Commentary
Latest Content
Page 1 / 2   >   >>
Building Black Hat: Locking Down One Of The World’s Biggest Security Conferences
Commentary  |  7/25/2016  | 
For security pros, being asked to help secure Black Hat is like being asked to play on the Olympic basketball team.
5 Failsafe Techniques For Interviewing Security Candidates
Commentary  |  7/22/2016  | 
Filling critical information security roles with the right people is never easy. But learning how to separate the 'wheat from the chaff' is a smart step in the right direction.
Tools & Training To ‘Hack Yourself’ Into Better Security
Commentary  |  7/21/2016  | 
How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.
5 ‘Mr. Robot’ Hacks That Could Happen in Real Life
Commentary  |  7/20/2016  | 
As season two of the popular TV series gets underway, we reality-check anti-hero Elliot’s hacking prowess against real-life security and attack scenarios.
Deconstructing Connected Cars: A Hack Waiting To Happen
Commentary  |  7/19/2016  | 
Why your automobile’s simple and reliable Controller Area Network will put you at risk in the brave new world of connected and autonomous driving.
Beyond Data: Why CISOs Must Pay Attention To Physical Security
Commentary  |  7/18/2016  | 
Information security professionals are missing the big picture if they think of vulnerabilities and threats only in terms of data protection, password hygiene and encryption.
What's Next For Canada’s Surveillance Landscape?
Commentary  |  7/14/2016  | 
Edward Snowden headlines SecTor security conference as Canadian privacy advocates await the Trudeau government’s next move in the country’s complex privacy and security debate.
72% of Black Hat Attendees Expect To Be Hit By 'Major' Data Breach Within A Year
Commentary  |  7/14/2016  | 
End users are the biggest weakness, and we're not doing enough to address the problem.
What I Expect to See At Black Hat 2016: 5 Themes
Commentary  |  7/13/2016  | 
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Here’s what piques my interest this year.
EU’s General Data Protection Regulation Is Law: Now What?
Commentary  |  7/12/2016  | 
Organizations have two years to prepare to act as borrowers, not owners, of customer data. Here are seven provisions of the new GPDR you ignore at your peril.
Dark Reading Launches Best Of Black Hat Awards Program; Finalists Selected
Commentary  |  7/12/2016  | 
New awards recognize innovation on Black Hat exhibit floor, including startups, emerging companies, and industry thinkers.
Does Defense In Depth Still Work Against Today’s Cyber Threats?
Commentary  |  7/11/2016  | 
Yes. But not for much longer unless the industry shifts to an automated security and zero trust model.
A Holistic Approach to Cybersecurity Wellness: 3 Strategies
Commentary  |  7/7/2016  | 
Security professionals need to rely on more than ‘vaccinations’ to protect the health and safety of company systems and data.
Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick
Commentary  |  7/6/2016  | 
Whether it’s due to lack of attention, poor capital planning or alert fatigue, there are lots of reasons why an SOC can become unhealthy. Here’s how to make it better.
How Not To Write A Pen Test RFP
Commentary  |  7/5/2016  | 
The downside of a failed request for a penetration test proposal is a no-win situation for everyone. Here are five common mistakes to avoid.
Big Business Ransomware: A Lucrative Market in the Underground Economy
Commentary  |  7/1/2016  | 
Why lock and/or pilfer a person’s files worth hundreds of dollars when corporate data is infinitely more valuable?
The Newbie’s 'How To Survive Black Hat' Guide
Commentary  |  6/29/2016  | 
There’s little chance you won’t be totally exhausted after “drinking from the information firehose” all week. But if you follow these eight steps, it will be a very satisfying kind of fatigue.
Microsoft + LinkedIn: How To Spot Insider Trading Risk Early
Commentary  |  6/28/2016  | 
With the explosion of mobile, cloud, and the blurring of work and personal data, companies considering M&A have a lot to worry about when it comes to insider threats.
The Blind Spot Between The Cloud & The Data Center
Commentary  |  6/27/2016  | 
Ask most enterprise security analysts responsible for detection and response about their visibility into identity access risks and you’re likely to get some confused looks. Here’s why.
Mind The Gap: CISOs Versus 'Operators'
Commentary  |  6/25/2016  | 
How open communication among security execs and analysts, incidents responders, and engineers can help organizations stay on top of the constantly changing threat landscape.
Security Lessons from My Financial Planner
Commentary  |  6/24/2016  | 
Security investments can be viewed as a portfolio. If we think in portfolio terms, we realize that ROI is a backwards-looking measure. What else can we learn from financial planners?
Internet Of Things & The Platform Of Parenthood
Commentary  |  6/23/2016  | 
A new father’s musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up.
‘Bug Poachers:’ A New Breed of Cybercriminal
Commentary  |  6/22/2016  | 
As if security researchers don’t have enough to worry about, we now have to contend with extortionists who take advantage of the well-established fact that applications are a ripe target for exploitation.
Phishing, Whaling & The Surprising Importance Of Privileged Users
Commentary  |  6/21/2016  | 
By bagging a privileged user early on, attackers can move from entry point to mission accomplished in no time at all.
Privacy Shield: Can the US Earn the EU’s Trust Post Apple vs. FBI?
Commentary  |  6/20/2016  | 
Rebuilding the privacy framework for data transfer between the US and its European trading partners won’t be easy but it’s still a worthwhile effort.
