Analytics

News & Commentary
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin SystemsCommentary
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018
Comment4 comments  |  Read  |  Post a Comment
As Tech Drives the Business, So Do CISOs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals.
By Kelly Sheridan Staff Editor, Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
8 Keys to a Successful Penetration Test
Curtis Franklin Jr., Senior Editor at Dark Reading
Pen tests are expensive, but there are key factors that can make them worth the investment.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/19/2018
Comment0 comments  |  Read  |  Post a Comment
The Security Costs of Cloud-Native Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
EternalBlue Infections Persist
Dark Reading Staff, Quick Hits
Indonesia, Taiwan, Vietnam, Thailand, Egypt, Russia, China, among the top 10 nations with the most machines infected with the exploit.
By Dark Reading Staff , 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
Military, Government Users Just as Bad About Password Hygiene as Civilians
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/14/2018
Comment1 Comment  |  Read  |  Post a Comment
The Economics of AI-Enabled Security
Dark Reading Staff, CommentaryVideo
While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Filtering the Threat Intelligence Tsunami
Dark Reading Staff, CommentaryVideo
Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Xori Adds Speed, Breadth to Disassembler Lineup
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new open source tool, introduced at Black Hat USA, places a priority on speed and automation.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
How AI Could Become the Firewall of 2003
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
An over-reliance on artificial intelligence and machine learning for the wrong uses will create unnecessary risks.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 8/1/2018
Comment0 comments  |  Read  |  Post a Comment
5 Ways Small Security Teams Can Defend Like Fortune 500 Companies
Mike Armistead, Co-Founder & CEO of Respond SoftwareCommentary
Keep your company protected with a mix of old- and new-school technologies.
By Mike Armistead Co-Founder & CEO of Respond Software, 7/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Security Startups Fly And Why They Crash
Kelly Sheridan, Staff Editor, Dark ReadingNews
What makes startups stand out in a market flooded with thousands of vendors? Funding experts and former founders share their thoughts.
By Kelly Sheridan Staff Editor, Dark Reading, 7/20/2018
Comment1 Comment  |  Read  |  Post a Comment
SOCs Use Automation to Compensate for Training, Technology Issues
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Sharing Intelligence Makes Everyone Safer
Sanjay Vidyadharan, CAO & Head of Innovations at Marlabs Inc.Commentary
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.
By Sanjay Vidyadharan CAO & Head of Innovations at Marlabs Inc., 6/29/2018
Comment1 Comment  |  Read  |  Post a Comment
Improving the Adoption of Security Automation
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Four barriers to automation and how to overcome them.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018
Comment1 Comment  |  Read  |  Post a Comment
The Best and Worst Tasks for Security Automation
Kelly Sheridan, Staff Editor, Dark Reading
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment5 comments  |  Read  |  Post a Comment
Security Analytics Startup Uptycs Raises $10M in Series A
Dark Reading Staff, Quick Hits
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
By Dark Reading Staff , 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Security Ratings Answer Big Questions in Cyber Insurance
Kelly Sheridan, Staff Editor, Dark ReadingNews
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
By Kelly Sheridan Staff Editor, Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
SAP CSO: Security Requires Context
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security depends on the apps and networks it protects. SAP CSO Justin Somaini discusses three scenarios.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
Kelly Sheridan, Staff Editor, Dark ReadingNews
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17538
PUBLISHED: 2018-09-26
Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection.
CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634
PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...