<<   <   Page 2 / 3   >   >>
The Good News about Breaches: It Wasn't You this Time
Lori MacVittie, Commentary
Somewhere in every application there is a vulnerability waiting to be exploited. You can attack the problem by having the right mindset and answering two simple questions
By Lori MacVittie , 11/30/2017
Comment0 comments  |  Read  |  Post a Comment
'Reaper': The Professional Bot Herder’s Thingbot
David Holmes, World-Wide Security Evangelist, F5Commentary
Is it malicious? So far it's hard to tell. For now it's a giant blinking red light in security researchers faces warning us that we’d better figure out how to secure the Internet of Things.
By David Holmes World-Wide Security Evangelist, F5, 11/16/2017
Comment1 Comment  |  Read  |  Post a Comment
'Goldilocks' Legislation Aims to Clean up IoT Security
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 11/9/2017
Comment0 comments  |  Read  |  Post a Comment
5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 11/2/2017
Comment0 comments  |  Read  |  Post a Comment
5 Reasons Why the CISO is a Cryptocurrency Skeptic
David Holmes, World-Wide Security Evangelist, F5Commentary
If you think all you need is technology to defend against bad guys, you shouldn’t be a CISO. But technology is all cryptocurrency is, starting with Bitcoin.
By David Holmes World-Wide Security Evangelist, F5, 10/26/2017
Comment0 comments  |  Read  |  Post a Comment
CISOs: Striving Toward Proactive Security Strategies
Mike Convertino, CISO & VP, Information Security, F5 NetworksCommentary
A new survey paints a compelling picture of the modern security executive, how they succeed, and how much power they wield.
By Mike Convertino CISO & VP, Information Security, F5 Networks, 10/19/2017
Comment0 comments  |  Read  |  Post a Comment
6 Steps to Finding Honey in the OWASP
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 10/12/2017
Comment0 comments  |  Read  |  Post a Comment
URL Obfuscation: Still a Phisher's Phriend
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
There are three primary techniques to trick users into thinking a website link is real: URL shorteners, URL doppelgangers, and URL redirects.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 10/5/2017
Comment0 comments  |  Read  |  Post a Comment
TrickBot Rapidly Expands its Targets in August
Sara Boddy, Principal Threat Research EvangelistCommentary
TrickBot shifted its focus to U.S banks and credit card companies, soaring past the 1,000 target URL mark in a single configuration.
By Sara Boddy Principal Threat Research Evangelist, 9/28/2017
Comment0 comments  |  Read  |  Post a Comment
Where Do Security Vulnerabilities Come From?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
There are three major causes: code quality, complexity, and trusted data inputs.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 9/22/2017
Comment0 comments  |  Read  |  Post a Comment
The Hunt for IoT: The Rise of Thingbots
Sara Boddy, Principal Threat Research EvangelistCommentary
Across all of our research, every indication is that today’s "thingbots" – botnets built exclusively from Internet of Things devices – will become the infrastructure for a future Darknet.
By Sara Boddy Principal Threat Research Evangelist, 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
CIO or C-Suite: To Whom Should the CISO Report?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Five reasons why the chief information security officer needs to get out from under the control of IT.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
Phishing for Your Information: How Phishers Bait Their Hooks
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
A treasure trove of PII from social networks and the public Internet is there for the taking.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 8/31/2017
Comment0 comments  |  Read  |  Post a Comment
How Quantum Computing Will Change Browser Encryption
David Holmes, World-Wide Security Evangelist, F5Commentary
From a protocol point of view, we’re closer to a large-scale quantum computer than many people think. Here’s why that’s an important milestone.
By David Holmes World-Wide Security Evangelist, F5, 8/24/2017
Comment0 comments  |  Read  |  Post a Comment
How to Avoid the 6 Most Common Audit Failures
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
In a security audit, the burden is on you to provide the evidence that you’ve done the right things.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 8/17/2017
Comment0 comments  |  Read  |  Post a Comment
6 Ways CISOs Can Play a Role in Selling Security
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
When customers ask tough questions about data security, business service resilience, privacy, regulatory, and reputational risk it’s best to remain upbeat and positive. Here’s how.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 8/10/2017
Comment0 comments  |  Read  |  Post a Comment
Fight 'Credential Stuffing' with a New Approach to Authorization
Michael Koyfman, Senior Global Security Solution Architect, F5 NetworksCommentary
Token-based authorization that lets users prove their identity through Facebook, Google, or Microsoft credentials can dramatically reduce your attack surface and give enterprises a single point of control.
By Michael Koyfman Senior Global Security Solution Architect, F5 Networks, 8/3/2017
Comment1 Comment  |  Read  |  Post a Comment
Can Your Risk Assessment Stand Up Under Scrutiny?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Weak risk assessments have gotten a pass up until now, but that may be changing.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 7/27/2017
Comment2 comments  |  Read  |  Post a Comment
Profile of a Hacker: The Real Sabu
David Holmes, World-Wide Security Evangelist, F5Commentary
There are multiple stories about how the capture of the infamous Anonymous leader Sabu went down. Here’s one, and another about what he is doing today.
By David Holmes World-Wide Security Evangelist, F5, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
The Hunt for Networks Building Death Star-Sized Botnets
Sara Boddy, Principal Threat Research EvangelistCommentary
Internet of Things devices are more critically vulnerable to compromise in DDos attacks than ever before. Here’s how to defend against them.
By Sara Boddy Principal Threat Research Evangelist, 7/13/2017
Comment0 comments  |  Read  |  Post a Comment
<<   <   Page 2 / 3   >   >>
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
F5 makes apps go-faster, smarter, and safer. With solutions for the cloud and the data center, F5 technology provides unparalleled visibility and control, allowing customers to secure their users, applications, and data. For more information, visit www.f5.com.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11311
PUBLISHED: 2018-05-20
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVE-2018-11319
PUBLISHED: 2018-05-20
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to ...
CVE-2018-11242
PUBLISHED: 2018-05-20
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-11315
PUBLISHED: 2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a ho...
CVE-2018-11239
PUBLISHED: 2018-05-19
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in ...