Careers & People
News & Commentary
DevOps & Security: Butting Heads for Years but Integration is Happening
Zeus Kerravala, Founder and Principal Analyst, ZK ResearchCommentary
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
By Zeus Kerravala Founder and Principal Analyst, ZK Research, 7/20/2017
Comment5 comments  |  Read  |  Post a Comment
Profile of a Hacker: The Real Sabu
David Holmes, World-Wide Security Evangelist, F5
There are multiple stories about how the capture of the infamous Anonymous leader Sabu went down. Heres one, and another about what he is doing today.
By David Holmes World-Wide Security Evangelist, F5, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
7 Deadly Sins to Avoid When Mitigating Cyberthreats
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
How digitally savvy organizations can take cyber resilience to a whole new dimension.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/14/2017
Comment0 comments  |  Read  |  Post a Comment
Black Hat to Host Discussion on Diversity
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Panel of diversity pioneers will share their views and firsthand experience on how to make inclusion a priority in security.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/13/2017
Comment5 comments  |  Read  |  Post a Comment
Majority of IT Security Professionals Work Weekends
Dark Reading Staff, Quick Hits
A survey finds that 57% of IT security professionals work weekends, and most say they still find their jobs rewarding.
By Dark Reading Staff , 7/12/2017
Comment0 comments  |  Read  |  Post a Comment
Desperately Seeking Security: 6 Skills Most In Demand
Ericka Chickowski, Contributing Writer, Dark Reading
When people say there's a security skills gap, this is what they really mean.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/8/2017
Comment4 comments  |  Read  |  Post a Comment
The SOC Is DeadLong Live the SOC
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years
Tim Wilson, Editor in Chief, Dark Reading, News
Significant compromises are not just feared, but expected, Black Hat attendees say.
By Tim Wilson, Editor in Chief, Dark Reading , 7/6/2017
Comment4 comments  |  Read  |  Post a Comment
Security Experts & Hackers: We're Not So Different
Tim Prendergast, Founder & CEO, Evident.io
Using the similarities among hackers and security programmers can be an advantage.
By Tim Prendergast Founder & CEO, Evident.io, 7/6/2017
Comment0 comments  |  Read  |  Post a Comment
Avoiding the Dark Side of AI-Driven Security Awareness
Tom Pendergast, Chief Strategist, Security, Privacy, & Compliance, MediaProCommentary
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
By Tom Pendergast Chief Strategist, Security, Privacy, & Compliance, MediaPro, 7/5/2017
Comment0 comments  |  Read  |  Post a Comment
Defining Security: The Difference Between Safety & Privacy
Lysa Myers, Security Researcher, ESETCommentary
Words matter, especially if you are making a case for new security measures, state-of-the-art technology or personnel.
By Lysa Myers Security Researcher, ESET, 6/28/2017
Comment1 Comment  |  Read  |  Post a Comment
No-Name Security Incidents Caused as Many Tears as WannaCry, Pros Say
Dark Reading Staff, Quick Hits
Half of security pros say they've worked just as frantically this year to fix other incidents that the public never heard about.
By Dark Reading Staff , 6/27/2017
Comment1 Comment  |  Read  |  Post a Comment
Two Arrested for Microsoft Network Intrusion
Dark Reading Staff, Quick Hits
UK authorities arrest two men for allegedly breaking into Microsoft's network with the intent to steal customer data from the software giant.
By Dark Reading Staff , 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
KPMG: Cybersecurity Has Reached a Tipping Point from Tech to CEO Business Issue
Tony Buffomante, KPMG, U.S. Cyber Security Services LeaderCommentary
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
By Tony Buffomante KPMG, U.S. Cyber Security Services Leader, 6/22/2017
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading INsecurity Conference Registration Now Open
Tim Wilson, Editor in Chief, Dark Reading, Commentary
November event will focus on attendee interaction, "blue team" best practices.
By Tim Wilson, Editor in Chief, Dark Reading , 6/21/2017
Comment4 comments  |  Read  |  Post a Comment
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
Thomas Jones, Federal Systems Engineer at Bay DynamicsCommentary
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
By Thomas Jones Federal Systems Engineer at Bay Dynamics, 6/20/2017
Comment0 comments  |  Read  |  Post a Comment
Lack of Experience Biggest Obstacle for InfoSec Career
Dark Reading Staff, Quick Hits
A majority of wanna-be infosec professionals find they need more experience to be a contender to enter this career, according to a recent Tripwire poll.
By Dark Reading Staff , 6/16/2017
Comment3 comments  |  Read  |  Post a Comment
By the Numbers: Parsing the Cybersecurity Challenge
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Why your CEO should rethink company security priorities in the drive for digital business growth.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/14/2017
Comment3 comments  |  Read  |  Post a Comment
From Reporter to Private Investigator to Security Engineer
Tad Whitaker, Security Engineer, CircleCICommentary
How I fell in love with coding and traded in a camera-rigged Prius for a MacBook and a GitHub account.
By Tad Whitaker Security Engineer, CircleCI, 6/8/2017
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Faces 1.8 Million Worker Shortfall By 2022
Dawn Kawamoto, Associate Editor, Dark ReadingNews
(ISC)2 report shows the skills shortage is getting worse.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/7/2017
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Lacework
Current Conversations Well said. 
In reply to: Re: security adoption
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.