Commentary
Content posted in September 2015
A Fathers Perspective On The Gender Gap In Cybersecurity
Commentary  |  9/30/2015  | 
There are multiple reasons for the dearth of women in infosec when the field is so rich with opportunity. The big question is what the industry is going to do about it.
The Unintended Attack Surface Of The Internet Of Things
Commentary  |  9/29/2015  | 
How a vulnerability in a common consumer WiFi device is challenging todays enterprise security.
Deconstructing The Challenges Of Software Assurance For Connected Cars
Commentary  |  9/28/2015  | 
Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.
FTC v. Wyndham: Naughty 9 Security Fails to Avoid
Commentary  |  9/25/2015  | 
The Federal Trade Commissions fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.
4 IoT Cybersecurity Issues You Never Thought About
Commentary  |  9/24/2015  | 
Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things.
Shellshocks Cumulative Risk One Year Later
Commentary  |  9/24/2015  | 
How long does it take to patch an entire distribution and bring it up to date? Longer than you think.
The Common Core Of Application Security
Commentary  |  9/22/2015  | 
Why you will never succeed by teaching to the test.
Why Its Insane To Trust Static Analysis
Commentary  |  9/22/2015  | 
If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts.
Navigating The Slippery Slope Of Public Security Disclosure
Commentary  |  9/21/2015  | 
In talking publicly about cybersecurity, CISOs need to portray capability, strength, and confidence, but without offering critical details that could lead to an attack.
Visibility: The Key To Security In The Cloud
Commentary  |  9/18/2015  | 
You cant secure what you cant see. These five best practices will shed some light on how to protect your data from the ground up.
5 Most Common Firewall Configuration Mistakes
Commentary  |  9/17/2015  | 
A misconfigured firewall can damage your organization in more ways than you think. Heres where to look for the holes.
'No-Tell' Motel: Where Hospitality Meets Cybercrime On The Dark Web
Commentary  |  9/16/2015  | 
In the month of July alone, hundreds of hospitality-related goods and services were offered for sale on the Dark Web including big names like Wyndham, Marriott, Hilton and Starwood.
Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET
Commentary  |  9/15/2015  | 
Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.
Information Security Lessons From Literature
Commentary  |  9/15/2015  | 
How classic themes about listening, honesty, and truthfulness can strengthen your organizations security posture, programs and operations.
The Truth About DLP & SIEM: Its A Process Not A Product
Commentary  |  9/11/2015  | 
If you know what data is critical to your organization and what activities are abnormal, data loss prevention and security information event management work pretty well. But thats not usually the case.
What Ashley Madison Can Teach The Rest Of Us About Data Security
Commentary  |  9/10/2015  | 
For a company whose offering can best be described as discretion-as-a-service, using anything less than state-of-the-art threat detection capabilities is inexcusable.
Why Everybody Loves (And Hates) Security
Commentary  |  9/9/2015  | 
Even security professionals hate security. So why do we all harbor so much dislike for something we need so much? And what can we do about it?
Avoiding Magpie Syndrome In Cybersecurity
Commentary  |  9/8/2015  | 
A quick fix usually isnt. Heres why those bright shiny new point solutions and security features can cause more harm than good.
Back To Basics: 10 Security Best Practices
Commentary  |  9/4/2015  | 
The most effective strategy for keeping organizations, users and customers safe is to focus on the fundamentals.
Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy
Commentary  |  9/2/2015  | 
You can read all you want about Windows 10 powerful new privacy features, but that doesnt mean you have them.
We Can Allow Cybersecurity Research Without Stifling Innovation
Commentary  |  9/1/2015  | 
The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.