Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

<<   <   Page 2 / 3   >   >>
The Good News about Breaches: It Wasn't You this Time
Lori MacVittie, Commentary
Somewhere in every application there is a vulnerability waiting to be exploited. You can attack the problem by having the right mindset and answering two simple questions
By Lori MacVittie , 11/30/2017
Comment0 comments  |  Read  |  Post a Comment
'Reaper': The Professional Bot Herder’s Thingbot
David Holmes, World-Wide Security Evangelist, F5Commentary
Is it malicious? So far it's hard to tell. For now it's a giant blinking red light in security researchers faces warning us that we’d better figure out how to secure the Internet of Things.
By David Holmes World-Wide Security Evangelist, F5, 11/16/2017
Comment1 Comment  |  Read  |  Post a Comment
'Goldilocks' Legislation Aims to Clean up IoT Security
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 11/9/2017
Comment0 comments  |  Read  |  Post a Comment
5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 11/2/2017
Comment3 comments  |  Read  |  Post a Comment
5 Reasons Why the CISO is a Cryptocurrency Skeptic
David Holmes, World-Wide Security Evangelist, F5Commentary
If you think all you need is technology to defend against bad guys, you shouldn’t be a CISO. But technology is all cryptocurrency is, starting with Bitcoin.
By David Holmes World-Wide Security Evangelist, F5, 10/26/2017
Comment0 comments  |  Read  |  Post a Comment
CISOs: Striving Toward Proactive Security Strategies
Mike Convertino, Chief Security Officer at Arceo.aiCommentary
A new survey paints a compelling picture of the modern security executive, how they succeed, and how much power they wield.
By Mike Convertino Chief Security Officer at Arceo.ai, 10/19/2017
Comment0 comments  |  Read  |  Post a Comment
6 Steps to Finding Honey in the OWASP
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 10/12/2017
Comment0 comments  |  Read  |  Post a Comment
URL Obfuscation: Still a Phisher's Phriend
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
There are three primary techniques to trick users into thinking a website link is real: URL shorteners, URL doppelgangers, and URL redirects.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 10/5/2017
Comment0 comments  |  Read  |  Post a Comment
TrickBot Rapidly Expands its Targets in August
Sara Boddy, Principal Threat Research EvangelistCommentary
TrickBot shifted its focus to U.S banks and credit card companies, soaring past the 1,000 target URL mark in a single configuration.
By Sara Boddy Principal Threat Research Evangelist, 9/28/2017
Comment0 comments  |  Read  |  Post a Comment
Where Do Security Vulnerabilities Come From?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
There are three major causes: code quality, complexity, and trusted data inputs.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 9/22/2017
Comment0 comments  |  Read  |  Post a Comment
The Hunt for IoT: The Rise of Thingbots
Sara Boddy, Principal Threat Research EvangelistCommentary
Across all of our research, every indication is that today’s "thingbots" – botnets built exclusively from Internet of Things devices – will become the infrastructure for a future Darknet.
By Sara Boddy Principal Threat Research Evangelist, 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
CIO or C-Suite: To Whom Should the CISO Report?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Five reasons why the chief information security officer needs to get out from under the control of IT.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
Phishing for Your Information: How Phishers Bait Their Hooks
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
A treasure trove of PII from social networks and the public Internet is there for the taking.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 8/31/2017
Comment0 comments  |  Read  |  Post a Comment
How Quantum Computing Will Change Browser Encryption
David Holmes, World-Wide Security Evangelist, F5Commentary
From a protocol point of view, we’re closer to a large-scale quantum computer than many people think. Here’s why that’s an important milestone.
By David Holmes World-Wide Security Evangelist, F5, 8/24/2017
Comment0 comments  |  Read  |  Post a Comment
How to Avoid the 6 Most Common Audit Failures
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
In a security audit, the burden is on you to provide the evidence that you’ve done the right things.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 8/17/2017
Comment0 comments  |  Read  |  Post a Comment
6 Ways CISOs Can Play a Role in Selling Security
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
When customers ask tough questions about data security, business service resilience, privacy, regulatory, and reputational risk it’s best to remain upbeat and positive. Here’s how.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 8/10/2017
Comment0 comments  |  Read  |  Post a Comment
Fight 'Credential Stuffing' with a New Approach to Authorization
Michael Koyfman, Senior Global Security Solution Architect, F5 NetworksCommentary
Token-based authorization that lets users prove their identity through Facebook, Google, or Microsoft credentials can dramatically reduce your attack surface and give enterprises a single point of control.
By Michael Koyfman Senior Global Security Solution Architect, F5 Networks, 8/3/2017
Comment1 Comment  |  Read  |  Post a Comment
Can Your Risk Assessment Stand Up Under Scrutiny?
Raymond Pompon, Principal Threat Research Evangelist at F5 NetworksCommentary
Weak risk assessments have gotten a pass up until now, but that may be changing.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 7/27/2017
Comment2 comments  |  Read  |  Post a Comment
Profile of a Hacker: The Real Sabu
David Holmes, World-Wide Security Evangelist, F5Commentary
There are multiple stories about how the capture of the infamous Anonymous leader Sabu went down. Here’s one, and another about what he is doing today.
By David Holmes World-Wide Security Evangelist, F5, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
The Hunt for Networks Building Death Star-Sized Botnets
Sara Boddy, Principal Threat Research EvangelistCommentary
Internet of Things devices are more critically vulnerable to compromise in DDos attacks than ever before. Here’s how to defend against them.
By Sara Boddy Principal Threat Research Evangelist, 7/13/2017
Comment0 comments  |  Read  |  Post a Comment
<<   <   Page 2 / 3   >   >>
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Healthcare Industry Sees Respite From Attacks in First Half of 2020
Robert Lemos, Contributing Writer,  8/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: It's a technique known as breaking out of the sandbox kids.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20383
PUBLISHED: 2020-08-13
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
CVE-2020-24348
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24349
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be &quot;fluff&quot; in the NGINX use case because there is no remote attack surface.
CVE-2020-7360
PUBLISHED: 2020-08-13
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was r...
CVE-2020-24342
PUBLISHED: 2020-08-13
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.