Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in September 2015
A Fathers Perspective On The Gender Gap In Cybersecurity
Commentary  |  9/30/2015  | 
There are multiple reasons for the dearth of women in infosec when the field is so rich with opportunity. The big question is what the industry is going to do about it.
The Unintended Attack Surface Of The Internet Of Things
Commentary  |  9/29/2015  | 
How a vulnerability in a common consumer WiFi device is challenging todays enterprise security.
Deconstructing The Challenges Of Software Assurance For Connected Cars
Commentary  |  9/28/2015  | 
Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.
FTC v. Wyndham: Naughty 9 Security Fails to Avoid
Commentary  |  9/25/2015  | 
The Federal Trade Commissions fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.
4 IoT Cybersecurity Issues You Never Thought About
Commentary  |  9/24/2015  | 
Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things.
Shellshocks Cumulative Risk One Year Later
Commentary  |  9/24/2015  | 
How long does it take to patch an entire distribution and bring it up to date? Longer than you think.
The Common Core Of Application Security
Commentary  |  9/22/2015  | 
Why you will never succeed by teaching to the test.
Why Its Insane To Trust Static Analysis
Commentary  |  9/22/2015  | 
If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts.
Navigating The Slippery Slope Of Public Security Disclosure
Commentary  |  9/21/2015  | 
In talking publicly about cybersecurity, CISOs need to portray capability, strength, and confidence, but without offering critical details that could lead to an attack.
Visibility: The Key To Security In The Cloud
Commentary  |  9/18/2015  | 
You cant secure what you cant see. These five best practices will shed some light on how to protect your data from the ground up.
5 Most Common Firewall Configuration Mistakes
Commentary  |  9/17/2015  | 
A misconfigured firewall can damage your organization in more ways than you think. Heres where to look for the holes.
'No-Tell' Motel: Where Hospitality Meets Cybercrime On The Dark Web
Commentary  |  9/16/2015  | 
In the month of July alone, hundreds of hospitality-related goods and services were offered for sale on the Dark Web including big names like Wyndham, Marriott, Hilton and Starwood.
Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET
Commentary  |  9/15/2015  | 
Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.
Information Security Lessons From Literature
Commentary  |  9/15/2015  | 
How classic themes about listening, honesty, and truthfulness can strengthen your organizations security posture, programs and operations.
The Truth About DLP & SIEM: Its A Process Not A Product
Commentary  |  9/11/2015  | 
If you know what data is critical to your organization and what activities are abnormal, data loss prevention and security information event management work pretty well. But thats not usually the case.
What Ashley Madison Can Teach The Rest Of Us About Data Security
Commentary  |  9/10/2015  | 
For a company whose offering can best be described as discretion-as-a-service, using anything less than state-of-the-art threat detection capabilities is inexcusable.
Why Everybody Loves (And Hates) Security
Commentary  |  9/9/2015  | 
Even security professionals hate security. So why do we all harbor so much dislike for something we need so much? And what can we do about it?
Avoiding Magpie Syndrome In Cybersecurity
Commentary  |  9/8/2015  | 
A quick fix usually isnt. Heres why those bright shiny new point solutions and security features can cause more harm than good.
Back To Basics: 10 Security Best Practices
Commentary  |  9/4/2015  | 
The most effective strategy for keeping organizations, users and customers safe is to focus on the fundamentals.
Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy
Commentary  |  9/2/2015  | 
You can read all you want about Windows 10 powerful new privacy features, but that doesnt mean you have them.
We Can Allow Cybersecurity Research Without Stifling Innovation
Commentary  |  9/1/2015  | 
The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age.


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4245
PUBLISHED: 2019-12-11
Orca has arbitrary code execution due to insecure Python module load
CVE-2013-4593
PUBLISHED: 2019-12-11
RubyGem omniauth-facebook has an access token security vulnerability
CVE-2013-6495
PUBLISHED: 2019-12-11
JBossWeb Bayeux has reflected XSS
CVE-2013-7370
PUBLISHED: 2019-12-11
node-connect before 2.8.2 has cross site scripting in methodOverride Middleware
CVE-2019-18935
PUBLISHED: 2019-12-11
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote cod...