Careers & People
News & Commentary
Health IT & Cybersecurity: 5 Hiring Misconceptions to Avoid
Clyde Hewitt, Vice President, Security Strategy, CynergisTekCommentary
Why healthcare organizations need a good strategy to find talent, or get left behind.
By Clyde Hewitt Vice President, Security Strategy, CynergisTek, 9/22/2017
Comment0 comments  |  Read  |  Post a Comment
GDPR & the Rise of the Automated Data Protection Officer
Terry Ray, Chief Technology Officer, ImpervaCommentary
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
By Terry Ray Chief Technology Officer, Imperva, 9/19/2017
Comment0 comments  |  Read  |  Post a Comment
5 Problems That Keep CISOs Awake at Night
Joshua Douglas, Chief Strategy Officer, RaytheonCommentary
The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.
By Joshua Douglas Chief Strategy Officer, Raytheon, 9/13/2017
Comment0 comments  |  Read  |  Post a Comment
20 Questions to Help Achieve Security Program Goals
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 9/13/2017
Comment0 comments  |  Read  |  Post a Comment
Why InfoSec Hiring Managers Miss the Oasis in the Desert
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Despite a sharp shortage of IT security professionals, a pool of potential talent is swimming below the surface.
By Dawn Kawamoto Associate Editor, Dark Reading, 9/13/2017
Comment0 comments  |  Read  |  Post a Comment
The 'Team of Teams' Model for Cybersecurity
Matthew Doan and Gary Barnabo, Commerical Cyber  Strategists, Booz Allen HamiltonCommentary
Security leaders can learn some valuable lessons from a real-life military model.
By Matthew Doan and Gary Barnabo Commerical Cyber Strategists, Booz Allen Hamilton, 9/12/2017
Comment0 comments  |  Read  |  Post a Comment
How to Use Purple Teaming for Smarter SOCs
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Justin Harvey explains why the standard blue team vs. red team can be improved upon, and provides tips on doing purple teaming right.
By Sara Peters Senior Editor at Dark Reading, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Assistant US Attorney Norman Barbosa visits the Dark Reading News Desk to discuss details of the credit card hacking case that led to an unprecedented 27-year prison sentence.
By Sara Peters Senior Editor at Dark Reading, 9/6/2017
Comment0 comments  |  Read  |  Post a Comment
Workplace IoT Puts Companies on Notice for Smarter Security
Robert Clyde, CISM, Vice-Chair of ISACA Board of Directors, Executive Chair of White Cloud Security and Executive Advisor to BullGuard SoftwareCommentary
Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.
By Robert Clyde CISM, Vice-Chair of ISACA Board of Directors, Executive Chair of White Cloud Security and Executive Advisor to BullGuard Software, 9/6/2017
Comment0 comments  |  Read  |  Post a Comment
3 Ways AI Could Help Resolve the Cybersecurity Talent Crisis
Todd Thibodeaux, President & CEO, CompTIACommentary
There's no escaping the fact that there's a skills shortage, and companies aren't doing enough to cultivate talent. AI could relieve some of the pressure.
By Todd Thibodeaux President & CEO, CompTIA, 9/5/2017
Comment1 Comment  |  Read  |  Post a Comment
To Improve Diversity, 'Have the Uncomfortable Conversations'
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Jules Okafor of Fortress Information Security explains that diversity efforts cannot shy away from discussions of racism and sexism.
By Sara Peters Senior Editor at Dark Reading, 9/5/2017
Comment0 comments  |  Read  |  Post a Comment
Mikko Hypponen's Vision of the Cybersecurity Future
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Twenty years from now, will everything be in the Internet of Things, and if so, how does the security industry need to prepare? F-Secure's chief research officer weighs in on this and what else the future promises (and threatens).
By Sara Peters Senior Editor at Dark Reading, 9/4/2017
Comment2 comments  |  Read  |  Post a Comment
How Effective Boards Drive Security Mandates
Dottie Schindlinger, VP and Governance Technology Evangelist  at DiligentCommentary
The focus on cybersecurity policies must be prioritized from the top down.
By Dottie Schindlinger VP and Governance Technology Evangelist at Diligent, 9/1/2017
Comment0 comments  |  Read  |  Post a Comment
Hacking the Security Job Application Process
Drew Fearson, CEO, NinjaJobsCommentary
Simple advice to help job seekers dig out of the black hole of recruiter and employer hiring portals.
By Drew Fearson CEO, NinjaJobs, 8/30/2017
Comment1 Comment  |  Read  |  Post a Comment
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.
By Sara Peters Senior Editor at Dark Reading, 8/29/2017
Comment1 Comment  |  Read  |  Post a Comment
FTC to Issue Refunds Following Tech Support Scam
Dark Reading Staff, Quick Hits
The Federal Trade Commision will issue partial refunds to victims of a scheme that deceived hundreds of thousands of people.
By Dark Reading Staff , 8/29/2017
Comment1 Comment  |  Read  |  Post a Comment
New York's Historic FinSec Regulation Covers DDoS, Not Just Data
Sara Peters, Senior Editor at Dark ReadingNews
Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.
By Sara Peters Senior Editor at Dark Reading, 8/28/2017
Comment1 Comment  |  Read  |  Post a Comment
A Call for New Voices on the Security Conference Circuit
Lysa Myers, Security Researcher, ESETCommentary
If the mere idea of talking in public makes you want to hide in a bathroom stall with a stuffed bobcat, think again.
By Lysa Myers Security Researcher, ESET, 8/25/2017
Comment4 comments  |  Read  |  Post a Comment
The Changing Face & Reach of Bug Bounties
Vincent Liu, Partner, Bishop FoxCommentary
HackerOne CEO Mrten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
By Vincent Liu Partner, Bishop Fox, 8/23/2017
Comment1 Comment  |  Read  |  Post a Comment
Why Most Security Awareness Training Fails (And What To Do About It)
Tim Wilson, Editor in Chief, Dark Reading, CommentaryVideo
Arun Vishwanath discusses why awareness training shouldn't apply the same cure to every ailment then blame the patient when the treatment doesn't work.
By Tim Wilson, Editor in Chief, Dark Reading , 8/22/2017
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
To Be Ready for the Security Future, Pay Attention to the Security Past
Liz Maida, Co-founder, CEO & CTO, Uplevel Security,  9/18/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Jan, check this out! I found an unhackable PC.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.