Commentary

Content posted in August 2017
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Commentary  |  8/31/2017  | 
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
Hacking the Security Job Application Process
Commentary  |  8/30/2017  | 
Simple advice to help job seekers dig out of the black hole of recruiter and employer hiring portals.
How Hackers Hide Their Malware: Advanced Obfuscation
Commentary  |  8/30/2017  | 
Hackers continue to develop new ways to break into systems. Here are three of them, along with ways to fight back.
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Commentary  |  8/29/2017  | 
Once you've got a lake full of data, it's essential that your analysis isn't left stranded on the shore.
Dark Reading Now HTTPS
Commentary  |  8/29/2017  | 
Moving a site that's more than a decade old to HTTPS has been a journey, and we're almost there.
How Hackers Hide Their Malware: The Basics
Commentary  |  8/29/2017  | 
Malware depends on these four basic techniques to avoid detection.
Cybersecurity: An Asymmetrical Game of War
Commentary  |  8/28/2017  | 
To stay ahead of the bad guys, security teams need to think like criminals, leverage AIs ability to find malicious threats, and stop worrying that machine learning will take our jobs.
A Call for New Voices on the Security Conference Circuit
Commentary  |  8/25/2017  | 
If the mere idea of talking in public makes you want to hide in a bathroom stall with a stuffed bobcat, think again.
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Commentary  |  8/24/2017  | 
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017  | 
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
The Changing Face & Reach of Bug Bounties
Commentary  |  8/23/2017  | 
HackerOne CEO Mrten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
Why You Need to Study Nation-State Attacks
Commentary  |  8/23/2017  | 
Want to know what attacks against businesses will look like soon? Examine nation-state attacks now.
Coming Soon to Dark Reading...
Commentary  |  8/22/2017  | 
Event calendar: Dark Reading brings you threat intelligence tomorrow, boardroom communication next week, and coming in November, a brand new conference in the D.C. area.
Battle of the AIs: Don't Build a Better Box, Put Your Box in a Better Loop
Commentary  |  8/22/2017  | 
Powered by big data and machine learning, next-gen attacks will include perpetual waves of malware, phishes, and false websites nearly indistinguishable from the real things. Here's how to prepare.
Comparing Private and Public Cloud Threat Vectors
Commentary  |  8/22/2017  | 
Many companies moving from a private cloud to a cloud service are unaware of increased threats.
The Pitfalls of Cyber Insurance
Commentary  |  8/21/2017  | 
Cyber insurance is 'promising' but it won't totally protect your company against hacks.
Curbing the Cybersecurity Workforce Shortage with AI
Commentary  |  8/18/2017  | 
By using cognitive technologies, an organization can address the talent shortage by getting more productivity from current employees and improving processes.
Critical Infrastructure, Cybersecurity & the 'Devils Rope'
Commentary  |  8/17/2017  | 
How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it.
Kill Switches, Vaccines & Everything in Between
Commentary  |  8/17/2017  | 
The language can be a bit fuzzy at times, but there are real differences between the various ways of disabling malware.
The Day of Reckoning: Cybercrimes Impact on Brand
Commentary  |  8/16/2017  | 
Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.
Discover a Data Breach? Try Compassion First
Commentary  |  8/16/2017  | 
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017  | 
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
Cybersecurity: The Responsibility of Everyone
Commentary  |  8/15/2017  | 
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
What CISOs Need to Know about the Psychology behind Security Analysis
Commentary  |  8/14/2017  | 
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
Breaches Are Coming: What Game of Thrones Teaches about Cybersecurity
Commentary  |  8/11/2017  | 
Whether youre Lord Commander of the Nights Watch or the CISO of a mainstream business, its not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.
Taking Down the Internet Has Never Been Easier
Commentary  |  8/10/2017  | 
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
Uptick in Malware Targets the Banking Community
Commentary  |  8/9/2017  | 
A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?
Automating Defenses Against Assembly-Line Attacks
Commentary  |  8/8/2017  | 
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
Risky Business: Why Enterprises Cant Abdicate Cloud Security
Commentary  |  8/7/2017  | 
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
Are Third-Party Services Ready for the GDPR?
Commentary  |  8/4/2017  | 
Third-party scripts are likely to be a major stumbling block for companies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.
Why Cybersecurity Needs a Human in the Loop
Commentary  |  8/3/2017  | 
It's no longer comparable to Kasparov versus Deep Blue. When security teams use AI, it's like Kasparov consulting with Deep Blue before deciding on his next move.
Staying in Front of Cybersecurity Innovation
Commentary  |  8/2/2017  | 
Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.
Digital Crime-Fighting: The Evolving Role of Law Enforcement
Commentary  |  8/1/2017  | 
Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.


More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11489
PUBLISHED: 2018-05-26
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
CVE-2018-11490
PUBLISHED: 2018-05-26
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspe...
CVE-2018-11493
PUBLISHED: 2018-05-26
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.
CVE-2018-11487
PUBLISHED: 2018-05-26
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.
CVE-2018-11471
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.