Commentary
Latest Content
Page 1 / 2   >   >>
Cybersecurity: Don’t Bank On It With 3rd Parties
Commentary  |  4/24/2015  | 
Not knowing that a contractor’s employee had access to system passwords is not a valid excuse when your client’s records are stolen.
The Bad News For Infosec In The Target Settlement
Commentary  |  4/22/2015  | 
The legal argument behind the $10 million Class Action lawsuit and subsequent settlement is a gross misrepresentation of how attackers operate.
Health Insurers’ Digital Footprint Widening Attack Surface
Commentary  |  4/21/2015  | 
Insurers are ripe targets for attackers since they’re efficient concentrators of every kind of data needed for identity theft, credit card and insurance fraud. Here’s proof.
DHS: Most Organizations Need Improvement In Managing Security Risk
Commentary  |  4/20/2015  | 
At a Department of Homeland Security Summit, government and corporate security teams are taken to task for failing to address critical issues of software assurance, testing and lifecycle support.
Inside the 4 Most Common Threat Actor Tools
Commentary  |  4/17/2015  | 
How do you prevent your environment from becoming the next target? Turn the tables on your attackers.
Harnessing The Power Of Cyber Threat Intelligence
Commentary  |  4/16/2015  | 
Here are six real-world examples of how changing your modus operandi from reactive to proactive can drive rapid response to the threats that matter.
Why Standardized Threat Data Will Help Stop the Next Big Breach
Commentary  |  4/15/2015  | 
Adopting industry standards for threat intelligence will reduce a lot of the heavy lifting and free cyber security first responders to focus on what they do best.
Setting Security Professionals Up For Success
Commentary  |  4/14/2015  | 
People, process, and technology are all integral to a successful infosec program. What’s too often missing involves the concept of workflow.
Better Together: Network Operations & Infosec
Commentary  |  4/13/2015  | 
Getting networking and information security teams together in the same room is a critical step for companies that want to build a continuous information security culture.
Insider Threats: Focus On The User, Not The Data
Commentary  |  4/10/2015  | 
Global cybersecurity spending will hit almost $77 billion in 2015, so why are there more high-profile leaks than ever?
Solving the Right Problem: Stop Adversaries, Not Just Their Tools
Commentary  |  4/9/2015  | 
A malware-centric strategy is mere child’s play against today’s sophisticated adversaries. Here’s why.
5 Reasons You 'Better Call Saul' To Protect Corporate Data
Commentary  |  4/8/2015  | 
These pop-culture lessons from the entertaining Breaking Bad spinoff will make security awareness training both fun and effective.
So, You 'Don’t Believe In' Security Education?
Commentary  |  4/7/2015  | 
You're in the minority for a reason. Here's why.
Obama’s War On Hackers
Commentary  |  4/6/2015  | 
Cybersecurity legislation, for the most part, is a good idea. But not without protections for bug bounty programs and other vital, proactive security research.
The Good & Bad Of BYOD
Commentary  |  4/3/2015  | 
BYOD has very little to do with technology and everything to do with security, organizational politics, and human psychology.
Stuxnet Five Years Later: Did We Learn The Right Lesson?
Commentary  |  4/2/2015  | 
No! That's despite an abundance of best practices and standards that are shining light into the dark corners of industrial control system security.
Spring Cleaning In The SOC: Focus On the Inside Threat
Commentary  |  4/1/2015  | 
Along with warmer weather and melting snow, spring brings the perfect opportunity for user engagement. Here’s how to transform insiders into your most sophisticated security device.
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Commentary  |  3/31/2015  | 
Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Here’s proof.
Hacking Back: Two Wrongs Don’t Make A Right
Commentary  |  3/30/2015  | 
Here’s the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
Cyber Hunting: 5 Tips To Bag Your Prey
Commentary  |  3/26/2015  | 
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
The Internet Of Bring-Your-Own Things
Commentary  |  3/25/2015  | 
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
Educating The Cyberwarriors Of The Future
Commentary  |  3/24/2015  | 
If I have to choose between hiring a university-educated CompSci grad or an IT specialist strong in sysadmin, networking or programming, I will pick the IT specialist every time.
