Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Every Week Is Shark Week in Cyberspace
Oldest First  |  Newest First  |  Threaded View
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2018 | 12:43:19 PM
Nice analogy
An organization's ocean is the Internet. I like the analogy, effective and CISO as lifeguard, all the employees should do their part.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2018 | 12:45:34 PM
Phishing
Phishing attacks and, specifically, mobile phishing attacks continue to rise. I agree, Phishing is major and effective way of executing an attack,
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2018 | 12:47:15 PM
Human factor
Yet despite anti-phishing methods such as reporting suspicious emails and routinely changing passwords, attacks are still increasing. It is because it exploits human factor, that is what it is effective
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2018 | 12:50:17 PM
False positive
Many threats are false positives; the dorsal fin of a friendly, curious dolphin can look like the dorsal fin of a shark that's circling the waters. This is where most of our security analyst time is wasted. So we need to change it with automation.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2018 | 12:52:37 PM
Threats
Threats are everywhere, in the water and online. They're usually hidden. They are mainly hidden in our logs, we can find them with automation. We mainly miss real threats but deal with false positives or negatives.
amarre
50%
50%
amarre,
User Rank: Author
7/31/2018 | 1:58:20 PM
The danger is real
Too often, even after a risk is actualized by a real or simulated attack, people continue to ignore the threat and pretend that it is exaggerated.  This comparison to shark infested waters will perhaps make it more real.  People are irrationally afraid of low-likelihood shark attacks; we need them to be rationally afraid of these attacks.
seanmajece
50%
50%
seanmajece,
User Rank: Apprentice
8/2/2018 | 5:46:40 AM
Cyberspace
By the way, my father is working with cyberspace. So I know a lot about it


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22879
PUBLISHED: 2021-04-14
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
CVE-2021-27989
PUBLISHED: 2021-04-14
Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.
CVE-2021-25316
PUBLISHED: 2021-04-14
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterp...
CVE-2021-28797
PUBLISHED: 2021-04-14
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (an...
CVE-2020-36323
PUBLISHED: 2021-04-14
In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.