Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Curt Franklin

Content posted in August 2017
Millions of Email Addresses Exposed in Latest Malware Database
Curt Franklin  |  8/30/2017  | 
A database housed in the Netherlands is found to contain hundreds of millions of hacked email addresses.
Automation Deserves Skepticism
Curt Franklin  |  8/29/2017  | 
While automation might be the next great tech wave, let's take some time to consider it.
Black Hats Win: Results From the Latest SecurityNow.com Poll
Curt Franklin  |  8/28/2017  | 
The hat you wear as a security researcher matters, say those who took the latest SecurityNow.com poll. And the most effective hat color is black.
DDoS Trends Show Big Impact From Fewer Servers
Curt Franklin  |  8/25/2017  | 
A change in control networks means that this quarter saw DDoS attacks from fewer endpoints, each having a bigger impact.
Friday Haiku: Fear the Zombie Server
Curt Franklin  |  8/25/2017  | 
DDoS attacks are lurking in armies of zombie servers.
DoJ Narrows Scope of DreamHost Warrant
Curt Franklin  |  8/23/2017  | 
The Department of Justice has scaled back the demands of a search warrant served to web hosting provider DreamHost.
Delaware Requires Data Security in New Law
Curt Franklin  |  8/23/2017  | 
Delaware has become the latest state requiring companies to protect private data.
New SaaS Service Offers Order for Access
Curt Franklin  |  8/22/2017  | 
One Identity's new SaaS offering, Starling IARI, analyzes user access and roles to secure enterprise networks.
Voice of Security Radio: Building Secure Applications
Curt Franklin  |  8/22/2017  | 
In too many companies, security vulnerabilities start at the application. Join us for this week's episode to hear how to make your applications more secure.
Amazon S3 Errors Hit Home Again
Curt Franklin  |  8/21/2017  | 
Another S3 data release shows the critical importance of correctly configuring the cloud storage service.
Finding Tools for DevSecOps
Curt Franklin  |  8/18/2017  | 
Finding the right tools can be the start of the right path toward DevSecOps. Here's how to start the hunt.
Questions of Colors
Curt Franklin  |  8/18/2017  | 
A Friday Haiku asks about the color of your hat.
Rackspace Strengthens Its Managed Security Story
Curt Franklin  |  8/17/2017  | 
Rackspace is adding features and functions to its managed security offerings. Is it all a company needs?
Voice of Security Radio: Finding Flaws in the IoT
Curt Franklin  |  8/15/2017  | 
Can we crowdsource our way to IoT security? Join editor Curt Franklin and Bugcrowd's Casey Ellis as they talk about the possibilities.
DevSecOps: Security in the Process
Curt Franklin  |  8/15/2017  | 
Can building security into the process make everything more secure? Proponents of DevSecOps say 'Yes.'
Obscurity Hampers Security: The Latest Survey
Curt Franklin  |  8/11/2017  | 
Lack of visibility is the number one obstacle to security, according to a new study released this week.
Friday Haiku: On the Path
Curt Franklin  |  8/11/2017  | 
This week's Friday Haiku looks beyond agile.
Defining DevOps for the Enterprise
Curt Franklin  |  8/9/2017  | 
Is there anything in the DevOps methodology that makes it impossible to use for secure development? To get the answer, first you have to define DevOps.
Voice of Security Radio: In the Name (Server) of Security
Curt Franklin  |  8/8/2017  | 
Join Curt Franklin and his guest, Cricket Liu of Infoblox, as they talk about DNS's role in security.
HONEST Poll Results: When Should You Pay the Ransom?
Curt Franklin  |  8/7/2017  | 
When ransomware hits, when should you just pay up? The Security Now community has spoken.
WannaCry Hero in FBI Custody
Curt Franklin  |  8/7/2017  | 
Marcus Hutchins, the researcher who killed WannaCry, was arrested last week in Las Vegas. Should his arrest send a chill over the researcher community?
The Friday Haiku: Old-Fashioned Security
Curt Franklin  |  8/4/2017  | 
A Friday InfoSec haiku.
Women in Information Security: Voice of Security Radio
Curt Franklin  |  8/1/2017  | 
Join Curt Franklin as he talks with Kate Kuehn, head of security practice for BT Americas, about the role of the CISO and the possibilities in a more diverse workforce.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9079
PUBLISHED: 2020-08-11
FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product.
CVE-2020-16275
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-16276
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16277
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16278
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.