Content posted in January 2015
How The Skills Shortage Is Killing Defense in Depth
Commentary  |  1/30/2015
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely looks nifty, but I dont have the staff to deploy it.
Why Iran Hacks
Commentary  |  1/29/2015
Iran is using its increasingly sophisticated cyber capabilities to minimize Western influence and establish itself as the dominant power in the Middle East.
Small Changes Can Make A Big Difference In Tech Diversity
Commentary  |  1/28/2015
Theres no doubt that many employers feel most comfortable hiring people like themselves. But in InfoSec, this approach can lead to stagnation.
WiIl Millennials Be The Death Of Data Security?
Commentary  |  1/27/2015
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
Power Consumption Technology Could Help Enterprises Identify Counterfeit Devices
Commentary  |  1/26/2015
Understanding a device's "power fingerprint" might make it possible to detect security anomalies in Internet of Things as well, startup says
Building A Cybersecurity Program: 3 Tips
Commentary  |  1/26/2015
Getting from we need to we have a cybersecurity program is an investment in time and resources thats well worth the effort.
Why Russia Hacks
Commentary  |  1/23/2015
Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.
What Government Can (And Cant) Do About Cybersecurity
Commentary  |  1/22/2015
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
Facebook Messenger: Classically Bad AppSec
Commentary  |  1/21/2015
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
Could The Sony Attacks Happen Again? Join The Conversation
Commentary  |  1/21/2015
Check out Dark Reading Radio's interview and live chat with CrowdStrike founder and CEO George Kurtz and Shape Security executive Neal Mueller.
The Truth About Malvertising
Commentary  |  1/16/2015
Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats.
Why North Korea Hacks
Commentary  |  1/15/2015
The motivation behind Democratic Peoples Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
4 Mega-Vulnerabilities Hiding in Plain Sight
Commentary  |  1/14/2015
How four recently discovered, high-impact vulnerabilities provided god mode access to 90% of the Internet for 15 years, and what that means for the future.
Insider Threats in the Cloud: 6 Harrowing Tales
Commentary  |  1/13/2015
The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.
2015: The Year Of The Security Startup – Or Letdown
Commentary  |  1/13/2015
While stealth startup Ionic and other newcomers promise to change the cyber security game, ISC8 may be the first of many to head for the showers.
Cloud Services Adoption: Rates, Reasons & Security Fears
Commentary  |  1/12/2015
Concern over data breaches and privacy are two reasons enterprises in the European Union didnt increase their use of cloud services in 2014, according to the EUs recent Eurostat report.
Chick-fil-A Breach: Avoiding 5 Common Security Mistakes
Commentary  |  1/9/2015
On the surface these suggestions may seem simplistic. But almost every major retail breach in the last 12 months failed to incorporate at least one of them.
Nation-State Cyberthreats: Why They Hack
Commentary  |  1/8/2015
All nations are not created equal and, like individual hackers, each has a different motivation and capability.
Its Time to Treat Your Cyber Strategy Like a Business
Commentary  |  1/7/2015
How do we win against cybercrime? Take a cue from renowned former GE chief exec Jack Welch and start with a clearly-defined mission.
Deconstructing The Sony Hack: What I Know From Inside The Military
Commentary  |  1/6/2015
Don't get caught up in the guessing game on attribution. The critical task is to understand the threat data and threat actor tactics to ensure you are not vulnerable to the same attack.

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.