Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in July 2017
DevOps Security & the Culture of 'Yes'
Commentary  |  7/31/2017  | 
Communication, collaboration, and the use of production data to drive decisions are essential for security work in a DevOps world.
Throw Out the Playbooks to Win at Incident Response
Commentary  |  7/28/2017  | 
Four reasons why enterprises that rely on playbooks give hackers an advantage.
Dark Reading News Desk Live at Black Hat USA 2017
Commentary  |  7/27/2017  | 
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
The Right to Be Forgotten & the New Era of Personal Data Rights
Commentary  |  7/27/2017  | 
Because of the European Union's GDPR and other pending legislation, companies must become more transparent in how they protect their customers' data.
10 Critical Steps to Create a Culture of Cybersecurity
Commentary  |  7/26/2017  | 
Businesses are more vulnerable than they need to be. Here's what you should do about it.
How Women Can Raise Their Profile within the Cybersecurity Industry
Commentary  |  7/25/2017  | 
Closing the cybersecurity gender gap won't happen overnight, but women can take can take steps to begin leveling the playing field.
Bots Make Lousy Dates, But Not Cheap Ones
Commentary  |  7/24/2017  | 
The danger of dating sites: If a beautiful woman asks men to click on malware, they'll probably click.
20 Questions for Improving SMB Security
Commentary  |  7/21/2017  | 
Security leaders in small and medium-sized business who want to up their game need to first identify where they are now, then, where they want to go.
DevOps & Security: Butting Heads for Years but Integration is Happening
Commentary  |  7/20/2017  | 
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
4 Steps to Securing Citizen-Developed Apps
Commentary  |  7/19/2017  | 
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
SIEM Training Needs a Better Focus on the Human Factor
Commentary  |  7/18/2017  | 
The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
AWS S3 Breaches: What to Do & Why
Commentary  |  7/17/2017  | 
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
7 Deadly Sins to Avoid When Mitigating Cyberthreats
Commentary  |  7/14/2017  | 
How digitally savvy organizations can take cyber resilience to a whole new dimension.
Black Hat to Host Discussion on Diversity
Commentary  |  7/13/2017  | 
Panel of diversity pioneers will share their views and firsthand experience on how to make inclusion a priority in security.
How Security Pros Can Help Protect Patients from Medical Data Theft
Commentary  |  7/13/2017  | 
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
Dealing with Due Diligence
Commentary  |  7/12/2017  | 
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
The High Costs of GDPR Compliance
Commentary  |  7/11/2017  | 
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
How Code Vulnerabilities Can Lead to Bad Accidents
Commentary  |  7/10/2017  | 
The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.
The SOC Is DeadLong Live the SOC
Commentary  |  7/7/2017  | 
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
The Growing Danger of IP Theft and Cyber Extortion
Commentary  |  7/6/2017  | 
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
Avoiding the Dark Side of AI-Driven Security Awareness
Commentary  |  7/5/2017  | 
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
The Problem with Data
Commentary  |  7/3/2017  | 
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.