Operations // Careers & People
News & Commentary
Cyber Boot Camp: Lessons Learned
Marilyn Cohodas, Community Editor, Dark Reading
What happens when 50 young people spend a week in the trenches with cybersecurity researchers from ESET? One picture is worth a thousand words. Here are seven.
By Marilyn Cohodas Community Editor, Dark Reading, 7/31/2015
Comment2 comments  |  Read  |  Post a Comment
Startup 'Stealth Worker' Matches Businesses With Security Talent
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New online service helps businesses looking for part-time security professionals fill specific job needs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/30/2015
Comment2 comments  |  Read  |  Post a Comment
Closing The Gap Between Security & Networking Ops: 5 Best Practices
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
If your factions are warring, there’s a lot you can do about it. Here’s how -- and why you can’t afford to wait.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 7/30/2015
Comment1 Comment  |  Read  |  Post a Comment
What 30 Classic Games Can Teach Us about Security
David Spark, Veteran Tech journalist and founder of Spark Media Solutions
Information security experts share their thoughts on how participating in games and sports helped hone their professional skills.
By David Spark Veteran Tech journalist and founder of Spark Media Solutions, 7/28/2015
Comment2 comments  |  Read  |  Post a Comment
New Phishing Campaign Leverages Google Drive
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers believe technique is geared to take over Google SSO accounts.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment1 Comment  |  Read  |  Post a Comment
Smartwatches Could Become New Frontier for Cyber Attackers
Jai Vijayan, Freelance writerNews
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
By Jai Vijayan Freelance writer, 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Internet of Things: Anything You Track Could Be Used Against You
Lysa Myers, Security Researcher, ESETCommentary
Lawyers – not security advocates – have fired the first salvos over wearable tech privacy. The results may surprise you.
By Lysa Myers Security Researcher, ESET, 7/23/2015
Comment0 comments  |  Read  |  Post a Comment
Finding The ROI Of Threat Intelligence: 5 Steps
Ryan Trost, CIO & Co-founder, ThreatQuotientCommentary
Advice from a former SOC manager on how to leverage threat intel without increasing the bottom line.
By Ryan Trost CIO & Co-founder, ThreatQuotient, 7/22/2015
Comment1 Comment  |  Read  |  Post a Comment
CISOs Caught In A Catch-22
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Chief information security officers are considered 'accountable' for breaches while not always in charge of all infosec strategy and purchases, new report shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/21/2015
Comment1 Comment  |  Read  |  Post a Comment
10 Trends In Infosec Careers And Staffing
Ericka Chickowski, Contributing Writer, Dark Reading
Employment stable for job-seekers, but staffing gaps persist for employers who need better security teams to counter threats
By Ericka Chickowski Contributing Writer, Dark Reading, 7/16/2015
Comment1 Comment  |  Read  |  Post a Comment
The Insiders: A Rogues Gallery
Mike Tierney, COO, SpectorSoftCommentary
You can defend against an insider threat if you know where to look.
By Mike Tierney COO, SpectorSoft, 7/16/2015
Comment0 comments  |  Read  |  Post a Comment
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
Tim Wilson, Editor in Chief, Dark ReadingNews
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
By Tim Wilson Editor in Chief, Dark Reading, 7/15/2015
Comment0 comments  |  Read  |  Post a Comment
Black Hat For Beginners: 4 Tips
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
What happens in Vegas stays in Vegas. But for newbies, these helpful hints will make sure you get the most out of the Black Hat USA experience.
By Kerstyn Clover Attack & Defense Team Consultant, 7/10/2015
Comment0 comments  |  Read  |  Post a Comment
Cloud & The Security Skills Gap
David Holmes, World-Wide Security Evangelist, F5CommentaryVideo
F5 Network security evangelist David Holmes tells how cloud outsourcing can help companies fill the talent gap in three critical areas of enterprise security.
By David Holmes World-Wide Security Evangelist, F5, 7/6/2015
Comment0 comments  |  Read  |  Post a Comment
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
4 Signs Your Board Thinks Security Readiness Is Better Than It Is
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ponemon Institute survey shows a gap in perception between boards of directors and IT executives when it comes to IT risk posture.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/30/2015
Comment2 comments  |  Read  |  Post a Comment
Social Engineering & Black Hat: Do As I Do Not As I Say
Tal Klein, VP Strategy, Lakeside Software.Commentary
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
By Tal Klein VP Strategy, Lakeside Software., 6/29/2015
Comment4 comments  |  Read  |  Post a Comment
3 Simple Steps For Minimizing Ransomware Exposure
Michelle Drolet, Founder, TowerwallCommentary
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
By Michelle Drolet Founder, Towerwall, 6/26/2015
Comment0 comments  |  Read  |  Post a Comment
Why China Wants Your Sensitive Data
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
By Adam Meyers VP of Intelligence, CrowdStrike, 6/24/2015
Comment17 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1009
Published: 2015-07-31
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

CVE-2015-1486
Published: 2015-07-31
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.

CVE-2015-1487
Published: 2015-07-31
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.

CVE-2015-1488
Published: 2015-07-31
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.

CVE-2015-1489
Published: 2015-07-31
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!