Analytics
News & Commentary
Newly Fired CEO Of Norse Fires Back At Critics
Jai Vijayan, Freelance writerNews
Critics maintain that Norse Corp. is peddling threat data as threat intelligence.
By Jai Vijayan Freelance writer, 2/4/2016
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Smackdown: What Side Are You On?
Dark Reading Staff, Commentary
Analytics vs. Encryption. Prevention vs. Detection. Machine Learning: Promise or Hype? The Firewall: Dead or Still Breathing? The sharpest minds in the security industry debate some of the industry's most contentious issues.
By Dark Reading Staff , 2/4/2016
Comment4 comments  |  Read  |  Post a Comment
Passwords, Email Addresses, Were Most Stolen Data In 2015
Dark Reading Staff, Quick Hits
Analysis of public data breaches finds US and UK represented more than 45% of all reported breaches last year, and major energy firms make the list of most multiple breaches.
By Dark Reading Staff , 2/3/2016
Comment1 Comment  |  Read  |  Post a Comment
Encryption Has Its Place But It Isn’t Foolproof
Doug Clare, Vice President of Product Management, FICOCommentary
Most encrypted data is unencrypted at some point in its lifecycle -- and the bad guys are pretty good at finding the one window left open.
By Doug Clare Vice President of Product Management, FICO, 2/2/2016
Comment2 comments  |  Read  |  Post a Comment
As Good As They're Getting, Analytics Don't Inherently Protect Data
Scott Petry , Co-Founder & CEO of Authentic8Commentary
It is only a matter of time before your system is breached, and when your data is lost, analytics won't help you.
By Scott Petry Co-Founder & CEO of Authentic8, 2/2/2016
Comment0 comments  |  Read  |  Post a Comment
Insurers Getting Smarter About Assessing Cyber Insurance Policy Risks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
2016 shaping up to be a year of greater maturity in how insurance companies underwrite their cyber insurance policies.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/26/2016
Comment0 comments  |  Read  |  Post a Comment
The Four Big Problems With Security Metrics
Jai Vijayan, Freelance writerNews
Metrics can be very useful, but only if they track the things that matter.
By Jai Vijayan Freelance writer, 1/11/2016
Comment0 comments  |  Read  |  Post a Comment
15 Cybersecurity Lessons We Should Have Learned From 2015, But Probably Didn't
Sara Peters, Senior Editor at Dark ReadingNews
Another infosec year is almost in the books. What did all the breaches, vulnerabilities, trends, and controversies teach us?
By Sara Peters Senior Editor at Dark Reading, 12/28/2015
Comment7 comments  |  Read  |  Post a Comment
The Rise Of Community-Based Information Security
Peter Zavlaris, Analyst, RiskIQCommentary
The more vendors, service providers, and companies’ band together to fight security threats, the more difficult it will become for attacks to succeed.
By Peter Zavlaris Analyst, RiskIQ, 12/28/2015
Comment2 comments  |  Read  |  Post a Comment
90% Of Industries, Not Just Healthcare, Have Disclosed PHI In Breaches
Sara Peters, Senior Editor at Dark ReadingNews
New Verizon PHI report finds that organizations' workers comp and wellness programs are also vulnerable repositories for personal health information.
By Sara Peters Senior Editor at Dark Reading, 12/17/2015
Comment0 comments  |  Read  |  Post a Comment
Security Talent Gap Threatens Adoption Of Analytics Tools
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Finding qualified personnel with the right skillsets to configure and operate analytics platforms is a big challenge today, but workforce development, training, and more intuitive technology could help.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 12/17/2015
Comment2 comments  |  Read  |  Post a Comment
Introducing ‘RITA’ for Real Intelligence Threat Analysis
John Strand, SANS Senior Instructor & Owner, Black Hills Information SecurityCommentary
SANS' free, new framework can help teams hunt for attackers by extending traditional signature analysis to blacklisted IP addresses and accounts that have multiple concurrent logons to multiple systems.
By John Strand SANS Senior Instructor & Owner, Black Hills Information Security, 11/20/2015
Comment0 comments  |  Read  |  Post a Comment
4 Tricks For Getting The Most Out Of User Behavior Analytics
Ericka Chickowski, Contributing Writer, Dark ReadingNews
First thing's first: establish what 'normal' metrics look like.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/19/2015
Comment0 comments  |  Read  |  Post a Comment
Attack Attempt Numbers Down, But PoS Malware & Angler Up in Q3
Sara Peters, Senior Editor at Dark ReadingNews
Politically motivated cyberespionage groups also hard at work between July and September, according to Trend Micro.
By Sara Peters Senior Editor at Dark Reading, 11/17/2015
Comment1 Comment  |  Read  |  Post a Comment
5 Reasons Enterprises Don't Get Enough Value From Threat Intelligence
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Maturity levels still keeping threat intelligence efficacy stunted.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/17/2015
Comment0 comments  |  Read  |  Post a Comment
IBM Report: Ransomware, Malicious Insiders On The Rise
Sara Peters, Senior Editor at Dark ReadingNews
X-Force's top four cyber threat trends also names upper management's increasing interest in infosec.
By Sara Peters Senior Editor at Dark Reading, 11/16/2015
Comment1 Comment  |  Read  |  Post a Comment
Don’t Toy With The Dark Web, Harness It
James Chappell, CTO & Founder, Digital ShadowsCommentary
The Dark Web’s sinister allure draws outsized attention, but time-strapped security teams would benefit from knowing what's already circulating in places they don't need Tor or I2P to find.
By James Chappell CTO & Founder, Digital Shadows, 11/16/2015
Comment4 comments  |  Read  |  Post a Comment
Federal Government Most Prone To Repeat Breaches
Sara Peters, Senior Editor at Dark ReadingNews
It isn't just the White House that gets compromised more than once. Also, in a shifting trend, malicious insider attacks don't cut quite as deep as outsiders' do, report finds.
By Sara Peters Senior Editor at Dark Reading, 11/11/2015
Comment0 comments  |  Read  |  Post a Comment
Machine Learning: Perception Problem? Maybe. Pipe Dream? No Way!
Mike Paquette, VP Products, PrelertCommentary
Guided by an organization's internal security experts,'algorithmic assistants' provide a powerful new way to find anomalies and patterns for detecting cyberthreat activity.
By Mike Paquette VP Products, Prelert, 11/11/2015
Comment0 comments  |  Read  |  Post a Comment
Why Threat Intelligence Feels Like A Game Of Connect Four
Kristi Horton, Lead Intelligence Officer, Financial Services Information Sharing and Analysis Center (FS-ISAC)Commentary
In real life, solving the cybersecurity puzzle has many challenges. But shared wisdom and community defense models are making it easier to connect the dots.
By Kristi Horton Lead Intelligence Officer, Financial Services Information Sharing and Analysis Center (FS-ISAC), 11/10/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: nice one good
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.