Commentary
Latest Content
Page 1 / 2   >   >>
6 Ways To Hack An Election
Commentary  |  8/30/2016  | 
Threats to our electoral process can come from outside the country or nefarious insiders. Our country needs to be better prepared.
Critical Infrastructure: The Next Cyber-Attack Target
Commentary  |  8/29/2016  | 
Power and utilities companies need a risk-centric cybersecurity approach to face coming threats.
The Hidden Dangers Of 'Bring Your Own Body'
Commentary  |  8/26/2016  | 
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
The Secret Behind the NSA Breach: Network Infrastructure Is the Next Target
Commentary  |  8/25/2016  | 
How the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches.
Security Leadership & The Art Of Decision Making
Commentary  |  8/24/2016  | 
What a classically-trained guitarist with a Masters Degree in counseling brings to the table as head of cybersecurity and privacy at one of the worlds major healthcare organizations.
When Securing Your Applications, Seeing Is Believing
Commentary  |  8/24/2016  | 
While the cloud is amazing, a worrying lack of visibility goes along with it. Keep that in mind as you develop your security approach.
CISO Security Portfolios Vs. Reporting Structures
Commentary  |  8/23/2016  | 
Organizational structure is a tool for driving action. Worrying about your bosss title wont help you as much as a better communication framework.
Anatomy Of A Social Media Attack
Commentary  |  8/23/2016  | 
Finding and addressing Twitter and Facebook threats requires a thorough understanding of how theyre accomplished.
Darknet: Where Your Stolen Identity Goes to Live
Commentary  |  8/19/2016  | 
Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.
How Diversity Can Bridge The Talent Gap
Commentary  |  8/18/2016  | 
Women and minorities in the security industry share some hard truths about the security industrys hiring traditions and practices.
5 Strategies For Enhancing Targeted Security Monitoring
Commentary  |  8/18/2016  | 
These examples will help you improve early incident detection results.
User Ed: Patching People Vs Vulns
Commentary  |  8/17/2016  | 
How infosec can combine and adapt security education and security defenses to the way users actually do their jobs.
Security Must Become Driving Force For Auto Industry
Commentary  |  8/17/2016  | 
Digital security hasnt kept pace in this always-connected era. Is infosec up to the challenge?
Dark Reading Radio: What Keeps IT Security Pros Awake at Night
Commentary  |  8/16/2016  | 
Join us for a wide-ranging discussion with (ISC) Chief Exec David Shearer on the most worrisome infosec trends and challenges.
Substantially Above Par: DR Cartoon Caption Contest Winners
Commentary  |  8/12/2016  | 
Critical vulnerabilities, links & virtual reality. And the winner is...
Security Portfolios: A Different Approach To Leadership
Commentary  |  8/11/2016  | 
How grounding a conversation around a well-organized list of controls and their goals can help everyone be, literally, on the same page.
What The TSA Teaches Us About IP Protection
Commentary  |  8/11/2016  | 
Data loss prevention solutions are no longer effective. Todays security teams have to keep context and human data in mind, as the TSA does.
Theory Vs Practice: Getting The Most Out Of Infosec
Commentary  |  8/10/2016  | 
Why being practical and operationally minded is the only way to build a successful security program.
Building A Detection Strategy With The Right Metrics
Commentary  |  8/9/2016  | 
The tools used in detecting intrusions can lead to an overwhelming number of alerts, but theyre a vital part of security.
Data Protection From The Inside Out
Commentary  |  8/8/2016  | 
Organizations must make fundamental changes in the way they approach data protection.
Best Of Black Hat Innovation Awards: And The Winners Are
Commentary  |  8/3/2016  | 
Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging company; Paul Vixie, most innovative thought leader.
Dark Reading Radio at Black Hat 2016: 2 Shows, 4 #BHUSA Presenters
Commentary  |  8/2/2016  | 
Even if you can't physically be at Black Hat USA 2016, Dark Reading offers a virtual alternative to engage with presenters about hot show topics and trends.
3 Steps Towards Building Cyber Resilience Into Critical Infrastructure
Commentary  |  8/2/2016  | 
The integration of asset management, incident response processes and education is critical to improving the industrial control system cybersecurity landscape.
Crypto Malware: Responding To Machine-Timescale Breaches
Commentary  |  8/1/2016  | 
The game has changed again with hackers ability to steal your data at record speeds and cripple your organization before the first alert.
How to Roll Your Own Threat Intelligence Team
Commentary  |  7/29/2016  | 
A lot of hard work needs to go into effectively implementing an intelligence-driven security model. It starts with five critical factors.
How To Stay Safe On The Black Hat Network: Dont Connect To It
Commentary  |  7/28/2016  | 
Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and theres no better place to do it than Black Hat.
