Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Alan Zeichick

Latest Content
Convergence: Real Problems When it Comes to Securing the IoT/IIoT
Alan Zeichick  |  3/14/2019  | 
Today, enterprises are dealing with a proliferation of connected devices that probably aren't dedicated to computing think video cameras, inventory sensors, machine tools, thermostats and environmental monitors.
What You Need to Know About Arbitrary Code Execution Vulnerabilities
Alan Zeichick  |  2/12/2019  | 
Despite their rather innocuous name, ACE vulnerabilities can appear in just about any software. So here's what to do...
Four Security Questions You Need to Answer for SD-WAN Success
Alan Zeichick  |  1/31/2019  | 
Before you select an SD-WAN vendor, read this.
Four Enterprise Identity & Access Management Trends to Watch in 2019
Alan Zeichick  |  1/25/2019  | 
For CISOs, Identity and Access Management, or IAM, is a must-have for the security tool box. However, the technology is rapidly evolving. Here are four important trends to watch this year.
Ten Cybersecurity Predictions That I Don't Like for 2019
Alan Zeichick  |  1/1/2019  | 
If 2018 turned into a security headache for enterprises, our writers predicts that 2019 won't be much better maybe even worse. \r\n\r\n
Email Spam: Don't Be a Chump or a Jerk
Alan Zeichick  |  12/20/2018  | 
For decades, spam emails have clogged up corporate email inboxes. However, there are some simple rules and guidelines IT pros, as well as marketers, can use to cut down on this, and make everyone more secure.
SD-WAN Security: Why Zero-Trust Authentication Is Key
Alan Zeichick  |  12/10/2018  | 
SD-WAN provides big benefits compared to traditional WAN connections between data centers and remote locations. However, authentication remains a concern. Here's why zero trust is a must.
IT & OT Convergence: a Potential Security Nightmare
Alan Zeichick  |  12/5/2018  | 
Industrial systems are rapidly connecting to the wider, public Internet. There are a host of security problems that comes with this convergence, however, and combing IT and OT is not the cure. Here's why.
12 Cloud Backup Tips to Protect Your Business's Back-End Servers
Alan Zeichick  |  11/27/2018  | 
The cloud can offer cost-effective backups for enterprise web servers, file servers and other critical infrastructure. Here are a dozen tips on how to make cloud backups safe and efficient.
Let's Get Physical: Why Protecting Hardware Is Essential to Good Cybersecurity
Alan Zeichick  |  11/1/2018  | 
Enterprises need to consider physical security as part of any comprehensive cybersecurity plan.
Managed Security Service Providers: Good Idea, but What's the Catch?
Alan Zeichick  |  10/25/2018  | 
Managed security service providers are a good idea for businesses struggling with creating their own InfoSec division. However, there are some drawbacks to consider.
Your People Can't Secure Your Network? Try Tier 0 Automation
Alan Zeichick  |  10/18/2018  | 
Keeping up with modern security requirements requires a multi-prong approach. One way to ensure that threats are being met is to ignore the false alerts. This is where Tier 0 automation comes in.
Rotten Fruit: 4 Insider Threats to Watch Out For
Alan Zeichick  |  10/8/2018  | 
When it comes to insider threats, it's best not to trust anyone. However, different employees pose different types of threats to the network. Here are the four types of 'rotten fruit' to look out for in your business.
Get Ready for Realistic Attacks on the Internet of Things
Alan Zeichick  |  9/4/2018  | 
Good news: We haven't seen a widespread action against IoT devices. Bad news: IoT devices are shockingly vulnerable.
Five IoT Endpoint Security Recommendations for the Enterprise
Alan Zeichick  |  8/27/2018  | 
It's 2:00 a.m. Do you know where your devices are? Find out five IoT security tips to help you sleep at night.
Artificial Malevolence: Bad Actors Know Computer Science, Too
Alan Zeichick  |  8/13/2018  | 
Artificial intelligence and machine learning have many useful applications in legitimate security prevention. However, the buzz at this year's Black Hat is that bad guys are already catching up.
Don't Let Your Containers Stray Into Cryptocurrency Mining
Alan Zeichick  |  8/7/2018  | 
Containers were supposed to be safe, until they weren't. With cybercrooks trying to attach cryptocurrency mining malware to containers, there are ways to protect your development environment.
Zero Trust Means Never Trust & Always Verify
Alan Zeichick  |  7/30/2018  | 
Enterprise security teams have actually been practicing zero trust policies for a number of years, but new advances and better tools now make the philosophy easier to implement. Still, it's always best to verify.
Watch Out: The Dark Web Is Really Watching You
Alan Zeichick  |  7/23/2018  | 
The Dark Web is a lot of things, but it's mostly a hangout for criminals and cyberthieves. However, this dark corner of the Internet may know more about you or your enterprise than you think.
Cloud-Based Identity Management Systems: What to Look For
Alan Zeichick  |  6/26/2018  | 
Most of the big cloud players, including Google, Microsoft and AWS, all offer some form of identity and access management. There are plenty of other cloud-based, on-premises IAM systems as well. Here's what you need to look for.
How to Find a Next-Generation Firewall for the Cloud
Alan Zeichick  |  6/25/2018  | 
If you use cloud-based servers for running business applications, you need to protect those servers with a software-based cloud firewall. There are many options, and here's how to choose.
Containers in the Cloud Are Great, but Are They Secure?
Alan Zeichick  |  6/21/2018  | 
Containers are an efficient means to package, deploy and run software in the cloud. There are legitimate security concerns, however.
Public Cloud, Part of the Network or Not, Remains a Security Concern
Alan Zeichick  |  5/30/2018  | 
Security in the public cloud is like asking who is responsible for securing your rented apartment you or the building owner?
GDPR Should Change Your Thinking About Network Firewalls
Alan Zeichick  |  5/24/2018  | 
Old-fashioned firewalls are an effective weapon for protecting the network incursions and data breaches, and that goes for the new era of GDPR that begins Friday as well.
Next-Generation Firewalls: Poorly Named but Essential to the Enterprise Network
Alan Zeichick  |  5/16/2018  | 
They may be stupidly named but they are essential for protecting enterprise assets that span on-premises servers, IaaS and PaaS clouds, as well as virtual machines.
5 New Network Attack Techniques That Will Keep You Awake at Night
Alan Zeichick  |  4/25/2018  | 
You can't trust anything -- not the cloud, not hardware, not industrial control systems. Take nothing for granted, advise the experts, and trust nothing.
It's the People: 5 Reasons Why SOC Can't Scale
Alan Zeichick  |  4/23/2018  | 
There are always more security alerts and threats to respond, but the answer isn't to simply throw more money at the SOC to hire additional Tier 1 and Tier 2 security analysts.
Microsoft Security Is Channeling the Terminator
Alan Zeichick  |  4/19/2018  | 
In its own way of channeling the Terminator and Skynet, Microsoft is looking to add more layers of artificial intelligence into its Windows Defender ATP to further reduce remediation and increase automation of security.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This is not what I meant by "I would like to share some desk space"
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28452
PUBLISHED: 2021-01-20
This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request ...
CVE-2020-28483
PUBLISHED: 2021-01-20
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
CVE-2021-21269
PUBLISHED: 2021-01-20
Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more f...
CVE-2020-25686
PUBLISHED: 2021-01-20
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same...
CVE-2020-25687
PUBLISHED: 2021-01-20
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This...