Commentary
Latest Content
Page 1 / 2   >   >>
In the Cloud, Evolving Infrastructure Means Evolving Alliances
Commentary  |  5/25/2017  | 
New opportunities make for unusual bedfellows. Here's how to navigate the shift in organizational dynamics between security operations, line-of-business managers, and developers.
Ransomware: Carding's Replacement for the Criminal Masses
Commentary  |  5/25/2017  | 
Ransomware is not only here to stay, it's going to proliferate by orders of magnitude and cause substantial risk to businesses for the foreseeable future.
Data Security & Privacy: The Risks of Not Playing by the Rules
Commentary  |  5/24/2017  | 
Achieving compliance is a complex and challenging process. But with the right systems and policies, you can stay ahead of the next data breach and the regulators.
4 Reasons the Vulnerability Disclosure Process Stalls
Commentary  |  5/24/2017  | 
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
Staying a Step Ahead of Internet Attacks
Commentary  |  5/23/2017  | 
There's no getting around the fact that targeted attacks - like phishing - will happen. But you can figure out the type of attack to expect next.
With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?
Commentary  |  5/23/2017  | 
Technology alone won't keep you safe. Fully engaged employees should be your first line of defense.
In Search of an Rx for Enterprise Security Fatigue
Commentary  |  5/22/2017  | 
Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.
Deconstructing the 2016 Yahoo Security Breach
Commentary  |  5/19/2017  | 
One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.
All Generations, All Risks, All Contained: A How-To Guide
Commentary  |  5/18/2017  | 
Organizations must have a security plan that considers all of their employees.
WannaCry: Ransomware Catastrophe or Failure?
Commentary  |  5/18/2017  | 
Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
Why We Need a Data-Driven Cybersecurity Market
Commentary  |  5/17/2017  | 
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
The Fundamental Flaw in TCP/IP: Connecting Everything
Commentary  |  5/17/2017  | 
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
The Wide-Ranging Impact of New York's Cybersecurity Regulations
Commentary  |  5/16/2017  | 
New York's toughest regulations yet are now in effect. Here's what that means for your company.
How Many People Does It Take to Defend a Network?
Commentary  |  5/16/2017  | 
The question is hard to answer because there aren't enough cybersecurity pros to go around.
Your Grandma Could Be the Next Ransomware Millionaire
Commentary  |  5/15/2017  | 
Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.
5 Steps to Maximize the Value of your Security Investments
Commentary  |  5/12/2017  | 
How a security rationalization process can help CISOs make the most out of their information security infrastructure, and also improve the company bottom line.
What Developers Don't Know About Security Can Hurt You
Commentary  |  5/11/2017  | 
Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset.
Artificial Intelligence: Cybersecurity Friend or Foe?
Commentary  |  5/11/2017  | 
The next generation of situation-aware malware will use AI to behave like a human attacker: performing reconnaissance, identifying targets, choosing methods of attack, and intelligently evading detection.
Your IoT Baby Isn't as Beautiful as You Think It Is
Commentary  |  5/10/2017  | 
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
Extreme Makeover: AI & Network Cybersecurity
Commentary  |  5/10/2017  | 
In the future, artificial intelligence will constantly adapt to the growing attack surface. Today, we are still connecting the dots.
Shining a Light on Securitys Grey Areas: Process, People, Technology
Commentary  |  5/9/2017  | 
The changing distributed and mobile business landscape brings with it new security and privacy risks. Heres how to meet the challenge.
Deciphering the GDPR: What You Need to Know to Prepare Your Organization
Commentary  |  5/9/2017  | 
The European Union's upcoming privacy regulations are incredibly complex. Here are four important points to keep in mind.
Why Cyber Attacks Will Continue until Prevention Becomes a Priority
Commentary  |  5/8/2017  | 
Organizations must rethink their security measures. Focus on training, getting rid of old tech, and overcoming apathy.
Backdoors: When Good Intentions Go Bad
Commentary  |  5/5/2017  | 
Requiring encrypted applications to provide backdoors for law enforcement will weaken security for everyone.
Why OAuth Phishing Poses A New Threat to Users
Commentary  |  5/4/2017  | 
Credential phishing lets attackers gain back-end access to email accounts, and yesterday's Google Docs scam raises the risk to a new level.
How to Integrate Threat Intel & DevOps
Commentary  |  5/4/2017  | 
Automating intelligence can help your organization in myriad ways.
Seeing Security from the Other Side of the Window
Commentary  |  5/3/2017  | 
From the vantage of our business colleagues, security professionals are a cranky bunch who always need more money, but cant explain why.
