Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in September 2015
A Fathers Perspective On The Gender Gap In Cybersecurity
Commentary  |  9/30/2015  | 
There are multiple reasons for the dearth of women in infosec when the field is so rich with opportunity. The big question is what the industry is going to do about it.
The Unintended Attack Surface Of The Internet Of Things
Commentary  |  9/29/2015  | 
How a vulnerability in a common consumer WiFi device is challenging todays enterprise security.
Deconstructing The Challenges Of Software Assurance For Connected Cars
Commentary  |  9/28/2015  | 
Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.
FTC v. Wyndham: Naughty 9 Security Fails to Avoid
Commentary  |  9/25/2015  | 
The Federal Trade Commissions fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.
4 IoT Cybersecurity Issues You Never Thought About
Commentary  |  9/24/2015  | 
Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things.
Shellshocks Cumulative Risk One Year Later
Commentary  |  9/24/2015  | 
How long does it take to patch an entire distribution and bring it up to date? Longer than you think.
The Common Core Of Application Security
Commentary  |  9/22/2015  | 
Why you will never succeed by teaching to the test.
Why Its Insane To Trust Static Analysis
Commentary  |  9/22/2015  | 
If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts.
Navigating The Slippery Slope Of Public Security Disclosure
Commentary  |  9/21/2015  | 
In talking publicly about cybersecurity, CISOs need to portray capability, strength, and confidence, but without offering critical details that could lead to an attack.
Visibility: The Key To Security In The Cloud
Commentary  |  9/18/2015  | 
You cant secure what you cant see. These five best practices will shed some light on how to protect your data from the ground up.
5 Most Common Firewall Configuration Mistakes
Commentary  |  9/17/2015  | 
A misconfigured firewall can damage your organization in more ways than you think. Heres where to look for the holes.
'No-Tell' Motel: Where Hospitality Meets Cybercrime On The Dark Web
Commentary  |  9/16/2015  | 
In the month of July alone, hundreds of hospitality-related goods and services were offered for sale on the Dark Web including big names like Wyndham, Marriott, Hilton and Starwood.
Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET
Commentary  |  9/15/2015  | 
Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.
Information Security Lessons From Literature
Commentary  |  9/15/2015  | 
How classic themes about listening, honesty, and truthfulness can strengthen your organizations security posture, programs and operations.
The Truth About DLP & SIEM: Its A Process Not A Product
Commentary  |  9/11/2015  | 
If you know what data is critical to your organization and what activities are abnormal, data loss prevention and security information event management work pretty well. But thats not usually the case.
What Ashley Madison Can Teach The Rest Of Us About Data Security
Commentary  |  9/10/2015  | 
For a company whose offering can best be described as discretion-as-a-service, using anything less than state-of-the-art threat detection capabilities is inexcusable.
Why Everybody Loves (And Hates) Security
Commentary  |  9/9/2015  | 
Even security professionals hate security. So why do we all harbor so much dislike for something we need so much? And what can we do about it?
Avoiding Magpie Syndrome In Cybersecurity
Commentary  |  9/8/2015  | 
A quick fix usually isnt. Heres why those bright shiny new point solutions and security features can cause more harm than good.
Back To Basics: 10 Security Best Practices
Commentary  |  9/4/2015  | 
The most effective strategy for keeping organizations, users and customers safe is to focus on the fundamentals.
Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy
Commentary  |  9/2/2015  | 
You can read all you want about Windows 10 powerful new privacy features, but that doesnt mean you have them.
We Can Allow Cybersecurity Research Without Stifling Innovation
Commentary  |  9/1/2015  | 
The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...
CVE-2021-25808
PUBLISHED: 2021-07-23
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.