Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Curt Franklin

Content posted in August 2017
Millions of Email Addresses Exposed in Latest Malware Database
Curt Franklin  |  8/30/2017  | 
A database housed in the Netherlands is found to contain hundreds of millions of hacked email addresses.
Automation Deserves Skepticism
Curt Franklin  |  8/29/2017  | 
While automation might be the next great tech wave, let's take some time to consider it.
Black Hats Win: Results From the Latest SecurityNow.com Poll
Curt Franklin  |  8/28/2017  | 
The hat you wear as a security researcher matters, say those who took the latest SecurityNow.com poll. And the most effective hat color is black.
DDoS Trends Show Big Impact From Fewer Servers
Curt Franklin  |  8/25/2017  | 
A change in control networks means that this quarter saw DDoS attacks from fewer endpoints, each having a bigger impact.
Friday Haiku: Fear the Zombie Server
Curt Franklin  |  8/25/2017  | 
DDoS attacks are lurking in armies of zombie servers.
DoJ Narrows Scope of DreamHost Warrant
Curt Franklin  |  8/23/2017  | 
The Department of Justice has scaled back the demands of a search warrant served to web hosting provider DreamHost.
Delaware Requires Data Security in New Law
Curt Franklin  |  8/23/2017  | 
Delaware has become the latest state requiring companies to protect private data.
New SaaS Service Offers Order for Access
Curt Franklin  |  8/22/2017  | 
One Identity's new SaaS offering, Starling IARI, analyzes user access and roles to secure enterprise networks.
Voice of Security Radio: Building Secure Applications
Curt Franklin  |  8/22/2017  | 
In too many companies, security vulnerabilities start at the application. Join us for this week's episode to hear how to make your applications more secure.
Amazon S3 Errors Hit Home Again
Curt Franklin  |  8/21/2017  | 
Another S3 data release shows the critical importance of correctly configuring the cloud storage service.
Finding Tools for DevSecOps
Curt Franklin  |  8/18/2017  | 
Finding the right tools can be the start of the right path toward DevSecOps. Here's how to start the hunt.
Questions of Colors
Curt Franklin  |  8/18/2017  | 
A Friday Haiku asks about the color of your hat.
Rackspace Strengthens Its Managed Security Story
Curt Franklin  |  8/17/2017  | 
Rackspace is adding features and functions to its managed security offerings. Is it all a company needs?
Voice of Security Radio: Finding Flaws in the IoT
Curt Franklin  |  8/15/2017  | 
Can we crowdsource our way to IoT security? Join editor Curt Franklin and Bugcrowd's Casey Ellis as they talk about the possibilities.
DevSecOps: Security in the Process
Curt Franklin  |  8/15/2017  | 
Can building security into the process make everything more secure? Proponents of DevSecOps say 'Yes.'
Obscurity Hampers Security: The Latest Survey
Curt Franklin  |  8/11/2017  | 
Lack of visibility is the number one obstacle to security, according to a new study released this week.
Friday Haiku: On the Path
Curt Franklin  |  8/11/2017  | 
This week's Friday Haiku looks beyond agile.
Defining DevOps for the Enterprise
Curt Franklin  |  8/9/2017  | 
Is there anything in the DevOps methodology that makes it impossible to use for secure development? To get the answer, first you have to define DevOps.
Voice of Security Radio: In the Name (Server) of Security
Curt Franklin  |  8/8/2017  | 
Join Curt Franklin and his guest, Cricket Liu of Infoblox, as they talk about DNS's role in security.
HONEST Poll Results: When Should You Pay the Ransom?
Curt Franklin  |  8/7/2017  | 
When ransomware hits, when should you just pay up? The Security Now community has spoken.
WannaCry Hero in FBI Custody
Curt Franklin  |  8/7/2017  | 
Marcus Hutchins, the researcher who killed WannaCry, was arrested last week in Las Vegas. Should his arrest send a chill over the researcher community?
The Friday Haiku: Old-Fashioned Security
Curt Franklin  |  8/4/2017  | 
A Friday InfoSec haiku.
Women in Information Security: Voice of Security Radio
Curt Franklin  |  8/1/2017  | 
Join Curt Franklin as he talks with Kate Kuehn, head of security practice for BT Americas, about the role of the CISO and the possibilities in a more diverse workforce.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...