Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Commentary

Content posted in September 2020
IDaaS: A New Era of Cloud Identity
Commentary  |  9/30/2020  | 
As identity-as-a-service becomes the standard for enterprise identity management, upstarts and established competitors are competing to define the market's future. Participate in Omdia's IDaaS research.
COVID-19 Creates Opening for OT Security Reform
Commentary  |  9/30/2020  | 
Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.
Attacker Dwell Time: Ransomware's Most Important Metric
Commentary  |  9/30/2020  | 
How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network.
Shifting Left of Left: Why Secure Code Isn't Always Quality Code
Commentary  |  9/29/2020  | 
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk
Commentary  |  9/29/2020  | 
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?
Safeguarding Schools Against RDP-Based Ransomware
Commentary  |  9/28/2020  | 
How getting online learning right today will protect schools, and the communities they serve, for years to come.
WannaCry Has IoT in Its Crosshairs
Commentary  |  9/25/2020  | 
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
Solving the Problem With Security Standards
Commentary  |  9/24/2020  | 
More explicit threat models can make security better and open the door to real and needed innovation.
Since Remote Work Isn't Going Away, Security Should Be the Focus
Commentary  |  9/24/2020  | 
These three steps will help organizations reduce long-term work-from-home security risks.
My Journey Toward SAP Security
Commentary  |  9/23/2020  | 
When applications are critical to the business's core functions, the CISO and their staff better get the security right.
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
Commentary  |  9/23/2020  | 
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
New Google Search Hacks Push Viruses & Porn
Commentary  |  9/22/2020  | 
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
Permission Management & the Goldilocks Conundrum
Commentary  |  9/22/2020  | 
In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right."
5 Steps to Greater Cyber Resiliency
Commentary  |  9/21/2020  | 
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
Mitigating Cyber-Risk While We're (Still) Working from Home
Commentary  |  9/18/2020  | 
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
Time for CEOs to Stop Enabling China's Blatant IP Theft
Commentary  |  9/17/2020  | 
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
Struggling to Secure Remote IT? 3 Lessons from the Office
Commentary  |  9/17/2020  | 
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Commentary  |  9/16/2020  | 
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
Cybersecurity Bounces Back, but Talent Still Absent
Commentary  |  9/16/2020  | 
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
Taking Security With You in the WFH Era: What to Do Next
Commentary  |  9/15/2020  | 
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Commentary  |  9/15/2020  | 
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
Simplify Your Privacy Approach to Overcome CCPA Challenges
Commentary  |  9/15/2020  | 
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
Open Source Security's Top Threat and What To Do About It
Commentary  |  9/14/2020  | 
With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.
Fraud Prevention During the Pandemic
Commentary  |  9/11/2020  | 
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.
Managed IT Providers: The Cyber-Threat Actors' Gateway to SMBs
Commentary  |  9/10/2020  | 
Criminals have made MSPs a big target of their attacks. That should concern small and midsize businesses a great deal.
Ripple20 Malware Highlights Industrial Security Challenges
Commentary  |  9/10/2020  | 
Poor security practices allowed software vulnerabilities to propagate throughout industrial and IoT products for more than 20 years.
7 Cybersecurity Priorities for Government Agencies & Political Campaigns
Commentary  |  9/9/2020  | 
As election season ramps up, organizations engaged in the process must strengthen security to prevent chaos and disorder from carrying the day. Here's how.
Top 5 Identity-Centric Security Imperatives for Newly Minted Remote Workers
Commentary  |  9/9/2020  | 
In the wake of COVID-19, today's remote workforce is here to stay, at least for the foreseeable future. And with it, an increase in identity-related security incidents.
VPNs: The Cyber Elephant in the Room
Commentary  |  9/8/2020  | 
While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.
8 Frequently Asked Questions on Organizations' Data Protection Programs
Commentary  |  9/8/2020  | 
Adherence to data protection regulations requires a multidisciplinary approach that has the commitment of all employees. Expect to be asked questions like these.
The Hidden Security Risks of Business Applications
Commentary  |  9/4/2020  | 
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.
Fake Data and Fake Information: A Treasure Trove for Defenders
Commentary  |  9/3/2020  | 
Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.
5 Ways for Cybersecurity Teams to Work Smarter, Not Harder
Commentary  |  9/3/2020  | 
Burnout is real and pervasive, but some common sense tools and techniques can help mitigate all that.
Don't Forget Cybersecurity on Your Back-to-School List
Commentary  |  9/2/2020  | 
School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.
Why Kubernetes Clusters Are Intrinsically Insecure (& What to Do About Them)
Commentary  |  9/2/2020  | 
By following best practices and prioritizing critical issues, you can reduce the chances of a security breach and constrain the blast radius of an attempted attack. Here's how.
ISO 27701 Paves the Way for a Strategic Approach to Privacy
Commentary  |  9/1/2020  | 
As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.
Why Are There Still So Many Windows 7 Devices?
Commentary  |  9/1/2020  | 
As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.


Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26895
PUBLISHED: 2020-10-21
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
CVE-2020-26896
PUBLISHED: 2020-10-21
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
CVE-2020-5790
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5791
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVE-2020-5792
PUBLISHED: 2020-10-20
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.