The Internet Of Tiny Things: What Lurks Inside
Commentary  |  7/27/2016  | 
Hackers can now use a tiny $2 embedded chip -- at scale -- to launch thousands of infected 'things' out into the ether to capture data and soften consumers up for an attack.
In Security, Know That You Know Nothing
Commentary  |  7/26/2016  | 
Only when security professionals become aware of what they dont know, can they start asking the right questions and implementing the right security controls.
Building Black Hat: Locking Down One Of The Worlds Biggest Security Conferences
Commentary  |  7/25/2016  | 
For security pros, being asked to help secure Black Hat is like being asked to play on the Olympic basketball team.
5 Failsafe Techniques For Interviewing Security Candidates
Commentary  |  7/22/2016  | 
Filling critical information security roles with the right people is never easy. But learning how to separate the 'wheat from the chaff' is a smart step in the right direction.
Tools & Training To Hack Yourself Into Better Security
Commentary  |  7/21/2016  | 
How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.
5 Mr. Robot Hacks That Could Happen in Real Life
Commentary  |  7/20/2016  | 
As season two of the popular TV series gets underway, we reality-check anti-hero Elliots hacking prowess against real-life security and attack scenarios.
Deconstructing Connected Cars: A Hack Waiting To Happen
Commentary  |  7/19/2016  | 
Why your automobiles simple and reliable Controller Area Network will put you at risk in the brave new world of connected and autonomous driving.
Beyond Data: Why CISOs Must Pay Attention To Physical Security
Commentary  |  7/18/2016  | 
Information security professionals are missing the big picture if they think of vulnerabilities and threats only in terms of data protection, password hygiene and encryption.
What's Next For Canadas Surveillance Landscape?
Commentary  |  7/14/2016  | 
Edward Snowden headlines SecTor security conference as Canadian privacy advocates await the Trudeau governments next move in the countrys complex privacy and security debate.
72% of Black Hat Attendees Expect To Be Hit By 'Major' Data Breach Within A Year
Commentary  |  7/14/2016  | 
End users are the biggest weakness, and we're not doing enough to address the problem.
What I Expect to See At Black Hat 2016: 5 Themes
Commentary  |  7/13/2016  | 
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Heres what piques my interest this year.
EUs General Data Protection Regulation Is Law: Now What?
Commentary  |  7/12/2016  | 
Organizations have two years to prepare to act as borrowers, not owners, of customer data. Here are seven provisions of the new GPDR you ignore at your peril.
Dark Reading Launches Best Of Black Hat Awards Program; Finalists Selected
Commentary  |  7/12/2016  | 
New awards recognize innovation on Black Hat exhibit floor, including startups, emerging companies, and industry thinkers.
Does Defense In Depth Still Work Against Todays Cyber Threats?
Commentary  |  7/11/2016  | 
Yes. But not for much longer unless the industry shifts to an automated security and zero trust model.
A Holistic Approach to Cybersecurity Wellness: 3 Strategies
Commentary  |  7/7/2016  | 
Security professionals need to rely on more than vaccinations to protect the health and safety of company systems and data.
Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick
Commentary  |  7/6/2016  | 
Whether its due to lack of attention, poor capital planning or alert fatigue, there are lots of reasons why an SOC can become unhealthy. Heres how to make it better.
How Not To Write A Pen Test RFP
Commentary  |  7/5/2016  | 
The downside of a failed request for a penetration test proposal is a no-win situation for everyone. Here are five common mistakes to avoid.
Big Business Ransomware: A Lucrative Market in the Underground Economy
Commentary  |  7/1/2016  | 
Why lock and/or pilfer a persons files worth hundreds of dollars when corporate data is infinitely more valuable?
The Newbies 'How To Survive Black Hat' Guide
Commentary  |  6/29/2016  | 
Theres little chance you wont be totally exhausted after drinking from the information firehose all week. But if you follow these eight steps, it will be a very satisfying kind of fatigue.
Microsoft + LinkedIn: How To Spot Insider Trading Risk Early
Commentary  |  6/28/2016  | 
With the explosion of mobile, cloud, and the blurring of work and personal data, companies considering M&A have a lot to worry about when it comes to insider threats.
The Blind Spot Between The Cloud & The Data Center
Commentary  |  6/27/2016  | 
Ask most enterprise security analysts responsible for detection and response about their visibility into identity access risks and youre likely to get some confused looks. Heres why.
Mind The Gap: CISOs Versus 'Operators'
Commentary  |  6/25/2016  | 
How open communication among security execs and analysts, incidents responders, and engineers can help organizations stay on top of the constantly changing threat landscape.
Security Lessons from My Financial Planner
Commentary  |  6/24/2016  | 
Security investments can be viewed as a portfolio. If we think in portfolio terms, we realize that ROI is a backwards-looking measure. What else can we learn from financial planners?
Internet Of Things & The Platform Of Parenthood
Commentary  |  6/23/2016  | 
A new fathers musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.