Careers & People
News & Commentary
4 Tips For Planning An Effective Security Budget
Rutrell Yasin, Freelance WriterNews
Security budgets start with managers assessing all of their resources and measuring the effectiveness of their security programs for strengths and weaknesses
By Rutrell Yasin Freelance Writer, 4/27/2016
Comment2 comments  |  Read  |  Post a Comment
8 Signs Your Security Culture Lacks Consistency
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Organizations that practice what they preach and match their actions to their words do far better achieving their goals than those that do not. Here's why that matters.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 4/27/2016
Comment0 comments  |  Read  |  Post a Comment
Surviving InfoSec: Digital Crime And Emotional Grime
Lysa Myers, Security Researcher, ESETCommentary
The never ending stream of threats, vulnerabilities, and potential attacks can take its toll on the typical security professional. Here’s how to fight back against the pressure.
By Lysa Myers Security Researcher, ESET, 4/25/2016
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Marks 10th Anniversary With Month Of Special Coverage
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Looking back at the decade in security.
By Tim Wilson Editor in Chief, Dark Reading, 4/25/2016
Comment1 Comment  |  Read  |  Post a Comment
Be Prepared: How Proactivity Improves Cybersecurity Defense
Jason Sachowski, Director, Security Forensics & Civil Investigations, Scotiabank GroupCommentary
These five strategies will help you achieve a state of readiness in a landscape of unpredictable risk.
By Jason Sachowski Director, Security Forensics & Civil Investigations, Scotiabank Group, 4/23/2016
Comment2 comments  |  Read  |  Post a Comment
SpyEye Creators Sentenced To Long Prison Terms
Sara Peters, Senior Editor at Dark ReadingNews
FBI found that arrest halted the release of nasty SpyEye 2.0.
By Sara Peters Senior Editor at Dark Reading, 4/21/2016
Comment1 Comment  |  Read  |  Post a Comment
Mea Culpa: Time To Build Security Into Connectivity
Mark Hoover, CEO, Vidder, Inc.Commentary
How those of us who spent decades developing faster, easier, and more scalable networking technology have made the lives of our security counterparts a living hell.
By Mark Hoover CEO, Vidder, Inc., 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
Security Lessons from C-3PO, Former CSO of the Millennium Falcon
Adam Shostack, Founder, Stealth StartupCommentary
The business will take risks. When and how to speak up.
By Adam Shostack Founder, Stealth Startup, 4/21/2016
Comment1 Comment  |  Read  |  Post a Comment
Internal Pen-Testing: Not Just For Compliance Audits Anymore
Jeff Schilling, Chief of Operations and Security, ArmorCommentary
How turning your internal penetration team into a 'Friendly Network Force' can identify and shut down the cracks in your security program.
By Jeff Schilling Chief of Operations and Security, Armor, 4/20/2016
Comment0 comments  |  Read  |  Post a Comment
Device Advice: Keeping Fraudsters From Consumer Info
Gasan Awad, VP, Identity & Fraud Product Management, EquifaxCommentary
Data breaches are the first stop for criminals with intentions to steal personally identifiable information. These tips show how to fight fraud while optimizing the customer experience.
By Gasan Awad VP, Identity & Fraud Product Management, Equifax, 4/19/2016
Comment0 comments  |  Read  |  Post a Comment
9 Years Prison, $1.7 Million Fine For Malicious Insider
Sara Peters, Senior Editor at Dark ReadingNews
Former IT engineer stung for destructive attack on law firm.
By Sara Peters Senior Editor at Dark Reading, 4/18/2016
Comment3 comments  |  Read  |  Post a Comment
10 Things Cyber Insurance Won't Cover
Ericka Chickowski, Contributing Writer, Dark Reading
Cyber insurance policies come with some important caveats to keep in mind.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/14/2016
Comment0 comments  |  Read  |  Post a Comment
Securing the Weakest Link: Insiders
Philip Casesa, CISSP, CSSLP, PMP, Product Development Strategist, (ISC)²Commentary
No longer is a hoodie-wearing malicious hacker the most obvious perpetrator of an inside cyber attack.
By Philip Casesa CISSP, CSSLP, PMP, Product Development Strategist, (ISC)², 4/13/2016
Comment1 Comment  |  Read  |  Post a Comment
Managing The Message Before The Breach
Tom Bowers, Chief Security Strategist, ePlus TechnologiesCommentary
No leader wants to see their company exploited by creative cyber villains. Here’s how CISOs can stay ahead of the game with a strategic plan.
By Tom Bowers Chief Security Strategist, ePlus Technologies, 4/12/2016
Comment0 comments  |  Read  |  Post a Comment
How To Raise Your Salary In Cybersecurity
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
The hot skills most in demand today for jobs: threat intelligence, security software development, cloud, auditing, and big data analysis.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 4/11/2016
Comment0 comments  |  Read  |  Post a Comment
7 Profiles Of Highly Risky Insiders
Bob Hansmann, Director, Security Technologies, ForcepointCommentary
To understand who these insiders are and why they pose a risk, start by looking at the root of the problem.
By Bob Hansmann Director, Security Technologies, Forcepoint, 4/8/2016
Comment1 Comment  |  Read  |  Post a Comment
10 Cybersecurity Twitter Profiles To Watch
Sean Martin, CISSP | President, imsmartin
If you’re responsible for an information security program, check out these influencers to follow.
By Sean Martin CISSP | President, imsmartin, 4/7/2016
Comment3 comments  |  Read  |  Post a Comment
Top US Undergraduate Computer Science Programs Skip Cybersecurity Classes
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New study reveals that none of the top 10 US university computer science and engineering program degrees requires students take a cybersecurity course.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/7/2016
Comment0 comments  |  Read  |  Post a Comment
7 Biggest Trends Bubbling Up For Interop
Ericka Chickowski, Contributing Writer, Dark Reading
CISOs and security leaders will find security is top of mind at Interop, when risk management intersects with some of the biggest themes likely to come out of the show.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/6/2016
Comment0 comments  |  Read  |  Post a Comment
A Day In The Life Of A Security Analyst
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
'The network doesn't lie' and host detection systems are also key tools for the analyst.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 4/4/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Joe Stanganelli
Current Conversations "It's an old BARC-Station."
In reply to: Sun Microsystems
Post Your Own Reply
Posted by Joe Stanganelli
Current Conversations "He's an English Pointer-and-Clicker."
In reply to: Breed
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He has no idea what he's doing."
Current Issue
Understanding & Managing the Mobile Security Threat
Mobile devices are increasing IT security risk. Is your enterprise ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join us as Dark Reading editors speak with IT security hiring experts about improving IT career prospects.