News & Commentary
PassGAN: Password Cracking Using Machine Learning
Jai Vijayan, Freelance writerNews
Researchers demo how deep neural networks can be trained to generate passwords better than the best password-cracking tools.
By Jai Vijayan Freelance writer, 9/25/2017
Comment1 Comment  |  Read  |  Post a Comment
SMBs Paid $301 Million to Ransomware Attackers
Dark Reading Staff, Quick Hits
But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.
By Dark Reading Staff , 9/21/2017
Comment2 comments  |  Read  |  Post a Comment
Siemens' New ICS/SCADA Security Service a Sign of the Times
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/19/2017
Comment1 Comment  |  Read  |  Post a Comment
Security Orchestration & Automation: Parsing the Options
Dario Forte, CEO, DFLabsCommentary
Once you head down the path of orchestration, security teams will need to decide how much automation they are ready for. Here's how.
By Dario Forte CEO, DFLabs, 9/15/2017
Comment1 Comment  |  Read  |  Post a Comment
A New Model for 'Mathematically Provable Security'
Tim Wilson, Editor in Chief, Dark Reading, CommentaryVideo
Winn Schwartau, CEO of The Security Awareness Company, says we all know the old model of security is broken and it's time for a new one.
By Tim Wilson, Editor in Chief, Dark Reading , 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
Endpoint Security Overload
Kelly Sheridan, Associate Editor, Dark ReadingNews
CISOs and their teams are over-investing in endpoint security tools, driving inefficiency and a need to consolidate data.
By Kelly Sheridan Associate Editor, Dark Reading, 9/5/2017
Comment0 comments  |  Read  |  Post a Comment
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
Once you've got a lake full of data, it's essential that your analysis isn't left stranded on the shore.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 8/29/2017
Comment0 comments  |  Read  |  Post a Comment
Curbing the Cybersecurity Workforce Shortage with AI
Deborah Golden, Principal, Deloitte & Touche, and Federal  Cyber-Risk LeaderCommentary
By using cognitive technologies, an organization can address the talent shortage by getting more productivity from current employees and improving processes.
By Deborah Golden Principal, Deloitte & Touche, and Federal Cyber-Risk Leader, 8/18/2017
Comment0 comments  |  Read  |  Post a Comment
What CISOs Need to Know about the Psychology behind Security Analysis
Kumar Saurabh, CEO and co-founder of LogicHubCommentary
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
By Kumar Saurabh CEO and co-founder of LogicHub, 8/14/2017
Comment1 Comment  |  Read  |  Post a Comment
Using AI to Break Detection Models
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Pitting machine learning bots against one another is the new spy vs. spy battle in cybersecurity today.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
How Bad Data Alters Machine Learning Results
Kelly Sheridan, Associate Editor, Dark ReadingNews
Machine learning models tested on single sources of data can prove inaccurate when presented with new sources of information.
By Kelly Sheridan Associate Editor, Dark Reading, 6/13/2017
Comment0 comments  |  Read  |  Post a Comment
How to Succeed at Incident Response Metrics
Tom Webb, Incident Handler, SANS Internet Storm CenterCommentary
Establishing a baseline of what information you need is an essential first step.
By Tom Webb Incident Handler, SANS Internet Storm Center, 6/2/2017
Comment1 Comment  |  Read  |  Post a Comment
Going Beyond Checkbox Security
InformationWeek Staff, CommentaryVideo
Terry Barbounis, cybersecurity evangelist for CenturyLink, stops by the InformationWeek News Desk.
By InformationWeek Staff , 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
How to Integrate Threat Intel & DevOps
Andrew Storms, VP Security Services, New ContextCommentary
Automating intelligence can help your organization in myriad ways.
By Andrew Storms VP Security Services, New Context, 5/4/2017
Comment1 Comment  |  Read  |  Post a Comment
Call Center Fraud Spiked 113% in 2016
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Criminals are increasingly spoofing caller ID using VoIP apps including Skype or Google Voice to hide their identity and location, according to a report released today by Pindrop Labs.
By Dawn Kawamoto Associate Editor, Dark Reading, 4/26/2017
Comment1 Comment  |  Read  |  Post a Comment
Machine Learning in Security: 4 Factors to Consider
Kelly Sheridan, Associate Editor, Dark ReadingNews
Key factors to consider before adding machine learning to your security strategy.
By Kelly Sheridan Associate Editor, Dark Reading, 4/21/2017
Comment1 Comment  |  Read  |  Post a Comment
10 Questions To Get Practical Answers At Interop ITX
Dark Reading Staff, Commentary
May 15-19 in Las Vegas: How to get solutions and advice from top speakers for the things that you really want to know.
By Dark Reading Staff , 4/14/2017
Comment0 comments  |  Read  |  Post a Comment
Teaching Hospitals at Greater Data Breach Risk
Dark Reading Staff, Quick Hits
John Hopkins researcher studies data breaches at hospitals between 2009 and 2016.
By Dark Reading Staff , 4/6/2017
Comment1 Comment  |  Read  |  Post a Comment
Data Visualization: Keeping an Eye on Security
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 3/27/2017
Comment3 comments  |  Read  |  Post a Comment
Fortune 1000 Companies See Security Ratings Drop
Kelly Sheridan, Associate Editor, Dark ReadingNews
Fortune 1000 businesses report more breaches, and lower security performance, than their non-F1000 counterparts.
By Kelly Sheridan Associate Editor, Dark Reading, 3/8/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by
Current Conversations Ohhh I like it very much) 
In reply to: Great
Post Your Own Reply
Posted by williamibarra
Current Conversations nice article
In reply to: Re: Pen is a good Knife
Post Your Own Reply
More Conversations
PR Newswire
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
Get Serious about IoT Security
Derek Manky, Global Security Strategist, Fortinet,  9/20/2017
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.