Careers & People
News & Commentary
Perceptions Of IT Risk Changing In Business Ranks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Business leaders increasingly see IT risk as huge, but policy making and visibility still lag.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/12/2016
Comment0 comments  |  Read  |  Post a Comment
The Phishie Awards: (Dis)Honoring The Best Of The Worst Phishing Attacks
Sara Peters, Senior Editor at Dark Reading
From the costly to the clever to the just plain creepy, here are the recent phishing campaigns that have earned our reluctant recognition.
By Sara Peters Senior Editor at Dark Reading, 2/10/2016
Comment3 comments  |  Read  |  Post a Comment
Is The Cybersecurity Bubble About To Burst?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Cybersecurity stocks are way down in 2016 so far, but venture capital money still flows.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/10/2016
Comment5 comments  |  Read  |  Post a Comment
Monday Morning Quarterbacking Super Bowl 50: Infosec Edition
Tim Helming, Director of Product Management, DomainToolsCommentary
How to coach your team to victory in the battle to protect corporate data and intellectual property. After all, there’s a lot riding on your game, too.
By Tim Helming Director of Product Management, DomainTools, 2/8/2016
Comment1 Comment  |  Read  |  Post a Comment
New Kid On The Block: Cyber Threat Analyst
Bob G. Stasio, Senior Product Manager, Cyber Analysis, IBMCommentary
Drawing from the financial service industry, this new role uses the “art of the intelligence cycle” to drive efficiency in the security operations center.
By Bob G. Stasio Senior Product Manager, Cyber Analysis, IBM, 2/4/2016
Comment0 comments  |  Read  |  Post a Comment
EU, US Agree On New Data Transfer Pact, But Will It Hold?
Sara Peters, Senior Editor at Dark ReadingNews
So long Safe Harbor, hello 'Privacy Shield.'
By Sara Peters Senior Editor at Dark Reading, 2/2/2016
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Talent You Seek May Be In-House
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
IT staff in many cases are already performing security-related work -- with proper training, they could be converted to the security team.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 2/1/2016
Comment1 Comment  |  Read  |  Post a Comment
Cloud Security: It’s Become A People Problem
Kaushik Narayan, Co-Founder and CTO at Skyhigh NetworksCommentary
Now that the cloud is becoming secure enough for sensitive data, are cloud customers ready to hold up their end of a shared liability model?
By Kaushik Narayan Co-Founder and CTO at Skyhigh Networks, 1/29/2016
Comment1 Comment  |  Read  |  Post a Comment
Why InfoSec Pros Should Keep A Close Eye On Cyber Efficiency
Scott Montgomery , VP and CTO-Americas & Public Sector, Intel Security
No organization will ever be impervious to breaches, but efficient organizations can lower their overall spend.
By Scott Montgomery VP and CTO-Americas & Public Sector, Intel Security, 1/28/2016
Comment1 Comment  |  Read  |  Post a Comment
Careers in InfoSec: Don’t Be Fooled By The Credential Alphabet
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Analytical skills, work ethic, an ability to overcome obstacles, and a natural drive to solve problems are the critical hiring factors in today’s tight job market.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 1/27/2016
Comment7 comments  |  Read  |  Post a Comment
Why Cybersecurity Certifications Matter -- Or Not
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Job candidates with a certification make more money, but there's more to the equation for cybersecurity professionals.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 1/26/2016
Comment5 comments  |  Read  |  Post a Comment
When The Boss Is Your Biggest Security Risk
Mike Tierney, COO, SpectorSoftCommentary
No one possesses more sensitive information in an organization than upper management. So why do companies screen executives on the way in but not on the way out?
By Mike Tierney COO, SpectorSoft, 1/21/2016
Comment9 comments  |  Read  |  Post a Comment
HD Moore To Depart Rapid7 For New Venture Capital Gig
Dark Reading Staff, Quick Hits
Behavioral Analytics: The Future of Just-in-Time Awareness Training?
Tom Pendergast, Chief Strategist, Security, Privacy, & Compliance, MediaProCommentary
It’s high time we leveraged modern threat detection tools to keep users on the straight and narrow road of information security.
By Tom Pendergast Chief Strategist, Security, Privacy, & Compliance, MediaPro, 1/20/2016
Comment4 comments  |  Read  |  Post a Comment
Dark Reading Radio: A New Job Description For the CISO
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
As cyberattacks grow and evolve, so too has the role of the chief information security officer. Fascinating discussion on key trends and challenges.
By Marilyn Cohodas Community Editor, Dark Reading, 1/19/2016
Comment0 comments  |  Read  |  Post a Comment
The Internet of Private ‘Things:’ 7 Privacy Missteps
James Kane, Cofounder, Two Bulls
A cautionary tale about the rules of ‘Privacy by Design’ and seven IoT companies that broke them in recent years.
By James Kane Cofounder, Two Bulls, 1/15/2016
Comment1 Comment  |  Read  |  Post a Comment
83% of InfoSec Pros Think (Another) Successful Cyberattack On Critical Infrastructure Likely In 2016
Sara Peters, Senior Editor at Dark ReadingNews
ISACA survey finds that a majority of cybersecurity professionals feel privacy is being compromised in effort to create stronger security regulation.
By Sara Peters Senior Editor at Dark Reading, 1/11/2016
Comment3 comments  |  Read  |  Post a Comment
Four Tips For Enabling Better Collaboration On Security Programs
Jai Vijayan, Freelance writerNews
It’s not really about whether the CISO or CIO is in charge. It’s about making someone accountable for security that’s really critical
By Jai Vijayan Freelance writer, 1/10/2016
Comment0 comments  |  Read  |  Post a Comment
How To Convince Management You Need More People
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
CISOs stand a better chance of getting the resources they need if they establish proper performance metrics that show how information security supports and benefits business objectives and opportunities.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 1/7/2016
Comment0 comments  |  Read  |  Post a Comment
The Matrix Reloaded: Security Goals v. Operational Requirements
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Building a matrix that measures people, process, and technology against security goals is a proven method for reducing risk in an organization. Here’s how.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 1/7/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: nice one good
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.