Commentary
Latest Content
Page 1 / 2   >   >>
What The WADA Hack Proves About Today's Threat Landscape
Commentary  |  9/26/2016  | 
Fancy Bear's initial release of data on four top American athletes reminds us all to reassess our risks.
7 New Rules For IoT Safety & Vuln Disclosure
Commentary  |  9/24/2016  | 
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
On-Premises & In The Cloud: Making Sense Of Your Cybersecurity Ecosystem
Commentary  |  9/23/2016  | 
As enterprises continue to invest in hybrid cloud strategies, they need their fragmented security solutions to work together.
Snowden: Hollywood Highlights 2 Persistent Privacy Threats
Commentary  |  9/22/2016  | 
Oliver Stones movie shows us that while most of us have nothing to hide, we all have information worth protecting both technically and constitutionally.
Even A False Positive Can Be Valuable
Commentary  |  9/22/2016  | 
Sharing information about cyberthreats is important for the financial services industry, even when threats turn out to be not-so-threatening.
A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack
Commentary  |  9/21/2016  | 
This slightly modified model is a practical way to keep attackers out of your systems.
Hacking 'Forward With Weaponized Intelligence
Commentary  |  9/20/2016  | 
Instead of hacking back and taking the fight to your adversary, what if your organization hacked forward by unearthing breach scenarios before the hackers do?
What Smart Cities Can Teach Enterprises About Security
Commentary  |  9/19/2016  | 
The more you simplify your security program while still being effective, the better, says San Diegos chief information security officer. Heres his three-step process.
Whats The Risk? 3 Things To Know About Chatbots & Cybersecurity
Commentary  |  9/19/2016  | 
Interactive message bots are useful and becoming more popular, but they raise serious security issues.
Why You May Need To Shake Up Your DevOps Team To Manage The Cloud
Commentary  |  9/16/2016  | 
The security approaches of yesterday wont work in the cloud world of today and tomorrow.
20 Questions Security Leaders Need To Ask About Analytics
Commentary  |  9/15/2016  | 
The game of 20 questions is a great way to separate vendors that meets your needs from those who will likely disappoint.
Yes, The Cloud Can Be A Security Win
Commentary  |  9/15/2016  | 
With the right controls in place, the cloud doesnt have to be a scary place. These guidelines can help your company stay safe.
Risk Management Best Practices For CISOs
Commentary  |  9/14/2016  | 
What's your company's risk appetite? Our list of best practices can help you better understand a difficult topic.
A Moving Target: Tackling Cloud Security As A Data Issue
Commentary  |  9/13/2016  | 
Todays challenge is protecting critical information that an increasingly mobile workforce transfers every day between clouds, between cloud and mobile, and between cloud, mobile, and IoT.
Snowden May Help Explain Your Job To Your Family
Commentary  |  9/12/2016  | 
Hacking Oliver Stone's new film about whistleblower Edward Snowden.
New Book Traces Obama Strategy To Protect America From Hackers, Terrorists & Nation States
Commentary  |  9/12/2016  | 
A review of Charlie Mitchell's 'Hacked: The Inside Story of Americas Struggle to Secure Cyberspace.'
Data Manipulation: An Imminent Threat
Commentary  |  9/12/2016  | 
Critical industries are largely unprepared for a potential wave of destructive attacks.
Avoiding The Blame Game For A Cyberattack
Commentary  |  9/8/2016  | 
How organizations can develop a framework of acceptable care for cybersecurity risk.
The Shifting Mindset Of Financial Services CSOs
Commentary  |  9/8/2016  | 
Theyre getting more realistic and developing strategies to close security gaps.
Defining The Common Core Of Cybersecurity: Certifications + Practical Experience
Commentary  |  9/7/2016  | 
Security certifications are necessary credentials, but alone wont solve the industrys critical talent gap.
Introducing Deep Learning: Boosting Cybersecurity With An Artificial Brain
Commentary  |  9/6/2016  | 
With nearly the same speed and precision that the human eye can identify a water bottle, the technology of deep learning is enabling the detection of malicious activity at the point of entry in real-time.
Why Social Media Sites Are The New Cyber Weapons Of Choice
Commentary  |  9/6/2016  | 
Facebook, LinkedIn, and Twitter cant secure their own environments, let alone yours. Its time to sharpen your security acumen.
The New Security Mindset: Embrace Analytics To Mitigate Risk
Commentary  |  9/5/2016  | 
Sure, conducting a penetration test can find a weakness. But to truly identify key areas of risk, organizations must start to think more creatively, just like todays hackers.
3 Golden Rules For Managing Third-Party Security Risk
Commentary  |  9/1/2016  | 
Rule 1: know where your data sets are, which vendors have access to the data, and what privacy and security measures are in place.