Context: Finding The Story Inside Your Security Operations Program
Commentary  |  3/23/2015  | 
What’s missing in today’s chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
The Clinton Email Kerfuffle & Shadow IT
Commentary  |  3/20/2015  | 
For security pros the issue is not government transparency. It's the fact that users, regardless of seniority, will always pick convenience over security.
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Commentary  |  3/19/2015  | 
Keeping tabs on open source code used in your organization’s applications and infrastructure is daunting, especially if you are relying solely on manual methods.
The Bot Threat For the Rest of Us: Application-Layer Attacks
Commentary  |  3/18/2015  | 
Bots are getting craftier by the day so you may not even know you have a problem.
The End of Pen Testing As We Know It?
Commentary  |  3/17/2015  | 
It's time to expand the scope of penetration tests beyond the periphery of the enterprise network.
Dark Reading Radio: Security Pros At Risk Of Being Criminalized
Commentary  |  3/16/2015  | 
ICYMI: Check out Dark Reading Radio's recent broadcast and discussion about the pitfalls of new government efforts to fight bad hackers that could ultimately hurt the good guys.
7 Deadly Sins Of Security Policy Change Management
Commentary  |  3/16/2015  | 
Mitigating these deadly sins requires process, visibility and automation. It’s an effort that will improve security and increase business agility.
Has Security Ops Outlived Its Purpose?
Commentary  |  3/13/2015  | 
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
Deconstructing Threat Models: 3 Tips
Commentary  |  3/12/2015  | 
There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when.
6 Ways The Sony Hack Changes Everything
Commentary  |  3/11/2015  | 
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
5 Things CISOs Can Learn From The Best GMs In Baseball
Commentary  |  3/10/2015  | 
A MLB team has many goals and objectives: to win, be profitable, have a solid strategy and understand the people whom they serve. Sound familiar?
Second Look: Data Security In A Hybrid Cloud
Commentary  |  3/9/2015  | 
Today’s big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
Does Hollywood Have The Answer To The Security Skills Question?
Commentary  |  3/6/2015  | 
The Oscar-winning biopic about famed WWII cryptanalyst Alan Turing -- the father of modern computing -- was long overdue. But a lot more needs to be done to inspire the next generation of computer scientists.
Which Apps Should You Secure First? Wrong Question.
Commentary  |  3/5/2015  | 
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
A ‘Building Code’ For Internet of Things Security, Privacy
Commentary  |  3/4/2015  | 
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
Compliance & Security: A Race To The Bottom?
Commentary  |  3/3/2015  | 
Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.
Why Security Awareness Alone Won’t Stop Hackers
Commentary  |  3/2/2015  | 
End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Commentary  |  3/2/2015  | 
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.
Cyber Intelligence: Defining What You Know
Commentary  |  2/27/2015  | 
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
How To Reduce Spam & Phishing With DMARC
Commentary  |  2/26/2015  | 
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief
Commentary  |  2/25/2015  | 
What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.
From Hacking Systems To Hacking People
Commentary  |  2/24/2015  | 
New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.
Blackhat, The Movie: Good, Bad & Ridiculous
Commentary  |  2/23/2015  | 
It didn’t take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
Who Cares Who’s Behind A Data Breach?
Commentary  |  2/20/2015  | 
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
Our Governments Are Making Us More Vulnerable
Commentary  |  2/19/2015  | 
Stuxnet opened Pandora’s box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
How We Can Prevent Another Anthem Breach
Commentary  |  2/18/2015  | 
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
How To Get More Involved In The IT Security Community
Commentary  |  2/18/2015  | 
Dark Reading Radio offers tips on how to network with your IT security peers, learn more about the industry and the profession, and participate in community outreach
Why The USA Hacks
Commentary  |  2/17/2015  | 
The U.S. government views cyberspace as just another theater of war akin to air, land and sea, and it operates in the domain for one basic reason: national defense.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.