theQuery571 => select top 100 * from ( select piddl_content.*, piddl_contentgroups.piddlcontentgroup_id, piddl_contentgroups.piddlcontentgroup_publication, piddl_contentgroups.piddlcontentgroup_name, piddl_contentgroups.piddlcontentgroup_maxcontentcount, doc_id, doc_headline, doc_byline, doc_location, doc_pool, doc_published, doc_modified, doc_expires, doc_url, doc_section, doc_sort, doc_summary_short, doc_summary_med, doc_summary_long, doc_address, doc_image, doc_text, section_id, section_publication, section_type, section_url, section_name, section_site, section_language, doc_editor_name, webinar_master.*, case when piddlcontent_type = 'document' and section_type in ('Radio Show','Lecture','Live Chat','Crowd Source Session','Video Show') then doc_modified when piddlcontent_type = 'document' and (section_type is null or section_type not in ('Radio Show','Lecture','Live Chat','Crowd Source Session','Video Show')) then doc_published when piddlcontent_type = 'webinar' then webinar_date_begin else piddlcontent_createDate end as piddlcontent_pubdate, sub_listpublications.listpub_list from informationweek.dbo.piddl_content piddl_content left join informationweek.dbo.piddl_contentgroups piddl_contentgroups on piddlcontent_contentgroupid = piddlcontentgroup_id left join informationweek.dbo.msg_messages msg_messages on piddlcontent_keyid = msg_id and piddlcontent_type = 'message' left join informationweek.dbo.msg_threads msg_threads on msg_thread = thread_id left join doc_documents with (nolock, index(IX_doc_documents_3)) on piddlcontent_keyid = doc_id and piddlcontent_type = 'document' left join doc_sections on doc_section = section_id left join lightreading.doc_editors doc_editors on doc_documents.doc_author = doc_editors.doc_editor left join informationweek.lightreading.webinar_master webinar_master on piddlcontent_keyid = webinar_id and piddlcontent_type = 'webinar' left join informationweek.lightreading.sub_listpublications sub_listpublications on piddlcontent_keyid = listpub_id and piddlcontent_type = 'mailinglist' where piddlcontent_publication in ('darkreading') and 1=1 and piddlcontent_isActive = 1 and (piddlcontent_type <> 'document' or (piddlcontent_type = 'document' and doc_id <> '' and doc_id is not null and section_id <> '' and section_id is not null and section_visible = 1 and doc_pool in ('Public') and doc_published is not null and doc_published <= getdate() and section_language is null )) and 1=1 and piddlcontent_type in ('document') and doc_section in (706) ) as this_recordset order by piddlcontent_pubdate desc Joe Stanganelli - Latest Content - Dark Reading

