Operations // Identity & Access Management
News & Commentary
When The Boss Is Your Biggest Security Risk
Mike Tierney, COO, SpectorSoftCommentary
No one possesses more sensitive information in an organization than upper management. So why do companies screen executives on the way in but not on the way out?
By Mike Tierney COO, SpectorSoft, 1/21/2016
Comment9 comments  |  Read  |  Post a Comment
Behavioral Analytics: The Future of Just-in-Time Awareness Training?
Tom Pendergast, Chief Strategist, Security, Privacy, & Compliance, MediaProCommentary
Itís high time we leveraged modern threat detection tools to keep users on the straight and narrow road of information security.
By Tom Pendergast Chief Strategist, Security, Privacy, & Compliance, MediaPro, 1/20/2016
Comment4 comments  |  Read  |  Post a Comment
Security Tech: Itís Not What You Buy, Itís How You Deploy
Simon Gibson,  Fellow Security Architect, GigamonCommentary
Good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts.
By Simon Gibson Fellow Security Architect, Gigamon, 12/21/2015
Comment2 comments  |  Read  |  Post a Comment
Making Security Everyoneís Job, One Carrot At A Time
Lysa Myers, Security Researcher, ESETCommentary
These five user education strategies will turn employee bad behavior into bulletproof policies that protect data and systems.
By Lysa Myers Security Researcher, ESET, 12/14/2015
Comment1 Comment  |  Read  |  Post a Comment
What Flu Season Can Teach Us About Fighting Cyberattacks
Dug Song, CEO, Duo SecurityCommentary
Cybersecurity doesn't have to be an arms race towards complexity if we put people front and center of the solution.
By Dug Song CEO, Duo Security, 11/6/2015
Comment2 comments  |  Read  |  Post a Comment
To Find The Needle, Chop Down the Haystack: 5 Steps For Effective Threat Monitoring
Jeff Schilling, Chief of Operations and Security, ArmorCommentary
Would bank security screen everyone entering the building then leave the vault door open with no one watching the money? Of course not!
By Jeff Schilling Chief of Operations and Security, Armor, 10/22/2015
Comment1 Comment  |  Read  |  Post a Comment
The Internet of Things: Itís All About Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
As billions of devices come online, it will be critical to protect the keys and certificates we use for authentication, validation, and privileged access control.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 10/16/2015
Comment1 Comment  |  Read  |  Post a Comment
'POODLE' One Year Later: Still Around? Not So Much
Rob Tate, Senior Manager, WhiteHat Security, Threat Research CenterCommentary
As high-severity vulnerabilities go, POODLE remediation rates and times have proven to be astonishingly better than expected.
By Rob Tate Senior Manager, WhiteHat Security, Threat Research Center, 10/14/2015
Comment0 comments  |  Read  |  Post a Comment
Believe It Or Not, Millennials Do Care About Privacy, Security
Sara Peters, Senior Editor at Dark ReadingNews
80% say it is vitally or very important that PII, financial, and/or medical data be shared only with authorized parties
By Sara Peters Senior Editor at Dark Reading, 10/13/2015
Comment1 Comment  |  Read  |  Post a Comment
Dell Acquisition of EMC Has Big Cybersecurity Implications
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The devil will be in the details, but if company cooks up a winning integration strategy to combine the likes of SecureWorks and RSA, it is poised to become a major cybersecurity player.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/12/2015
Comment0 comments  |  Read  |  Post a Comment
Chipping Away At Credit Card Fraud With EMV
Deborah Baxley, Principal, Cards & Payments, Capgemini Financial ServicesCommentary
As of October 1, so-called chip-and-pin technology is now the law of the land for electronic payments in the US. But itís not the silver bullet that will instantly stop all cybercrime.
By Deborah Baxley Principal, Cards & Payments, Capgemini Financial Services, 10/8/2015
Comment1 Comment  |  Read  |  Post a Comment
Insider Threats, Data Privacy Are Overlooked By Businesses
William Terdoslavich, Freelance WriterNews
Data security and data breaches are all over the news. However, not all companies are paying as close attention to insider threats and data privacy as they should. A new survey looks at the risks.
By William Terdoslavich Freelance Writer, 10/2/2015
Comment2 comments  |  Read  |  Post a Comment
10 Password Managers For Business Use
Sara Peters, Senior Editor at Dark Reading
Beyond helping end users keep track of their logins, some password managers can integrate with Active Directory and generate compliance reports.
By Sara Peters Senior Editor at Dark Reading, 9/28/2015
Comment3 comments  |  Read  |  Post a Comment
4 IoT Cybersecurity Issues You Never Thought About
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things.
By Marilyn Cohodas Community Editor, Dark Reading, 9/24/2015
Comment2 comments  |  Read  |  Post a Comment
Visibility: The Key To Security In The Cloud
Amrit Williams, CTO, CloudPassageCommentary
You canít secure what you canít see. These five best practices will shed some light on how to protect your data from the ground up.
By Amrit Williams CTO, CloudPassage, 9/18/2015
Comment2 comments  |  Read  |  Post a Comment
Why Everybody Loves (And Hates) Security
Sergio Galindo, GM, GFI SoftwareCommentary
Even security professionals hate security. So why do we all harbor so much dislike for something we need so much? And what can we do about it?
By Sergio Galindo GM, GFI Software, 9/9/2015
Comment2 comments  |  Read  |  Post a Comment
Making The Security Case For A Software-Defined Perimeter
Kurt A. Mueffelmann, President & CEO, CryptzoneCommentary
With SDP, organizations can create an 'invisible' infrastructure that only authorized users and devices can access. Hereís why itís time has come.
By Kurt A. Mueffelmann President & CEO, Cryptzone, 8/18/2015
Comment0 comments  |  Read  |  Post a Comment
New SMB Relay Attack Steals User Credentials Over Internet
Fahmida Y. Rashid, Contributing Editor, Dark ReadingNews
Researchers found a twist to an older vulnerability that lets them launch SMB relay attacks from the Internet.
By Fahmida Y. Rashid Contributing Editor, Dark Reading, 8/5/2015
Comment0 comments  |  Read  |  Post a Comment
Smartwatches Could Become New Frontier for Cyber Attackers
Jai Vijayan, Freelance writerNews
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
By Jai Vijayan Freelance writer, 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Mobile App Security: 4 Critical Issues
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 7/17/2015
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: nice one good
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.