Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
7 Modern-Day Cybersecurity Realities
Oldest First  |  Newest First  |  Threaded View
jake_hyve
50%
50%
jake_hyve,
User Rank: Author
5/4/2021 | 7:35:54 AM
Response to 7 Modern-Day Cybersecurity Realities article
Really interesting read. To add - I think everyone in a company should be responsible for ensuring security, not just the security or tech people
JulieS680
50%
50%
JulieS680,
User Rank: Apprentice
5/17/2021 | 4:55:29 PM
Digital Identities are the most vulnerable attack vector
Great read, thanks!

I would add that cybersecurity pros need to embrace the importance of securing digital identities in their security strategies. As we've witnessed, digital identities (user names and passwords) are the most exploited attack vector  - with a valid set of credentials, criminals can just login to get access to critical resources and systems and do significant damage.

Modern approaches to identity security - the protection of human/machine identityes through technologies like dentity proofing, MFA, risk-based authentication -  and identity defined security - using a trusted identitiy to further secure transactions throughout the entire technology stack -  are important to addressing the cybersecurity realities we face today.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-39128
PUBLISHED: 2021-09-16
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Serv...
CVE-2021-40881
PUBLISHED: 2021-09-15
An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.
CVE-2020-21483
PUBLISHED: 2021-09-15
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
CVE-2021-33044
PUBLISHED: 2021-09-15
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
CVE-2021-33045
PUBLISHED: 2021-09-15
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.