How To Talk About Security With Every C-Suite Member
Commentary  |  9/1/2016  | 
Reframe your approach with context in order to get your message across.
How Not To Pay A Ransom: 3 Tips For Enterprise Security Pros
Commentary  |  8/31/2016  | 
At the most basic level, organizations must understand their data, the entry points, and who has access. But dont forget to keep your backup systems up to date.
Malware Markets: Exposing The Hype & Filtering The Noise
Commentary  |  8/30/2016  | 
Theres a lot of useful infosec information out there, but cutting through clutter is harder than it should be.
6 Ways To Hack An Election
Commentary  |  8/30/2016  | 
Threats to our electoral process can come from outside the country or nefarious insiders. Our country needs to be better prepared.
Critical Infrastructure: The Next Cyber-Attack Target
Commentary  |  8/29/2016  | 
Power and utilities companies need a risk-centric cybersecurity approach to face coming threats.
The Hidden Dangers Of 'Bring Your Own Body'
Commentary  |  8/26/2016  | 
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
The Secret Behind the NSA Breach: Network Infrastructure Is the Next Target
Commentary  |  8/25/2016  | 
How the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches.
Security Leadership & The Art Of Decision Making
Commentary  |  8/24/2016  | 
What a classically-trained guitarist with a Masters Degree in counseling brings to the table as head of cybersecurity and privacy at one of the worlds major healthcare organizations.
When Securing Your Applications, Seeing Is Believing
Commentary  |  8/24/2016  | 
While the cloud is amazing, a worrying lack of visibility goes along with it. Keep that in mind as you develop your security approach.
CISO Security Portfolios Vs. Reporting Structures
Commentary  |  8/23/2016  | 
Organizational structure is a tool for driving action. Worrying about your bosss title wont help you as much as a better communication framework.
Anatomy Of A Social Media Attack
Commentary  |  8/23/2016  | 
Finding and addressing Twitter and Facebook threats requires a thorough understanding of how theyre accomplished.
Darknet: Where Your Stolen Identity Goes to Live
Commentary  |  8/19/2016  | 
Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.
How Diversity Can Bridge The Talent Gap
Commentary  |  8/18/2016  | 
Women and minorities in the security industry share some hard truths about the security industrys hiring traditions and practices.
5 Strategies For Enhancing Targeted Security Monitoring
Commentary  |  8/18/2016  | 
These examples will help you improve early incident detection results.
User Ed: Patching People Vs Vulns
Commentary  |  8/17/2016  | 
How infosec can combine and adapt security education and security defenses to the way users actually do their jobs.
Security Must Become Driving Force For Auto Industry
Commentary  |  8/17/2016  | 
Digital security hasnt kept pace in this always-connected era. Is infosec up to the challenge?
Dark Reading Radio: What Keeps IT Security Pros Awake at Night
Commentary  |  8/16/2016  | 
Join us for a wide-ranging discussion with (ISC) Chief Exec David Shearer on the most worrisome infosec trends and challenges.
Substantially Above Par: DR Cartoon Caption Contest Winners
Commentary  |  8/12/2016  | 
Critical vulnerabilities, links & virtual reality. And the winner is...
Security Portfolios: A Different Approach To Leadership
Commentary  |  8/11/2016  | 
How grounding a conversation around a well-organized list of controls and their goals can help everyone be, literally, on the same page.
What The TSA Teaches Us About IP Protection
Commentary  |  8/11/2016  | 
Data loss prevention solutions are no longer effective. Todays security teams have to keep context and human data in mind, as the TSA does.
Theory Vs Practice: Getting The Most Out Of Infosec
Commentary  |  8/10/2016  | 
Why being practical and operationally minded is the only way to build a successful security program.
Building A Detection Strategy With The Right Metrics
Commentary  |  8/9/2016  | 
The tools used in detecting intrusions can lead to an overwhelming number of alerts, but theyre a vital part of security.
Data Protection From The Inside Out
Commentary  |  8/8/2016  | 
Organizations must make fundamental changes in the way they approach data protection.
Best Of Black Hat Innovation Awards: And The Winners Are
Commentary  |  8/3/2016  | 
Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging company; Paul Vixie, most innovative thought leader.
Dark Reading Radio at Black Hat 2016: 2 Shows, 4 #BHUSA Presenters
Commentary  |  8/2/2016  | 
Even if you can't physically be at Black Hat USA 2016, Dark Reading offers a virtual alternative to engage with presenters about hot show topics and trends.
3 Steps Towards Building Cyber Resilience Into Critical Infrastructure
Commentary  |  8/2/2016  | 
The integration of asset management, incident response processes and education is critical to improving the industrial control system cybersecurity landscape.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.