News & Commentary
Latest Content tagged with Operations
Page 1 / 2   >   >>
The Business of Security: How your Organization Is Changing beneath You
Commentary  |  3/30/2017  | 
And why its your job to change with it and skate where the puck is headed.
To Gain Influence, CISOs Must Get Security's Human Element Right
Commentary  |  3/29/2017  | 
Focusing on certain elements of security in isolation can cause a false sense of security.
Cloud Security: New Research Says IT Pros Still Skittish
News  |  3/29/2017  | 
Respondents complain in two studies that traditional security tools dont work in the cloud, and cant deliver visibility across multiple cloud environments.
Commercial IoT: Big Trouble in Small Devices
Commentary  |  3/28/2017  | 
There are endless scenarios where hackers could wreak havoc on the industrial Internet of Things. Theres also a readily available solution called HIP.
How Identity Deception Increases the Success of Ransomware
Commentary  |  3/28/2017  | 
As scammers hone their skills, their handiwork looks more credible to intended victims, making a successful ransomware scam more likely.
This Week On Dark Reading: Event Calendar
Commentary  |  3/27/2017  | 
Ransomware remediation and recovery this week, with clouds on the horizon.
Data Visualization: Keeping an Eye on Security
Commentary  |  3/27/2017  | 
Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
7 Steps to Transforming Yourself into a DevSecOps Rockstar
Slideshows  |  3/23/2017  | 
Security practitioners at one education software firm offer lessons learned from merging DevOps with security.
Report: OilRig' Attacks Expanding Across Industries, Geographies
Commentary  |  3/21/2017  | 
Malware targets Middle Eastern airlines, government, financial industries and critical infrastructure with a simple but powerful backdoor created by infected Excel files attached to phishing emails.
Getting Beyond the Buzz & Hype of Threat Hunting
Commentary  |  3/20/2017  | 
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it wont happen overnight.
New Wave of Security Acquisitions Signals Start of Consolidation Trend
Slideshows  |  3/20/2017  | 
A dozen recent high-profile deals reflect cybersecurity vendors' hopes of expanding their offerings with next-generation technology, ideas, and talent.
Embrace the Machine & Other Goals for CISOs
Commentary  |  3/17/2017  | 
Here are five ways we can become more effective for our organizations.
US-CERT Warns That HTTPS Inspection Tools Weaken TLS
Quick Hits  |  3/16/2017  | 
Turns out that man-in-the-middling your own traffic isn't the safest way to look for man-in-the-middle attacks.
In Cyber, Who Do We Trust to Protect the Business?
Commentary  |  3/16/2017  | 
If business leaders and directors continue to view cybersecurity as mainly a matter for the IT department, they will leave their companies exposed to significant risks.
Women Still Only 11% Of Global InfoSec Workforce
News  |  3/15/2017  | 
Career development and mentorship programs make women in cybersecurity feel more valued, increase women's success.
Security in the Age of Open Source
Commentary  |  3/15/2017  | 
Dramatic changes in the use of open source software over the past decade demands major changes in security testing regimens today. Here's what you need to know and do about it.
Awareness Training Can Help Quell Ransomware Attacks
Quick Hits  |  3/14/2017  | 
53 percent of organizations fall victim to ransomware, despite multiple technological defenses; but the right awareness training brings that infection rate down significantly, KnowBe4 study finds.
What Your SecOps Team Can (and Should) Do
Commentary  |  3/13/2017  | 
If your organization has all of these pieces in place, congratulations!
This Week On Dark Reading: Events Calendar
Commentary  |  3/13/2017  | 
How to become a threat hunter, how to build a cybersecurity architecture that actually defends against today's risks, and much more...
Securing Todays 'Elastic Attack Surface'
Commentary  |  3/9/2017  | 
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
Fortune 1000 Companies See Security Ratings Drop
News  |  3/8/2017  | 
Fortune 1000 businesses report more breaches, and lower security performance, than their non-F1000 counterparts.
Trust, Cloud & the Quest for a Glass Wall around Security
Commentary  |  3/8/2017  | 
In the next year, were going to see a leap towards strategic, business-level objectives that can be resolved by simplifying infrastructure and granting greater visibility in real time.
A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
Commentary  |  3/7/2017  | 
A researcher gives us a glimpse into what happened when he found a problem with an IoT device.
New Yorks Cyber Regulations: How to Take Action & Whos Next
Commentary  |  3/6/2017  | 
Even if your company isnt directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.
US Lawmakers Seek Grant For State, Local Cybersecurity
Quick Hits  |  3/6/2017  | 
State Cyber Resiliency Act aims to increase resources for governments so they can fight cyber threats.
Yahoo CEO Punished for Data Breaches
Quick Hits  |  3/3/2017  | 
Marissa Mayer will be denied her annual bonus of around $2 million and also forgoes annual stock award worth millions.
