<<   <   Page 2 / 3   >   >>
The Good News about Breaches: It Wasn't You this Time
Lori MacVittie, Commentary
Somewhere in every application there is a vulnerability waiting to be exploited. You can attack the problem by having the right mindset and answering two simple questions
By Lori MacVittie , 11/30/2017
Comment0 comments  |  Read  |  Post a Comment
'Reaper': The Professional Bot Herder’s Thingbot
David Holmes, World-Wide Security Evangelist, F5Commentary
Is it malicious? So far it's hard to tell. For now it's a giant blinking red light in security researchers faces warning us that we’d better figure out how to secure the Internet of Things.
By David Holmes World-Wide Security Evangelist, F5, 11/16/2017
Comment1 Comment  |  Read  |  Post a Comment
'Goldilocks' Legislation Aims to Clean up IoT Security
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 11/9/2017
Comment0 comments  |  Read  |  Post a Comment
5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 11/2/2017
Comment0 comments  |  Read  |  Post a Comment
5 Reasons Why the CISO is a Cryptocurrency Skeptic
David Holmes, World-Wide Security Evangelist, F5Commentary
If you think all you need is technology to defend against bad guys, you shouldn’t be a CISO. But technology is all cryptocurrency is, starting with Bitcoin.
By David Holmes World-Wide Security Evangelist, F5, 10/26/2017
Comment0 comments  |  Read  |  Post a Comment
CISOs: Striving Toward Proactive Security Strategies
Mike Convertino, CISO & VP, Information Security, F5 NetworksCommentary
A new survey paints a compelling picture of the modern security executive, how they succeed, and how much power they wield.
By Mike Convertino CISO & VP, Information Security, F5 Networks, 10/19/2017
Comment0 comments  |  Read  |  Post a Comment
6 Steps to Finding Honey in the OWASP
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 10/12/2017
Comment0 comments  |  Read  |  Post a Comment
URL Obfuscation: Still a Phisher's Phriend
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
There are three primary techniques to trick users into thinking a website link is real: URL shorteners, URL doppelgangers, and URL redirects.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 10/5/2017
Comment0 comments  |  Read  |  Post a Comment
TrickBot Rapidly Expands its Targets in August
Sara Boddy, Principal Threat Research EvangelistCommentary
TrickBot shifted its focus to U.S banks and credit card companies, soaring past the 1,000 target URL mark in a single configuration.
By Sara Boddy Principal Threat Research Evangelist, 9/28/2017
Comment0 comments  |  Read  |  Post a Comment
Where Do Security Vulnerabilities Come From?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
There are three major causes: code quality, complexity, and trusted data inputs.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 9/22/2017
Comment0 comments  |  Read  |  Post a Comment
The Hunt for IoT: The Rise of Thingbots
Sara Boddy, Principal Threat Research EvangelistCommentary
Across all of our research, every indication is that today’s "thingbots" – botnets built exclusively from Internet of Things devices – will become the infrastructure for a future Darknet.
By Sara Boddy Principal Threat Research Evangelist, 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
CIO or C-Suite: To Whom Should the CISO Report?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Five reasons why the chief information security officer needs to get out from under the control of IT.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
Phishing for Your Information: How Phishers Bait Their Hooks
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
A treasure trove of PII from social networks and the public Internet is there for the taking.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 8/31/2017
Comment0 comments  |  Read  |  Post a Comment
How Quantum Computing Will Change Browser Encryption
David Holmes, World-Wide Security Evangelist, F5Commentary
From a protocol point of view, we’re closer to a large-scale quantum computer than many people think. Here’s why that’s an important milestone.
By David Holmes World-Wide Security Evangelist, F5, 8/24/2017
Comment0 comments  |  Read  |  Post a Comment
How to Avoid the 6 Most Common Audit Failures
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
In a security audit, the burden is on you to provide the evidence that you’ve done the right things.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 8/17/2017
Comment0 comments  |  Read  |  Post a Comment
6 Ways CISOs Can Play a Role in Selling Security
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
When customers ask tough questions about data security, business service resilience, privacy, regulatory, and reputational risk it’s best to remain upbeat and positive. Here’s how.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 8/10/2017
Comment0 comments  |  Read  |  Post a Comment
Fight 'Credential Stuffing' with a New Approach to Authorization
Michael Koyfman, Senior Global Security Solution Architect, F5 NetworksCommentary
Token-based authorization that lets users prove their identity through Facebook, Google, or Microsoft credentials can dramatically reduce your attack surface and give enterprises a single point of control.
By Michael Koyfman Senior Global Security Solution Architect, F5 Networks, 8/3/2017
Comment1 Comment  |  Read  |  Post a Comment
Can Your Risk Assessment Stand Up Under Scrutiny?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Weak risk assessments have gotten a pass up until now, but that may be changing.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 7/27/2017
Comment2 comments  |  Read  |  Post a Comment
Profile of a Hacker: The Real Sabu
David Holmes, World-Wide Security Evangelist, F5Commentary
There are multiple stories about how the capture of the infamous Anonymous leader Sabu went down. Here’s one, and another about what he is doing today.
By David Holmes World-Wide Security Evangelist, F5, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
The Hunt for Networks Building Death Star-Sized Botnets
Sara Boddy, Principal Threat Research EvangelistCommentary
Internet of Things devices are more critically vulnerable to compromise in DDos attacks than ever before. Here’s how to defend against them.
By Sara Boddy Principal Threat Research Evangelist, 7/13/2017
Comment0 comments  |  Read  |  Post a Comment
<<   <   Page 2 / 3   >   >>
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: On the SS7 network, nobody knows you're a dog.
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-5740
PUBLISHED: 2019-01-16
&quot;deny-answer-aliases&quot; is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is i...
CVE-2018-5741
PUBLISHED: 2019-01-16
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update ...
CVE-2016-9778
PUBLISHED: 2019-01-16
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met th...
CVE-2017-3135
PUBLISHED: 2019-01-16
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -&gt; 9.9.9-S7, 9.9.3 -&gt; 9.9.9-P5, 9.9.10b1...
CVE-2017-3136
PUBLISHED: 2019-01-16
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were me...