Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Nine Years Later, IT Security Is Even More Important To Business
Newest First  |  Oldest First  |  Threaded View
macker490
macker490,
User Rank: Ninja
5/4/2015 | 7:31:23 AM
Value in Balance
it is well to write about the value of security.  

but on the other side of the balance are values desired by commercial interests: accessibility of customer data; ease of use; compatibility.

commercial interests have habitually written off the cost of hacking as "part of the cost of doing business". "Twenty cents per $100? --meh"

recently though the costs seem to be getting heavier as the hacking business has gone commercial on the DarkNet.   Today hackers suck down customer cards, business bank balances, and business good name and reputation as well as customer good will in their hack attacks

at some point, when the write-off is no longer acceptable,  the balance will need to be re-evaluated

security isn't something that can be managed selectively.   you either implement it -- or just talk about it.
RetiredUser
RetiredUser,
User Rank: Ninja
5/3/2015 | 1:08:46 PM
Loyal Since Day 1
Though not a security professional (I'm a build and release engineer) I knew early on in my career that security knowledge was going to be essential in my day-to-day activities.  To work in a bubble and assume someone else is taking care of securing the environment in which my code is written, built and released is like leaving my doors and windows unlocked because I live in a gated community.  

What I have appreciated about DarkReading is that the format of the site and articles is such that anyone, security professional or enhtusiast, or novice from another discipline, can quickly find information they are looking for, read and absorb it with takeaway that is of use.  Though a reader of many other security ezines and exploit DB sites, I frequent DarkReading which manages to maintain a professional presence while still delivering content through BlackHat of interest to the underground.  DR stands apart from the rest.

Additionally, the regular presence of industry experts and known players in the article bylines say something about the quality of the pieces, and about this DarkReading community that has formed over almost a decade of evolution.  The tie-in to BlackHat and the enthusiasm of that community also has provided me personally with an outlet for expressing ideas and also given me inspiration to try new things in my personal projects that I would never have considered.  

Kudos, DarkReading!  Here's to 10 years and decades more of documenting, teaching and hopefully evolving the information security industry.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-22497
PUBLISHED: 2022-05-24
IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.
CVE-2022-29334
PUBLISHED: 2022-05-24
An issue in H v1.0 allows attackers to bypass authentication via a session replay attack.
CVE-2022-29337
PUBLISHED: 2022-05-24
C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2022-29333
PUBLISHED: 2022-05-24
A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file.
CVE-2021-3597
PUBLISHED: 2022-05-24
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1,...