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Joe Stanganelli

Latest Content
Analytics Startup Claims to Turn Golden Tickets Brass
Joe Stanganelli  |  9/17/2019  | 
The threat of escalation attacks and forged administration levels has plagued Kerberos authentication systems for years. Data-analytics startup Qomplx claims to do the math that solves the problem.
IoE: The Internet of Espionage
Joe Stanganelli  |  4/12/2019  | 
As employees live their lives across an increasingly IoT-enabled landscape (with devices often installed discreetly and with hidden functionalities), enterprise security is threatened by outside factors it cannot control.
5 Years of the NIST Cybersecurity Framework
Joe Stanganelli  |  3/26/2019  | 
With NIST celebrating the five-year anniversary of its widely adopted and recommended Cybersecurity Framework just last month, a look back over the years illustrates how far the Framework has come.
Jackson County Still Recovering After Paying Ryuk Ransom
Joe Stanganelli  |  3/21/2019  | 
Radio silence after reports of a headline-snagging ransomware payment in Jackson County, Ga., presents a possible case study in the pros and cons of paying ransomware attackers.
Endpoint-Security Companies in High Demand for Buyouts, Partnerships
Joe Stanganelli  |  2/28/2019  | 
Since last year, endpoint-protection firms have been among the biggest movers and shakers in the cybersecurity realm – with the endpoint-security market seeing more than a typical share of acquisitions and strategic partnerships. Joe Stanganelli takes a look at why this might be happening.
Digital Transformation With IoT: Assessing Risk Through Standards & Visibility
Joe Stanganelli  |  2/27/2019  | 
IoT transformation is a gift and a curse that carries both business agility and business risk. As the world digitally transforms into something "smarter" than itself, IoT devices proliferate, demanding a lot of resources to keep up with them all – and, by extension, secure them all.
Digital Transformation With Cloud: Answering Risks With Algorithms
Joe Stanganelli  |  2/20/2019  | 
Cloud projects are big. Huge. So it's not perpetuating FUD to point out that cloud transformation still bears security and data-stewardship risks. But what appears too big a challenge for mere man might be no match for machine.
Take White Hats Seriously to Staunch the Flow of Zero-Days
Joe Stanganelli  |  2/19/2019  | 
Zero-day vulnerabilities are serious, and on the rise. And IT-security teams make the problem worse when they fail to respond, or respond poorly, to responsible vulnerability disclosures.
Six Large Data Dumps Add Fuel to Collection #1's Fire
Joe Stanganelli  |  2/12/2019  | 
Collection #1 was just the beginning. Researchers at Recorded Future have uncovered six more dark-web data dumps to complete the set and possibly hint at even more password databases circulating.
Google's GDPR Fine: What It Means for Jurisdictional Arbitrage
Joe Stanganelli  |  2/7/2019  | 
In the wake of France's recent 50 million GDPR fine against Google, enterprises should consider GDPR-enforcement considerations when determining the base of their EU operations.\r\n\r\n
UAE's Cyberwar on Civilians Employed Former US Intelligence Operatives
Joe Stanganelli  |  2/1/2019  | 
A recent expos about a surveillance program in the United Arab Emirates raises uncomfortable questions about cyberwarfare and US intelligence officers.
Should All IAM Be CIAM?
Joe Stanganelli  |  1/30/2019  | 
CIAM vendors are right that traditional IAM isn't going to cut it for customer-facing solutions but their sound premises have led to the perverse conclusion of keeping in-house IAM systems suboptimal. What if the power of CIAM could help employees realize better usability and security too?
US Air Force: 5G Dominance Critical to National Security
Joe Stanganelli  |  1/7/2019  | 
In a November 2018 report, the US Air Force's Electromagnetic Defense Task Force ranks control of 5G networks and spectrum as a top priority for national security in the event of a substantial electromagnetic disturbance.
GDPR Fines: Some Bark, Little Bite
Joe Stanganelli  |  12/3/2018  | 
As Security Now says 'Happy Halfiversary' to GDPR, we take a look at what few GDPR fines and other DPA orders and guidance have been made public over the past six months.
GDPR Presents New Challenges in Backup & Disaster Recovery Management
Joe Stanganelli  |  11/23/2018  | 
GDPR applies not only to primary systems, but also to backup and recovery systems. Cloud storage, combined with a modicum of common sense, may prove essential to helping with GDPR compliance for these systems.
Living With Compromised Technology Supply Chains in a Post-Supermicro World
Joe Stanganelli  |  10/15/2018  | 
In the wake of Bloomberg's jarring expos on tainted motherboards from mega-manufacturer Supermicro, practical questions remain for enterprise organizations on how they can cope with the scary prospect of compromised hardware.
iOS 12: How Apple Keeps Getting Mobile Security Wrong
Joe Stanganelli  |  9/25/2018  | 
Are iOS updates for suckers? Apple's iOS 12 may represent the latest in a series of flawed releases that could compound user mistrust further training the company's users to delay updates and patches.
California Looks to Pass Rudimentary IoT Security Legislation
Joe Stanganelli  |  9/19/2018  | 
A California bill specific to IoT cybersecurity measures sits on Gov. Jerry Brown's desk, ready for him to sign it into law. The wording and limits of the law, however, leaves questions as to just how big an effect it will have.
Lock Up Your Laptops: Cold Boot Attacks Are Back
Joe Stanganelli  |  9/14/2018  | 
Researchers at F-Secure have developed a workaround to nullify the popular ten-year-old patch that was thought to have solved the problem of cold-boot attacks. Encryption keys and other sensitive data on millions of laptops could be affected.
IAM Heads to the Mobile Cloud
Joe Stanganelli  |  8/16/2018  | 
Persisting problems with identity and access management combined with usability demands are influencing the IAM market. But will enterprise IT step up its IAM game?
DHS: Millions of Smartphones Infected With Severe Embedded Vulnerabilities
Joe Stanganelli  |  8/14/2018  | 
Research from DHS revealed this past week seems to demonstrate that millions of smartphones have deep vulnerabilities allowing for privilege escalation and complete takeover.
California's CCPA Law: Why CISOs Need to Take Heed
Joe Stanganelli  |  7/26/2018  | 
The recently enacted California Consumer Privacy Act, while hardly a sweeping reform of the state's privacy laws, changes the playing field for IT risk and liability where California residents' personal information is concerned.
Seamless Cloud Security Depends on Encryption Done Right
Joe Stanganelli  |  7/2/2018  | 
As the enterprise shift to the cloud, there's a debate about what's best for securing data as it moves from one platform to another. A Boston startup is looking to encrypt data in motion and at rest, and this could be the next big trend.
Is Florida Really Such a Cybersecurity Risk?
Joe Stanganelli  |  6/18/2018  | 
In the wake of a personal-security research report declaring Florida to have the highest level of cybersecurity-risk in the US, a closer look suggests this finding may be neither the most reliable nor the most compelling.
Invisible Network Attacks: Good Encryption vs. Bad Encryption
Joe Stanganelli  |  6/4/2018  | 
Enterprise IT networks represent an encrypted two-way street; just as encryption is a critical defensive measure, network attackers are increasingly relying upon encrypting the malicious network traffic that they send out so as to mask their do-baddery.
Hands-Off Security: Automating & Virtualizing the Enterprise Network
Joe Stanganelli  |  5/31/2018  | 
A series of recent tech events demonstrate that enterprises are increasingly using virtualized automation to improve their network-security posture but perhaps no tool is perfect.
Endpoint Security: 3 Big Obstacles to Overcome
Joe Stanganelli  |  4/17/2018  | 
Two recent reports highlight three major challenges in enterprise endpoint security.
Data Breach Increase Shows Endpoints Are Under Attack
Joe Stanganelli  |  4/16/2018  | 
The stats and factoids from the latest edition of Verizon's annual Data Breach Investigation Report make clear enterprise endpoints have been far too vulnerable and that explains why data breaches are on the rise.
GDPR, AI & a New Age of Consent for Enterprises
Joe Stanganelli  |  3/30/2018  | 
Despite compliance worries under GDPR, obtaining necessary consent for AI and machine learning processing of personal data is far from impossible.
Cybersecurity AI: Addressing the 'Artificial' Talent Shortage
Joe Stanganelli  |  3/23/2018  | 
As AI becomes increasingly important to cybersecurity, industry's complaints on the talent shortages in both areas have become louder. However, is there really a lack of qualified experts?


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/1/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Threat from the Internet--and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15478
PUBLISHED: 2020-07-01
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVE-2020-6261
PUBLISHED: 2020-07-01
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVE-2020-15471
PUBLISHED: 2020-07-01
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
CVE-2020-15472
PUBLISHED: 2020-07-01
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVE-2020-15473
PUBLISHED: 2020-07-01
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.