News & Commentary

Latest Content tagged with Analytics
Page 1 / 2   >   >>
8 Keys to a Successful Penetration Test
Slideshows  |  9/19/2018  | 
Pen tests are expensive, but there are key factors that can make them worth the investment.
The Security Costs of Cloud-Native Applications
News  |  9/18/2018  | 
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
EternalBlue Infections Persist
Quick Hits  |  9/14/2018  | 
Indonesia, Taiwan, Vietnam, Thailand, Egypt, Russia, China, among the top 10 nations with the most machines infected with the exploit.
Military, Government Users Just as Bad About Password Hygiene as Civilians
News  |  9/14/2018  | 
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
The Economics of AI-Enabled Security
The Economics of AI-Enabled Security
Dark Reading Videos  |  8/17/2018  | 
While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.
Filtering the Threat Intelligence Tsunami
Filtering the Threat Intelligence Tsunami
Dark Reading Videos  |  8/17/2018  | 
Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.
Xori Adds Speed, Breadth to Disassembler Lineup
News  |  8/9/2018  | 
A new open source tool, introduced at Black Hat USA, places a priority on speed and automation.
How AI Could Become the Firewall of 2003
Commentary  |  8/1/2018  | 
An over-reliance on artificial intelligence and machine learning for the wrong uses will create unnecessary risks.
5 Ways Small Security Teams Can Defend Like Fortune 500 Companies
Commentary  |  7/26/2018  | 
Keep your company protected with a mix of old- and new-school technologies.
Why Security Startups Fly And Why They Crash
News  |  7/20/2018  | 
What makes startups stand out in a market flooded with thousands of vendors? Funding experts and former founders share their thoughts.
SOCs Use Automation to Compensate for Training, Technology Issues
News  |  7/13/2018  | 
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.
Why Sharing Intelligence Makes Everyone Safer
Commentary  |  6/29/2018  | 
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.
Improving the Adoption of Security Automation
Commentary  |  6/20/2018  | 
Four barriers to automation and how to overcome them.
The Best and Worst Tasks for Security Automation
Slideshows  |  6/20/2018  | 
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
Security Analytics Startup Uptycs Raises $10M in Series A
Quick Hits  |  6/19/2018  | 
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
Security Ratings Answer Big Questions in Cyber Insurance
News  |  6/11/2018  | 
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
SAP CSO: Security Requires Context
News  |  6/11/2018  | 
Security depends on the apps and networks it protects. SAP CSO Justin Somaini discusses three scenarios.
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
News  |  6/7/2018  | 
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
Operation Prowli Hits 40K with Traffic Monetization, Cryptomining
News  |  6/6/2018  | 
The campaign targets services including Drupal CMS sites, DSL modems, vulnerable IoT devices, and servers with an open SSH port.
Dark Web Marketplaces Dissolve Post-AlphaBay, Hansa Takedown
News  |  6/5/2018  | 
Cybercrime marketplaces reshape into smaller forums and individual chats as threat actors find new ways to evade law enforcement.
Panorays Debuts With $5 Million Investment
Quick Hits  |  6/5/2018  | 
Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.
I, for One, Welcome Our Robotic Security Overlords
Commentary  |  6/5/2018  | 
Automation will come in more subtle ways than C-3PO and it's transforming cybersecurity.
Web Application Firewalls Adjust to Secure the Cloud
News  |  6/4/2018  | 
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Commentary  |  6/4/2018  | 
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
Google Groups Misconfiguration Exposes Corporate Data
News  |  6/1/2018  | 
Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.
Open Bug Bounty Offers Free Program For Websites
News  |  6/1/2018  | 
Non-profit says it will triage and verify certain kinds of Web vulnerability submissions at no cost for those who sign up.
Report: Cross-Site Scripting Still Number One Web Attack
Quick Hits  |  6/1/2018  | 
SQL injection is the second most common technique, with IT and finance companies the major targets.
New Federal Report Gives Guidance on Beating Botnets
News  |  5/31/2018  | 
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
Building Blocks for a Threat Hunting Program
News  |  5/31/2018  | 
Guidance for businesses building threat intelligence strategies while overwhelmed by threats, lack of talent, and a healthy dose of skepticism about the market.
Thoma Bravo Acquires Majority Stake in LogRhythm
Quick Hits  |  5/31/2018  | 
The SIEM vendor sells stake to private equity firm.
Judge Tosses Kaspersky Lab Suits Against US Government Ban
Quick Hits  |  5/31/2018  | 
A US judge dismisses two lawsuits filed by Kaspersky Lab, which argued the US government ban on its products was unconstitutional and caused undue harm.
6 Security Investments You May Be Wasting
Slideshows  |  5/31/2018  | 
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
Dozens of Vulnerabilities Discovered in DoD's Enterprise Travel System
News  |  5/30/2018  | 
In less than one month, security researchers participating in the Pentagon's Hack the Defense Travel System program found 65 vulnerabilities.
Windows 'Double Kill' Attack Code Found in RIG Exploit Kit
News  |  5/30/2018  | 
Microsoft issued a fix for the remote code execution zero-day vulnerability in May, but research shows businesses have slowed their patching processes post-Meltdown.
FireEye Offers Free Tool to Detect Malicious Remote Logins
News  |  5/30/2018  | 
Open source GeoLogonalyzer helps to weed out hackers exploiting stolen credentials to log into their targets.
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
Commentary  |  5/30/2018  | 
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net
News  |  5/29/2018  | 
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.
Alexa Mishap Hints at Potential Enterprise Security Risk
News  |  5/29/2018  | 
When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.
FireMon to Buy Lumeta
News  |  5/29/2018  | 
Network security policy vendor looks to expand its offerings to real-time situational awareness on-premise and in the cloud.
Security Lags in Enterprise Cloud Migration
Quick Hits  |  5/25/2018  | 
Cloud security is falling farther behind as companies migrate more and more of their workloads to public cloud infrastructures.
10 Free DevOps-Friendly Security Tools Developers Will Love
Slideshows  |  5/25/2018  | 
Start building an affordable DevSecOps automation toolchain with these free application security tools.
Most Expensive Data Breaches Start with Third Parties: Report
News  |  5/24/2018  | 
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
DOJ Sinkholes VPNFilter Control Servers Found in US
News  |  5/24/2018  | 
The US Department of Justice said the move aims to thwart the spread of the botnet as part of its investigation into Russian nation-state hacking group APT28 aka Fancy Bear.
Malwarebytes Buys Binisoft for Firewall Management
Quick Hits  |  5/24/2018  | 
Vendor plans to integrate Binisoft's Windows Firewall Control into the Malwarebytes endpoint protection platform.
Is Threat Intelligence Garbage?
Commentary  |  5/23/2018  | 
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
6 Steps for Applying Data Science to Security
Slideshows  |  5/23/2018  | 
Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.
New Research Seeks to Shorten Attack Dwell Time
News  |  5/18/2018  | 
It can take months for an organization to know they've been hacked. A new DARPA-funded project seeks to reduce that time to hours.
Breakout Time: A Critical Key Cyber Metric
Commentary  |  5/8/2018  | 
Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.
10 Lessons From an IoT Demo Lab
Slideshows  |  5/7/2018  | 
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
5 Ways to Better Use Data in Security
Slideshows  |  5/5/2018  | 
Use these five tips to get your security shop thinking more strategically about data.
Page 1 / 2   >   >>


New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17182
PUBLISHED: 2018-09-19
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations...
CVE-2018-17144
PUBLISHED: 2018-09-19
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...