Latest Content
Page 1 / 2   >   >>
Is Application Security Dead?
Commentary  |  3/22/2018
The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.
5 Ways to Get Ready for Public Cloud Deployment
Commentary  |  3/22/2018
Syncing security and product development early is now a "must do."
SOC in Translation: 4 Common Phrases & Why They Raise Flags
Commentary  |  3/21/2018
By keeping an ear out for out for catchphrases like "Just ask Stu" or "I've got a bad feeling about this," CISOs can overcome the barriers that get between business leaders and their security teams.
How Serverless Computing Reshapes Security
Commentary  |  3/21/2018
The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.
Critical Infrastructure: Stop Whistling Past the Cyber Graveyard
Commentary  |  3/20/2018
An open letter to former colleagues in Homeland Security, peers in private sector cybersecurity firms, those who own and operate critical systems, academics, and politicians.
The Case for Integrating Physical Security & Cybersecurity
Commentary  |  3/20/2018
Aggregating threat intel from external data sources is no longer enough. You must look inside and outside your traditional knowledge base for the best way to defend against attacks.
A Data Protection Officer's Guide to the GDPR Galaxy
Commentary  |  3/19/2018
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
The Containerization of Artificial Intelligence
Commentary  |  3/16/2018
AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.
Online Ads vs. Security: An Invisible War
Commentary  |  3/15/2018
Why visiting one website is like visiting 50, and how you can fight back against malvertisers.
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Commentary  |  3/15/2018
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
Segmentation: The Neglected (Yet Essential) Control
Commentary  |  3/14/2018
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
A Secure Enterprise Starts with a Cyber-Aware Staff
Commentary  |  3/14/2018
An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.
Google 'Distrust Dates' Are Coming Fast
Commentary  |  3/13/2018
All the tools are in place for the migration of SSL digital certificates on a scale that is unprecedented for the certificate authority industry. Are you ready?
What's the C-Suite Doing About Mobile Security?
Commentary  |  3/13/2018
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
Disappearing Act: Dark Reading Caption Contest Winners
Commentary  |  3/12/2018
A standout field with hysterical puns about security policies, Meltdown, Amazon Web Services, and the right to be forgotten. And the winner is
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Commentary  |  3/12/2018
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
DevSecOps: The Importance of Building Security from the Beginning
Commentary  |  3/9/2018
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
Putting the S in SDLC: Do You Know Where Your Data Is?
Commentary  |  3/8/2018
Data represents the ultimate attack surface. Avoid major data breaches (and splashy headlines) by keeping track of where your data is.
Cybersecurity Gets Added to the M&A Lexicon
Commentary  |  3/8/2018
Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.
Privilege Abuse Attacks: 4 Common Scenarios
Commentary  |  3/7/2018
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
Why Security-Driven Companies Are More Successful
Commentary  |  3/7/2018
Software Security Masters are better at handling application development security and show much higher growth than their peers. Here's how to become one.
Connected Cars Pose New Security Challenges
Commentary  |  3/6/2018
The auto industry should seize the opportunity and get in front of this issue.
Pragmatic Security: 20 Signs You Are 'Boiling the Ocean'
Commentary  |  3/6/2018
Ocean-boiling is responsible for most of the draconian, nonproductive security policies I've witnessed over the course of my career. Here's why they don't work.
Hacking Back & the Digital Wild West
Commentary  |  3/5/2018
Far from helping organizations defend themselves, hacking back will escalate an already chaotic situation.
A Secure Development Approach Pays Off
Commentary  |  3/2/2018
Software security shouldn't be an afterthought. That's why the secure software development life cycle deserves a fresh look.
How & Why the Cybersecurity Landscape Is Changing
Commentary  |  3/1/2018
A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
How to Secure 'Permissioned' Blockchains
Commentary  |  2/28/2018
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
March Dark Reading Event Calendar Spans BlackOps to SecDevOps
Commentary  |  2/27/2018
These upcoming webinars will help you comprehend the mysterious machinations inside the minds of hackers and in-house developers.
Security Starts with the User Experience
Commentary  |  2/27/2018
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.
Incident 'Management': What IT Security Can Learn from Public Safety
Commentary  |  2/27/2018
How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018
Expect more as the year goes on: more breaches, more IoT attacks, more fines
Leveraging Security to Enable Your Business
Commentary  |  2/23/2018
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Commentary  |  2/22/2018
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
Anatomy of an Attack on the Industrial IoT
Commentary  |  2/22/2018
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
Takeaways from the Russia-Linked US Senate Phishing Attacks
Commentary  |  2/21/2018
The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Commentary  |  2/20/2018
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
Rise of the 'Hivenet': Botnets That Think for Themselves
Commentary  |  2/16/2018
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
Democracy & DevOps: What Is the Proper Role for Security?
Commentary  |  2/15/2018
Security experts need a front-row seat in the application development process but not at the expense of the business.
From DevOps to DevSecOps: Structuring Communication for Better Security
Commentary  |  2/15/2018
A solid approach to change management can help prevent problems downstream.
3 Tips to Keep Cybersecurity Front & Center
Commentary  |  2/14/2018
In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.
Fileless Malware: Not Just a Threat, but a Super-Threat
Commentary  |  2/14/2018
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
Can Android for Work Redefine Enterprise Mobile Security?
Commentary  |  2/13/2018
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Commentary  |  2/13/2018
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
Better Security Analytics? Clean Up the Data First!
Commentary  |  2/12/2018
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
Tracking Bitcoin Wallets as IOCs for Ransomware
Commentary  |  2/12/2018
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
Back to Basics: AI Isn't the Answer to What Ails Us in Cyber
Commentary  |  2/9/2018
The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.
20 Signs You Need to Introduce Automation into Security Ops
Commentary  |  2/8/2018
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
Ticking Time Bombs in Your Data Center
Commentary  |  2/7/2018
The biggest security problems inside your company may result from problems it inherited.
Page 1 / 2   >   >>

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
The Case for Integrating Physical Security & Cybersecurity
Paul Kurtz, CEO & Cofounder, TruSTAR Technology,  3/20/2018
A Look at Cybercrime's Banal Nature
Curtis Franklin Jr., Executive Editor, Technical Content,  3/20/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.