Operations // Careers & People
News & Commentary
FBI Threat Intelligence Cyber-Analysts Still Marginalized In Agency
Sara Peters, Senior Editor at Dark ReadingNews
Despite good progress, 9/11 Review Commission says that analysts could have a greater impact on FBI counter-terrorism activities if they had more domain awareness, forensics capabilities, and were more empowered to question agents.
By Sara Peters Senior Editor at Dark Reading, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
Educating The Cyberwarriors Of The Future
Jeff Schilling, CSO, FirehostCommentary
If I have to choose between hiring a university-educated CompSci grad or an IT specialist strong in sysadmin, networking or programming, I will pick the IT specialist every time.
By Jeff Schilling CSO, Firehost, 3/24/2015
Comment4 comments  |  Read  |  Post a Comment
Context: Finding The Story Inside Your Security Operations Program
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
What’s missing in today’s chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 3/23/2015
Comment6 comments  |  Read  |  Post a Comment
The Clinton Email Kerfuffle & Shadow IT
Ojas Rege, VP Strategy, MobileIronCommentary
For security pros the issue is not government transparency. It's the fact that users, regardless of seniority, will always pick convenience over security.
By Ojas Rege VP Strategy, MobileIron, 3/20/2015
Comment8 comments  |  Read  |  Post a Comment
Frenemies Of The C-Suite: CSO, CIO, CRO, CPO
Sara Peters, Senior Editor at Dark ReadingNews
Sometimes the security, IT, risk, and privacy offices just can't get along.
By Sara Peters Senior Editor at Dark Reading, 3/19/2015
Comment2 comments  |  Read  |  Post a Comment
New Security Mindset: Focus On The Interior
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Chief privacy officer Jason Straight shares his insights on why organizations are struggling to stop the breach wave -- and manage the aftermath.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/18/2015
Comment7 comments  |  Read  |  Post a Comment
The 7 Best Social Engineering Attacks Ever
Sara Peters, Senior Editor at Dark Reading
Seven reminders of why technology alone isn't enough to keep you secure.
By Sara Peters Senior Editor at Dark Reading, 3/17/2015
Comment3 comments  |  Read  |  Post a Comment
Dark Reading Radio: Security Pros At Risk Of Being Criminalized
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
ICYMI: Check out Dark Reading Radio's recent broadcast and discussion about the pitfalls of new government efforts to fight bad hackers that could ultimately hurt the good guys.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/16/2015
Comment3 comments  |  Read  |  Post a Comment
Has Security Ops Outlived Its Purpose?
Tal Klein, VP Strategy, AdallomCommentary
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
By Tal Klein VP Strategy, Adallom, 3/13/2015
Comment15 comments  |  Read  |  Post a Comment
6 Ways The Sony Hack Changes Everything
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
By John B. Dickson CISSP, Principal, Denim Group, 3/11/2015
Comment5 comments  |  Read  |  Post a Comment
5 Things CISOs Can Learn From The Best GMs In Baseball
Kevin West, CEO & founder, K logixCommentary
A MLB team has many goals and objectives: to win, be profitable, have a solid strategy and understand the people whom they serve. Sound familiar?
By Kevin West CEO & founder, K logix, 3/10/2015
Comment2 comments  |  Read  |  Post a Comment
Which Apps Should You Secure First? Wrong Question.
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
By Jeff Williams CTO, Aspect Security & Contrast Security, 3/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Why Security Awareness Alone Won’t Stop Hackers
Saryu Nayyar, CEO, GuruculCommentary
End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.
By Saryu Nayyar CEO, Gurucul, 3/2/2015
Comment9 comments  |  Read  |  Post a Comment
Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief
Ricky Link, Managing Director, Coalfire Systems, Southwest RegionCommentary
What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.
By Ricky Link Managing Director, Coalfire Systems, Southwest Region, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
From Hacking Systems To Hacking People
Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.
By Larry Ponemon Chairman & Founder, Ponemon Institute, 2/24/2015
Comment8 comments  |  Read  |  Post a Comment
Blackhat, The Movie: Good, Bad & Ridiculous
Jeff Schmidt, Founder & CEO of JAS Global Advisors LLCCommentary
It didn’t take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
By Jeff Schmidt Founder & CEO of JAS Global Advisors LLC, 2/23/2015
Comment2 comments  |  Read  |  Post a Comment
Bridging the Cybersecurity Skills Gap: 3 Big Steps
Michelle Drolet, Founder, TowerwallCommentary
The stakes are high. Establishing clear pathways into the industry, standardizing jobs, and assessing skills will require industry-wide consensus and earnest collaboration.
By Michelle Drolet Founder, Towerwall, 2/9/2015
Comment4 comments  |  Read  |  Post a Comment
Shifting Paradigms: The Case for Cyber Counter-Intelligence
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
Cyber Counter-Intelligence and traditional information security share many aspects. But CCI picks up where infosec ends -- with an emphasis on governance, automation, timeliness, and reporting.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 2/4/2015
Comment2 comments  |  Read  |  Post a Comment
RSA's Coviello To Retire Due To Health Reasons
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Amit Yoran to assume RSA executive's duties.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/4/2015
Comment0 comments  |  Read  |  Post a Comment
3 Disturbing New Trends in Vulnerability Disclosure
Sara Peters, Senior Editor at Dark ReadingNews
Who's winning and who's losing the battle of the bugs? While security pros and software companies fight amongst themselves, it looks like black hats are winning and users are losing.
By Sara Peters Senior Editor at Dark Reading, 2/3/2015
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0279
Published: 2015-03-26
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

CVE-2015-0635
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device an...

CVE-2015-0636
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine,...

CVE-2015-0637
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315.

CVE-2015-0638
Published: 2015-03-26
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.