7 Steps to Fight Ransomware
Commentary  |  5/3/2017  | 
Perpetrators are shifting to more specific targets. This means companies must strengthen their defenses, and these strategies can help.
Getting Threat Intelligence Right
Commentary  |  5/2/2017  | 
Are you thinking of implementing or expanding a threat intelligence program? These guidelines will help you succeed.
What's in a Name? Breaking Down Attribution
Commentary  |  5/2/2017  | 
Here's what you really need to know about adversaries.
The Cyber-Committed CEO & Board
Commentary  |  5/1/2017  | 
Here is what CISOs need to communicate to upper management about the business risks of mismanaging cybersecurity.
10 Cybercrime Myths that Could Cost You Millions
Commentary  |  4/29/2017  | 
Dont let a cybersecurity fantasy stop you from building the effective countermeasures you need to protect your organization from attack.
A Day in the Life of a Security Avenger
Commentary  |  4/28/2017  | 
Behind the scenes with a security researcher as we follow her through a typical day defending the world against seemingly boundless cyberthreats and attacks
OWASP Top 10 Update: Is It Helping to Create More Secure Applications?
Commentary  |  4/27/2017  | 
What has not been updated in the new Top 10 list is almost more significant than what has.
New OWASP Top 10 Reveals Critical Weakness in Application Defenses
Commentary  |  4/27/2017  | 
It's time to move from a dependence on the flawed process of vulnerability identification and remediation to a two-pronged approach that also protects organizations from attacks.
Threat Intelligence Is (Still) Broken: A Cautionary Tale from the Past
Commentary  |  4/26/2017  | 
There is much to be learned from the striking parallels between counter-terrorism threat analysis before 9-11 and how we handle cyber threat intelligence today.
What Role Should ISPs Play in Cybersecurity?
Commentary  |  4/26/2017  | 
There are many actions ISPs could do to make browsing the Web safer, but one thing stands out.
Why (& How) CISOs Should Talk to Company Boards
Commentary  |  4/25/2017  | 
The C-Suite needs to minimize cybersecurity risk in order to maximize its principal goal of attaining high-level, sustainable growth.
IT-OT Convergence: Coming to an Industrial Plant Near You
Commentary  |  4/25/2017  | 
There's been a big divide between IT and OT, but that must end. Here's how to make them come together.
The Road Less Traveled: Building a Career in Cyberthreat Intelligence
Commentary  |  4/24/2017  | 
It's hard to become a threat intelligence pro, but there are three primary ways of going about it.
Best Practices for Securing Open Source Code
Commentary  |  4/21/2017  | 
Attackers see open source components as an obvious target because there's so much information on how to exploit them. These best practices will help keep you safer.
Kill Chain & the Internet of Things
Commentary  |  4/20/2017  | 
IoT things such as security cameras, smart thermostats and wearables are particularly easy targets for kill chain intruders, but a layered approach to security can help thwart an attack.
Cutting through the Noise: Is It AI or Pattern Matching?
Commentary  |  4/20/2017  | 
Many vendors are fudging terms when trying to sell their artificial intelligence security systems. Here's what you need to know when you buy.
Google Won't Trust Symantec and Neither Should You
Commentary  |  4/19/2017  | 
As bad as this controversy is for Symantec, the real damage will befall the company and individual web sites deemed untrustworthy by a Chrome browser on the basis of a rejected Symantec certificate.
Snowden Says Mass Surveillance Programs 'Are About Power'
Commentary  |  4/19/2017  | 
Edward Snowden shared his views of the implications of mass surveillance programs and the government's objective in implementing them.
Join Dark Reading for a 4/20 Twitter Chat on AppSec
Commentary  |  4/19/2017  | 
The @DarkReading team will host a conversation about application security on 4/20 at 2 p.m. ET.
The Architecture of the Web Is Unsafe for Today's World
Commentary  |  4/19/2017  | 
The Internet is based on protocols that assume content is secure. A new, more realistic model is needed.
How Top Security Execs are Doing More with Less
Commentary  |  4/18/2017  | 
Even the largest corporations aren't immune to the cybersecurity skills gap an inside look at how they are coping and adjusting.
Intrusion Suppression:' Transforming Castles into Prisons
Commentary  |  4/18/2017  | 
How building cybersecurity structures that decrease adversaries dwell time can reduce the damage from a cyberattack.
The Implications Behind Proposed Internet Privacy Rules
Commentary  |  4/18/2017  | 
The FCC's overreach needed to be undone to protect the FTC's authority over privacy.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I've seen worse.  Last week Tim had a dragon."
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.