Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Study: Enterprises Losing Faith In Digital Certificates, Crytographic Keys
Newest First  |  Oldest First  |  Threaded View
1eustace
1eustace,
User Rank: Strategist
3/14/2015 | 2:20:38 PM
It's time to wake up
Up till now the industry has enjoyed plain content storage in backend networks banking on remoteness for security.  Heartbleed, Shellshock, Stuxnet and the like are telling the industry to rethink this strategy, perhaps consider backend hardware hardening as done for front end systems like PCI standards for payment terminals.  I think condifence can be regained with secure rooting of digital certificates i.e. strong protections to underlying private keys.
RyanSepe
RyanSepe,
User Rank: Ninja
3/12/2015 | 9:50:49 AM
Certificate Store and Frequent Changes
I think that it behooves an organization to have an internal certificate store. With this method you have more options. Level of encoding, visibility over certs, etc. This also will provide a more efficient and expedient method of changing certs. By changing the cert more frequently you are decreasing your risk substantially. This process is much easier when you are the one who governs it, instead of a third party.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42306
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
CVE-2022-42307
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.
CVE-2022-42308
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.
CVE-2022-42303
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.
CVE-2022-42304
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.