Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in September 2016
Today's Cybersecurity Management Requires A New Approach
Commentary  |  9/30/2016  | 
The current managed security services provider model just doesn't work in our information-rich world. Time to shake things up.
Fear & Loathing In The Cloud
Commentary  |  9/29/2016  | 
Whether you've already bought your ticket for the cloud or still have some issues to sort through, fine-tune your security practices to make sure your ride is a smooth one.
Hacking The Polls: Where US Voting Processes Fall Short
Commentary  |  9/28/2016  | 
The patchwork of 50 decentralized state electoral systems threatens to disrupt our national election through ransomware attacks, hijacked voter registration rolls, and altered voting results.
5 Best Practices For Winning the IoT Security Arms Race
Commentary  |  9/27/2016  | 
By focusing on a pragmatic approach to security, its possible to develop IoT solutions that will reduce future risk without breaking the bank.
Mobile Fraud Changes Outlook for Multifactor Authentication
Commentary  |  9/27/2016  | 
SMS one-time passcodes just won't cut it anymore. We need new approaches that people will actually use.
What The WADA Hack Proves About Today's Threat Landscape
Commentary  |  9/26/2016  | 
Fancy Bear's initial release of data on four top American athletes reminds us all to reassess our risks.
7 New Rules For IoT Safety & Vuln Disclosure
Commentary  |  9/24/2016  | 
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
On-Premises & In The Cloud: Making Sense Of Your Cybersecurity Ecosystem
Commentary  |  9/23/2016  | 
As enterprises continue to invest in hybrid cloud strategies, they need their fragmented security solutions to work together.
Snowden: Hollywood Highlights 2 Persistent Privacy Threats
Commentary  |  9/22/2016  | 
Oliver Stones movie shows us that while most of us have nothing to hide, we all have information worth protecting both technically and constitutionally.
Even A False Positive Can Be Valuable
Commentary  |  9/22/2016  | 
Sharing information about cyberthreats is important for the financial services industry, even when threats turn out to be not-so-threatening.
A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack
Commentary  |  9/21/2016  | 
This slightly modified model is a practical way to keep attackers out of your systems.
Hacking 'Forward With Weaponized Intelligence
Commentary  |  9/20/2016  | 
Instead of hacking back and taking the fight to your adversary, what if your organization hacked forward by unearthing breach scenarios before the hackers do?
What Smart Cities Can Teach Enterprises About Security
Commentary  |  9/19/2016  | 
The more you simplify your security program while still being effective, the better, says San Diegos chief information security officer. Heres his three-step process.
Whats The Risk? 3 Things To Know About Chatbots & Cybersecurity
Commentary  |  9/19/2016  | 
Interactive message bots are useful and becoming more popular, but they raise serious security issues.
Why You May Need To Shake Up Your DevOps Team To Manage The Cloud
Commentary  |  9/16/2016  | 
The security approaches of yesterday wont work in the cloud world of today and tomorrow.
20 Questions Security Leaders Need To Ask About Analytics
Commentary  |  9/15/2016  | 
The game of 20 questions is a great way to separate vendors that meets your needs from those who will likely disappoint.
Yes, The Cloud Can Be A Security Win
Commentary  |  9/15/2016  | 
With the right controls in place, the cloud doesnt have to be a scary place. These guidelines can help your company stay safe.
Risk Management Best Practices For CISOs
Commentary  |  9/14/2016  | 
What's your company's risk appetite? Our list of best practices can help you better understand a difficult topic.
A Moving Target: Tackling Cloud Security As A Data Issue
Commentary  |  9/13/2016  | 
Todays challenge is protecting critical information that an increasingly mobile workforce transfers every day between clouds, between cloud and mobile, and between cloud, mobile, and IoT.
Snowden May Help Explain Your Job To Your Family
Commentary  |  9/12/2016  | 
Hacking Oliver Stone's new film about whistleblower Edward Snowden.
New Book Traces Obama Strategy To Protect America From Hackers, Terrorists & Nation States
Commentary  |  9/12/2016  | 
A review of Charlie Mitchell's 'Hacked: The Inside Story of Americas Struggle to Secure Cyberspace.'
Data Manipulation: An Imminent Threat
Commentary  |  9/12/2016  | 
Critical industries are largely unprepared for a potential wave of destructive attacks.
Avoiding The Blame Game For A Cyberattack
Commentary  |  9/8/2016  | 
How organizations can develop a framework of acceptable care for cybersecurity risk.
The Shifting Mindset Of Financial Services CSOs
Commentary  |  9/8/2016  | 
Theyre getting more realistic and developing strategies to close security gaps.
Defining The Common Core Of Cybersecurity: Certifications + Practical Experience
Commentary  |  9/7/2016  | 
Security certifications are necessary credentials, but alone wont solve the industrys critical talent gap.
Introducing Deep Learning: Boosting Cybersecurity With An Artificial Brain
Commentary  |  9/6/2016  | 
With nearly the same speed and precision that the human eye can identify a water bottle, the technology of deep learning is enabling the detection of malicious activity at the point of entry in real-time.
Why Social Media Sites Are The New Cyber Weapons Of Choice
Commentary  |  9/6/2016  | 
Facebook, LinkedIn, and Twitter cant secure their own environments, let alone yours. Its time to sharpen your security acumen.
The New Security Mindset: Embrace Analytics To Mitigate Risk
Commentary  |  9/5/2016  | 
Sure, conducting a penetration test can find a weakness. But to truly identify key areas of risk, organizations must start to think more creatively, just like todays hackers.
3 Golden Rules For Managing Third-Party Security Risk
Commentary  |  9/1/2016  | 
Rule 1: know where your data sets are, which vendors have access to the data, and what privacy and security measures are in place.
How To Talk About Security With Every C-Suite Member
Commentary  |  9/1/2016  | 
Reframe your approach with context in order to get your message across.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-23807
PUBLISHED: 2022-01-22
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
CVE-2022-23808
PUBLISHED: 2022-01-22
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
CVE-2022-21707
PUBLISHED: 2022-01-21
wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, bu...
CVE-2022-21708
PUBLISHED: 2022-01-21
graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL han...
CVE-2022-23363
PUBLISHED: 2022-01-21
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php.