 
For security pros, being asked to help secure Black Hat is like being asked to play on the Olympic basketball team.
5 Failsafe Techniques For Interviewing Security Candidates
Commentary  |  7/22/2016  | 
Filling critical information security roles with the right people is never easy. But learning how to separate the 'wheat from the chaff' is a smart step in the right direction.
Tools & Training To Hack Yourself Into Better Security
Commentary  |  7/21/2016  | 
How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.
5 Mr. Robot Hacks That Could Happen in Real Life
Commentary  |  7/20/2016  | 
As season two of the popular TV series gets underway, we reality-check anti-hero Elliots hacking prowess against real-life security and attack scenarios.
Deconstructing Connected Cars: A Hack Waiting To Happen
Commentary  |  7/19/2016  | 
Why your automobiles simple and reliable Controller Area Network will put you at risk in the brave new world of connected and autonomous driving.
Beyond Data: Why CISOs Must Pay Attention To Physical Security
Commentary  |  7/18/2016  | 
Information security professionals are missing the big picture if they think of vulnerabilities and threats only in terms of data protection, password hygiene and encryption.
What's Next For Canadas Surveillance Landscape?
Commentary  |  7/14/2016  | 
Edward Snowden headlines SecTor security conference as Canadian privacy advocates await the Trudeau governments next move in the countrys complex privacy and security debate.
72% of Black Hat Attendees Expect To Be Hit By 'Major' Data Breach Within A Year
Commentary  |  7/14/2016  | 
End users are the biggest weakness, and we're not doing enough to address the problem.
What I Expect to See At Black Hat 2016: 5 Themes
Commentary  |  7/13/2016  | 
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Here's what piques my interest this year.
EUs General Data Protection Regulation Is Law: Now What?
Commentary  |  7/12/2016  | 
Organizations have two years to prepare to act as borrowers, not owners, of customer data. Here are seven provisions of the new GPDR you ignore at your peril.
Dark Reading Launches Best Of Black Hat Awards Program; Finalists Selected
Commentary  |  7/12/2016  | 
New awards recognize innovation on Black Hat exhibit floor, including startups, emerging companies, and industry thinkers.
Does Defense In Depth Still Work Against Todays Cyber Threats?
Commentary  |  7/11/2016  | 
Yes. But not for much longer unless the industry shifts to an automated security and zero trust model.
A Holistic Approach to Cybersecurity Wellness: 3 Strategies
Commentary  |  7/7/2016  | 
Security professionals need to rely on more than vaccinations to protect the health and safety of company systems and data.
Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick
Commentary  |  7/6/2016  | 
Whether its due to lack of attention, poor capital planning or alert fatigue, there are lots of reasons why an SOC can become unhealthy. Heres how to make it better.
How Not To Write A Pen Test RFP
Commentary  |  7/5/2016  | 
The downside of a failed request for a penetration test proposal is a no-win situation for everyone. Here are five common mistakes to avoid.
Big Business Ransomware: A Lucrative Market in the Underground Economy
Commentary  |  7/1/2016  | 
Why lock and/or pilfer a persons files worth hundreds of dollars when corporate data is infinitely more valuable?


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.