Operations // Careers & People
News & Commentary
Why We Need Better Cyber Security: A Graphical Snapshot
Marilyn Cohodas, Community Editor, Dark Reading
By 2022, demand for security industry professionals will grow 37%.
By Marilyn Cohodas Community Editor, Dark Reading, 11/28/2014
Comment0 comments  |  Read  |  Post a Comment
How I Became A CISO: Mark Potter, Danya International
Sara Peters, Senior Editor at Dark ReadingNews
Much like one of his favorite choose-your-own-adventure novels, Mark Potter's path to the chief information security officer job was full of twists, turns, and a couple of falls off a cliff.
By Sara Peters Senior Editor at Dark Reading, 11/24/2014
Comment1 Comment  |  Read  |  Post a Comment
Cyber Security Needs Its Ralph Nader
Tsion Gonen , Chief Strategy Officer, SafeNetCommentary
It took thousands of unnecessary traffic fatalities to create an environment for radical transformation of the auto industry. What will it take for a similar change to occur in data security?
By Tsion Gonen Chief Strategy Officer, SafeNet, 11/24/2014
Comment11 comments  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment3 comments  |  Read  |  Post a Comment
Enter The Digital Risk Officer
Nick Sanna, President, Digital Risk Management InstituteCommentary
In the brave new world of digital risk management, a CISO would report up to a DRO who manages risk from a business perspective and works with peers in business ops, compliance, and IT security.
By Nick Sanna President, Digital Risk Management Institute, 11/20/2014
Comment1 Comment  |  Read  |  Post a Comment
Killing Passwords: Don’t Get A-Twitter Over ‘Digits’
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitter’s new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
Is Security Awareness Training Really Worth It?
Fahmida Y. Rashid, News
Experts weigh in on the value of end-user security training, and how to make education more effective.
By Fahmida Y. Rashid , 11/18/2014
Comment9 comments  |  Read  |  Post a Comment
Why Cyber Security Starts At Home
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Even the grandmas on Facebook need to know and practice basic security hygiene, because what happens anywhere on the Internet can eventually affect us all.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 11/17/2014
Comment13 comments  |  Read  |  Post a Comment
The Enemy Who Is Us: DoD Puts Contractors On Notice For Insider Threats
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
New rule requires US government contractors to gather and report information on insider threat activity on classified networks.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
How I Became A CISO: Jennings Aske, Nuance Communications
Sara Peters, Senior Editor at Dark ReadingNews
With the training of an attorney, the curiosity of an academic, and some fortuitous timing, Aske rode the compliance wave straight through to the CISO role.
By Sara Peters Senior Editor at Dark Reading, 11/10/2014
Comment9 comments  |  Read  |  Post a Comment
Most Effective CISOs Have Business Background, Says IBM Security Leader
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Knowing how to manipulate the corporate system is more important than techie cred.
By Sara Peters Senior Editor at Dark Reading, 11/5/2014
Comment8 comments  |  Read  |  Post a Comment
Ransomware Getting Easier For Both Bad Guys & Victims
Sara Peters, Senior Editor at Dark ReadingNews
Ransomware operators can make a tidy living without much technical expertise or legwork.
By Sara Peters Senior Editor at Dark Reading, 11/4/2014
Comment9 comments  |  Read  |  Post a Comment
How I Became A CISO: Quinn Shamblin, Boston University
Sara Peters, Senior Editor at Dark ReadingNews
The man now leading security for a major university first got the security bug when dealing in government secrets about nuclear power.
By Sara Peters Senior Editor at Dark Reading, 11/3/2014
Comment3 comments  |  Read  |  Post a Comment
Cyberspace Expands Threat Matrix
Patience Wait, News
National security experts warn there is no privacy or security any more.
By Patience Wait , 11/3/2014
Comment1 Comment  |  Read  |  Post a Comment
Cyber Security Law Vs. Partisan Politics
W. Hord Tipton, Commentary
Cyber security sometimes turns up as a campaign issue, but effective legislation has stalled. It's time for a rational approach to regaining trust in our digital world.
By W. Hord Tipton , 10/31/2014
Comment4 comments  |  Read  |  Post a Comment
Welcome To My Cyber Security Nightmare
TK Keanini, CTO, LancopeCommentary
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.
By TK Keanini CTO, Lancope, 10/30/2014
Comment5 comments  |  Read  |  Post a Comment
How I Became a CISO: Janet Levesque, RSA
Sara Peters, Senior Editor at Dark ReadingNews
RSA's newest chief information security officer says she landed the job because of her ability to build relationships, not a background in crypto or a pile of certs.
By Sara Peters Senior Editor at Dark Reading, 10/27/2014
Comment12 comments  |  Read  |  Post a Comment
Incident Response: Is Your IR Plan A Glorified Phone Tree?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
Training internal security teams to be first responders can drastically improve an organization's effectiveness in the wake of a data breach. Here's why.
By Kerstyn Clover Attack & Defense Team Consultant, 10/23/2014
Comment4 comments  |  Read  |  Post a Comment
How To Become A CISO, Part 1
Sara Peters, Senior Editor at Dark ReadingNews
Think you're ready for the top job? Here's part 1 of a series to help you land that prime chief information security officer position.
By Sara Peters Senior Editor at Dark Reading, 10/20/2014
Comment22 comments  |  Read  |  Post a Comment
Insider Threats: Breaching The Human Barrier
Christopher Hadnagy, Founder & CEO, Social-Engineer, Inc.Commentary
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
By Christopher Hadnagy Founder & CEO, Social-Engineer, Inc., 10/20/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7178
Published: 2014-11-28
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

CVE-2014-7850
Published: 2014-11-28
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.

CVE-2014-8423
Published: 2014-11-28
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.

CVE-2014-8424
Published: 2014-11-28
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.

CVE-2014-8425
Published: 2014-11-28
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?