The Gamble Behind Cyber Threat Intelligence Sharing
Commentary  |  6/18/2016  | 
In theory, sharing threat intel makes sense. But in cybersecurity you're not dealing with known individuals, you’re dealing with anonymous adversaries capable of rapid change.
How Secure is Secure? Tips For Investing In The Right Strategy
Commentary  |  6/17/2016  | 
Business alignment, defense-in-depth and a phased approach are three principles to follow when building out a solid security program.
Pretty Good Passwords: Cartoon Caption Contest Winners
Commentary  |  6/16/2016  | 
Sticky notes, multi-factor authentication, password reuse and Donald Trump. And the winner is...
What CISOs Need to Tell The Board About Cyber Risk
Commentary  |  6/15/2016  | 
To avoid devastating financial losses, boards and the C-suite must have a deep understating of the cyber risks their organizations’ face. Here’s what they need to hear from the security team
A Look Back At Dark Reading's Best 10 Years (So Far)
Commentary  |  6/14/2016  | 
The past decade in security -- from botnets that were bigger than some service provider networks to vulnerabilities that affected not only whole industries but the very fabric of the internet. And much, much more...
5 Soft Skills Young Cybersecurity Professionals Need to Get Ahead
Commentary  |  6/14/2016  | 
Today’s employers aren’t looking for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply security expertise across the business to yield bottom-line results.
Self-Service Password Reset & Social Engineering: A Match Made In Hell
Commentary  |  6/13/2016  | 
A sad tale of how hackers compromised a CEO’s corporate account by trolling Facebook and LInkedin for answers to six common authentication questions. (And how to avoid that happening to you)
IoT Security: Onus On Developers, Security Researchers
Commentary  |  6/11/2016  | 
Security teams and DevOps need to team up on 'lean security' processes that make safety a top priority before a product reaches the market.
Revealing Lessons About Vulnerability Research
Commentary  |  6/10/2016  | 
It’s not clear why a dozen FBI agents showed up at a security researcher’s door last month but as cyber becomes more a factor in product safety, our judicial system needs to get a better grasp on who the real criminals are.
The End Of A Security Decade -- And The Beginning Of A New One
Commentary  |  6/10/2016  | 
Dark Reading wraps up its 10th anniversary coverage with a final look back at the decade -- and a look ahead.
Google Dorking: Exposing The Hidden Threat
Commentary  |  6/9/2016  | 
Google Dorking sounds harmless, but it can take your company down. Here's what you need to know to avoid being hacked.
Deconstructing The Impact Of Ransomware On Healthcare’s IoT
Commentary  |  6/8/2016  | 
If ransomware targets medical devices, exactly how will an attacker deliver the ransom note to the victim?
Microsegmentation & The Need For An Intelligent Attack Surface
Commentary  |  6/7/2016  | 
There is a fundamental difference in the security posture and technology for protecting the White House versus a Social Security office in California. So, too, for the critical apps and systems that are likely targets in your enterprise.
BYOD Security: How To Shift Device Control & Grant Users More Choice
Commentary  |  6/3/2016  | 
Gartner’s ‘managed diversity’ model offers an ITIL-compliant information security solution to the problem of Shadow IT.
How Facebook Raises A Generation Of Intelligence Analysts
Commentary  |  6/2/2016  | 
In the process of creating and administering groups, users learn how to read data points, create a risk profile in their head, and watch for changes over time.
How ‘Agile’ Changed Security At Dun & Bradstreet
Commentary  |  6/1/2016  | 
Chief Security Officer Jon Rose shares the whys and wherefores of integrating agile software development methodology into a traditional security environment.
Dark Reading At 10 Years: Learning From The Best
Commentary  |  5/31/2016  | 
Kudos to the Dark Reading community for strengthening the security industry with all its passion and opinions.
Ultimate Guide To DDoS Protection: Strategies And Best Practices
Commentary  |  5/30/2016  | 
To be in the best position to defend against DDoS, companies need to protect against a range of exploitable vulnerabilities -- and have the tools to detect and react to attacks.
Ultimate Guide To DDoS Protection: DDoS Is A Business Problem
Commentary  |  5/27/2016  | 
In the first of a two-part series, we examine the impact DDoS attacks have on business continuity – and why it is so much more than a network security problem.
A Wish List For The Security Conference Stage
Commentary  |  5/26/2016  | 
All the world may be a stage, but in the theater of cybersecurity, we need a more relevant dialogue of fresh ideas, novel approaches, and new ways of thinking.
A Newer Variant Of RawPOS: An In-Depth Look
Commentary  |  5/25/2016  | 
There's no silver bullet for RawPOS prevention, but you can impede RawPOS's ability to execute successfully by understanding how it works.
Poor Airport Security Practices Just Don’t Fly
Commentary  |  5/24/2016  | 
Five lessons learned the hard way by the Tampa International Airport about bringing third parties into a security environment.
What Europe Tells Us About The Future Of Data Privacy
Commentary  |  5/23/2016  | 
Recent initiatives offer new strategies for balancing technology, security, and organizational policy goals. Here are three approaches worth considering.
Closing the Gender Gap in Cybersecurity: 3 Critical Steps
Commentary  |  5/20/2016  | 
Women in security need to step up as industry role models and set the example for future generations. Here’s how.
Why Security Investigators Should Care About Forensic Research
Commentary  |  5/19/2016  | 
Despite the promise of expanded visibility into the user trail behind a data breach, the security industry has largely ignored the meticulous advances of forensic researchers. Privacy is just one reason for the snub.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.