Today on Dark Reading: Your Costs, Risks & Metrics Questions Answered
Commentary  |  2/27/2017  | 
First up on the Dark Reading upcoming events calendar is our Dark Reading Virtual Event Tuesday, Feb. 28.
20 Questions for SecOps Platform Providers
Commentary  |  2/27/2017  | 
Security operations capabilities for the masses is long overdue. Heres how to find a solution that meets your budget and resources.
In Cybersecurity, Language Is a Source of Misunderstandings
Commentary  |  2/27/2017  | 
To successfully fight threats across industries, we must all use the same terminology.
20 Cybersecurity Startups To Watch In 2017
Slideshows  |  2/24/2017  | 
VC money flowed plentifully into the security market last year, fueling a new crop of innovative companies.
Why We Need To Reinvent How We Catalogue Malware
Commentary  |  2/22/2017  | 
One obvious trend: crimeware technologies that come with simple user consoles and functionality to create unique binaries at the click of a button.
Stolen Health Record Databases Sell For $500,000 In The Deep Web
News  |  2/21/2017  | 
Electronic health record databases proving to be some of the most lucrative stolen data sets in cybercrime underground.
Preparing Security For Windows 7 End-Of-Life Support
Commentary  |  2/21/2017  | 
Moving to Microsoft's latest OS may give you flashbacks to when XP support ended.
Controlling Privileged Access To Prevent Rogue Users In Active Directory
Commentary  |  2/20/2017  | 
Knowing which of your employees have which privileges is the first step to staying safe.
Why Identity Has Become A Top Concern For CSOs
Commentary  |  2/14/2017  | 
Seven of the world's top security leaders share their fears and challenges around the critical new role of identity in the fight against cyber adversaries.
4 Signs You, Your Users, Tech Peers & C-Suite All Have 'Security Fatigue'
Commentary  |  2/9/2017  | 
If security fatigue is the disease we've all got, the question is how do we get over it?
What to Watch (& Avoid) At RSAC
Commentary  |  2/8/2017  | 
A renowned security veteran shares his RSA dance card, offering views on technologies destined for the dustbin of history and those that will move the industry forward.
Talking Cybersecurity From A Risk Management Point of View
Commentary  |  2/3/2017  | 
CenturyLink CSO David Mahon reflects on the evolution of the chief information security officer, and why todays CISOs are increasingly adopting a risk-based approach to security.
How to Handle Threats When Short-Staffed
How to Handle Threats When Short-Staffed
Dark Reading Videos  |  2/3/2017  | 
Skyboxs Michelle Cobb, VP of Worldwide Marketing, explains how automation and advanced analytics can give security teams the data they need when their teams are stretched
10 Essential Elements For Your Incident-Response Plan
Slideshows  |  2/2/2017  | 
The middle of a DDoS attack or ransomware infection is hardly the time to start talking about divisions of labor, or who should do what when.
The Interconnected Nature Of International Cybercrime
Commentary  |  2/1/2017  | 
How burgeoning hackers are honing their craft across language barriers from top tier cybercriminal ecosystems and forums of the Deep and Dark Web.
A New Mantra For Cybersecurity: 'Simulate, Simulate, Simulate!'
Commentary  |  2/1/2017  | 
What security teams can learn from the Apollo 13 space program, a global pandemic, and major infrastructure disruptions to identify their best responses to attacks.
Why Youre Doing Cybersecurity Risk Measurement Wrong
Commentary  |  1/30/2017  | 
Measuring risk isnt as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five.
Cloud Is Security-Ready But Is Your Security Team Ready For Cloud?
Commentary  |  1/25/2017  | 
Cloud computing has moved beyond the early adopter phase and is now mainstream. Heres how to keep data safe in an evolving ecosystem.
This Week On Dark Reading: Event Calendar
Commentary  |  1/25/2017  | 
Devote some time and headspace to improving your skills with these Dark Reading events.
The Trouble With DMARC: 4 Serious Stumbling Blocks
Commentary  |  1/24/2017  | 
Popularity for the Domain-based Message Authentication, Reporting and Conformance email authentication standard is growing. So why are enterprises still struggling to implement it?
JPMorgan Hack: One More Pleads Guilty For Operating Bitcoin Exchange
Quick Hits  |  1/20/2017  | 
Ricardo Hill allegedly operated Coin.mx which exchanged millions of dollars into bitcoin to support the hack scheme.
Cyber Lessons From NSAs Admiral Michael Rogers
Commentary  |  1/19/2017  | 
Security teams must get better at catching intruders where we have the advantage: on our own networks.
Cloud Security & IoT: A Look At What Lies Ahead
Commentary  |  1/18/2017  | 
In the brave new world of cloud, security teams must be as agile as possible. This means leveraging proactive monitoring tools, locking down access points, and forecasting requirements
10 Cocktail Party Security Tips From The Experts
Slideshows  |  1/13/2017  | 
Security pros offer basic advice to help average users ward off the bad guys.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.