Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in August 2017
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Commentary  |  8/31/2017  | 
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
Hacking the Security Job Application Process
Commentary  |  8/30/2017  | 
Simple advice to help job seekers dig out of the black hole of recruiter and employer hiring portals.
How Hackers Hide Their Malware: Advanced Obfuscation
Commentary  |  8/30/2017  | 
Hackers continue to develop new ways to break into systems. Here are three of them, along with ways to fight back.
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Commentary  |  8/29/2017  | 
Once you've got a lake full of data, it's essential that your analysis isn't left stranded on the shore.
Dark Reading Now HTTPS
Commentary  |  8/29/2017  | 
Moving a site that's more than a decade old to HTTPS has been a journey, and we're almost there.
How Hackers Hide Their Malware: The Basics
Commentary  |  8/29/2017  | 
Malware depends on these four basic techniques to avoid detection.
Cybersecurity: An Asymmetrical Game of War
Commentary  |  8/28/2017  | 
To stay ahead of the bad guys, security teams need to think like criminals, leverage AIs ability to find malicious threats, and stop worrying that machine learning will take our jobs.
A Call for New Voices on the Security Conference Circuit
Commentary  |  8/25/2017  | 
If the mere idea of talking in public makes you want to hide in a bathroom stall with a stuffed bobcat, think again.
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Commentary  |  8/24/2017  | 
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017  | 
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
The Changing Face & Reach of Bug Bounties
Commentary  |  8/23/2017  | 
HackerOne CEO Mrten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
Why You Need to Study Nation-State Attacks
Commentary  |  8/23/2017  | 
Want to know what attacks against businesses will look like soon? Examine nation-state attacks now.
Coming Soon to Dark Reading...
Commentary  |  8/22/2017  | 
Event calendar: Dark Reading brings you threat intelligence tomorrow, boardroom communication next week, and coming in November, a brand new conference in the D.C. area.
Battle of the AIs: Don't Build a Better Box, Put Your Box in a Better Loop
Commentary  |  8/22/2017  | 
Powered by big data and machine learning, next-gen attacks will include perpetual waves of malware, phishes, and false websites nearly indistinguishable from the real things. Here's how to prepare.
Comparing Private and Public Cloud Threat Vectors
Commentary  |  8/22/2017  | 
Many companies moving from a private cloud to a cloud service are unaware of increased threats.
The Pitfalls of Cyber Insurance
Commentary  |  8/21/2017  | 
Cyber insurance is 'promising' but it won't totally protect your company against hacks.
Curbing the Cybersecurity Workforce Shortage with AI
Commentary  |  8/18/2017  | 
By using cognitive technologies, an organization can address the talent shortage by getting more productivity from current employees and improving processes.
Critical Infrastructure, Cybersecurity & the 'Devils Rope'
Commentary  |  8/17/2017  | 
How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it.
Kill Switches, Vaccines & Everything in Between
Commentary  |  8/17/2017  | 
The language can be a bit fuzzy at times, but there are real differences between the various ways of disabling malware.
The Day of Reckoning: Cybercrimes Impact on Brand
Commentary  |  8/16/2017  | 
Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.
Discover a Data Breach? Try Compassion First
Commentary  |  8/16/2017  | 
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017  | 
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
Cybersecurity: The Responsibility of Everyone
Commentary  |  8/15/2017  | 
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
What CISOs Need to Know about the Psychology behind Security Analysis
Commentary  |  8/14/2017  | 
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
Breaches Are Coming: What Game of Thrones Teaches about Cybersecurity
Commentary  |  8/11/2017  | 
Whether youre Lord Commander of the Nights Watch or the CISO of a mainstream business, its not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.
Taking Down the Internet Has Never Been Easier
Commentary  |  8/10/2017  | 
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
Uptick in Malware Targets the Banking Community
Commentary  |  8/9/2017  | 
A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?
Automating Defenses Against Assembly-Line Attacks
Commentary  |  8/8/2017  | 
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
Risky Business: Why Enterprises Cant Abdicate Cloud Security
Commentary  |  8/7/2017  | 
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
Are Third-Party Services Ready for the GDPR?
Commentary  |  8/4/2017  | 
Third-party scripts are likely to be a major stumbling block for companies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.
Why Cybersecurity Needs a Human in the Loop
Commentary  |  8/3/2017  | 
It's no longer comparable to Kasparov versus Deep Blue. When security teams use AI, it's like Kasparov consulting with Deep Blue before deciding on his next move.
Staying in Front of Cybersecurity Innovation
Commentary  |  8/2/2017  | 
Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.
Digital Crime-Fighting: The Evolving Role of Law Enforcement
Commentary  |  8/1/2017  | 
Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of Lumu,  9/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25288
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitra...
CVE-2020-25781
PUBLISHED: 2020-09-30
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
CVE-2020-25830
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
CVE-2020-26159
PUBLISHED: 2020-09-30
In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .
CVE-2020-6654
PUBLISHED: 2020-09-30
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.