Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in September 2019
'Harvesting Attacks' & the Quantum Revolution
Commentary  |  9/30/2019  | 
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
Is Your Organization Suffering from Security Tool Sprawl?
Commentary  |  9/27/2019  | 
Most companies have too many tools, causing increased costs and security issues.
Bridging the Gap Between Security & DevOps
Commentary  |  9/26/2019  | 
An inside look into the engineering mindset of DevOps from the vantage of a career security professional.
Why You Need to Think About API Security
Commentary  |  9/26/2019  | 
Businesses of all sorts are increasingly relying on APIs to interact with customers in smartphone apps, but they have their own unique set of vulnerabilities.
Long-Lining: Reeling In the Big Fish in Your Supply Chain
Commentary  |  9/25/2019  | 
The object of this new attack campaign is not swordfish or tuna but high-ranking executives within target organizations.
The Future of Account Security: A World Without Passwords?
Commentary  |  9/25/2019  | 
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
4 Cybersecurity Best Practices for Electrical Engineers
Commentary  |  9/24/2019  | 
Most electrical engineering firms are targeted by threat actors of opportunity because of two necessary ingredients: people and computers. These four tips will help keep you safer.
6 Best Practices for Performing Physical Penetration Tests
Commentary  |  9/24/2019  | 
A cautionary tale from a pen test gone wrong in an Iowa county courthouse.
How Network Logging Mitigates Legal Risk
Commentary  |  9/23/2019  | 
Logging that is turned on, captured, and preserved immediately after a cyber event is proof positive that personal data didn't fall into the hands of a cybercriminal.
A Safer IoT Future Must Be a Joint Effort
Commentary  |  9/20/2019  | 
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
Deconstructing an iPhone Spearphishing Attack
Commentary  |  9/19/2019  | 
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
Crowdsourced Security & the Gig Economy
Commentary  |  9/19/2019  | 
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
DevSecOps: Recreating Cybersecurity Culture
Commentary  |  9/18/2019  | 
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
How Ransomware Criminals Turn Friends into Enemies
Commentary  |  9/18/2019  | 
Managed service providers are the latest pawns in ransomware's game of chess.
5 Common Cloud Configuration Mistakes
Commentary  |  9/17/2019  | 
It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Commentary  |  9/17/2019  | 
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
Preventing PTSD and Burnout for Cybersecurity Professionals
Commentary  |  9/16/2019  | 
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
Taking a Fresh Look at Security Ops: 10 Tips
Commentary  |  9/13/2019  | 
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
A Definitive Guide to Crowdsourced Vulnerability Management
Commentary  |  9/12/2019  | 
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
The Fight Against Synthetic Identity Fraud
Commentary  |  9/12/2019  | 
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
Proposed Browser Security Guidelines Would Mean More Work for IT Teams
Commentary  |  9/11/2019  | 
CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.
Firmware: A New Attack Vector Requiring Industry Leadership
Commentary  |  9/11/2019  | 
It's time for cybersecurity manufacturers and solution providers to step up and show leadership in addressing firmware security. Read why and how.
Data Is the New Copper
Commentary  |  9/10/2019  | 
Data breaches fuel a complex cybercriminal ecosystem, similar to copper thefts after the financial crisis.
AI Is Everywhere, but Don't Ignore the Basics
Commentary  |  9/10/2019  | 
Artificial intelligence is no substitute for common sense, and it works best in combination with conventional cybersecurity technology. Here are the basic requirements and best practices you need to know.
From Spyware to Ninja Cable
Commentary  |  9/9/2019  | 
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.
Why Businesses Fail to Address DNS Security Exposures
Commentary  |  9/6/2019  | 
Increasing awareness about the critical importance of DNS security is the first step in improving the risk of being attacked. It's time to get proactive.
Automation: Friend of the SOC Analyst
Commentary  |  9/5/2019  | 
Faced by increasingly sophisticated threats, organizations are realizing the benefits of automation in their cybersecurity programs.
It's Not Healthy to Confuse Compliance with Security
Commentary  |  9/5/2019  | 
Healthcare organizations should be alarmed by the frequency and severity of cyberattacks. Don't assume you're safe from them just because you're compliant with regulations.
An Inside Look at How CISOs Prioritize Budgets & Evaluate Vendors
Commentary  |  9/4/2019  | 
In-depth interviews with four market-leading CISOs reveal how they prioritize budgets, measure ROI on security investments, and evaluate new vendors.
A Tale of Two Buzzwords: 'Automated' and 'Autonomous' Solutions Aren't the Same Thing
Commentary  |  9/4/2019  | 
Enterprises must learn the difference between the two and the appropriate use cases for each.
3 Promising Technologies Making an Impact on Cybersecurity
Commentary  |  9/3/2019  | 
The common thread: Each acts as a force multiplier, adding value to every other security technology around it.
Upping the Ante on Anti-Analysis
Commentary  |  9/3/2019  | 
Attackers are becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection.
ISAC 101: Unlocking the Power of Information
Commentary  |  9/2/2019  | 
How information sharing and analysis centers provide contextual threat information by creating communities that helps security professionals and their organizations grow in maturity and capability.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
APT Groups Set Sights on Linux Targets: Inside the Trend
Kelly Sheridan, Staff Editor, Dark Reading,  9/11/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25750
PUBLISHED: 2020-09-18
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This ...
CVE-2020-25751
PUBLISHED: 2020-09-18
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.
CVE-2020-25733
PUBLISHED: 2020-09-18
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.
CVE-2020-25734
PUBLISHED: 2020-09-18
webTareas through 2.1 allows files/Default/ Directory Listing.
CVE-2020-25735
PUBLISHED: 2020-09-18
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.