News & Commentary
Siemens' New ICS/SCADA Security Service a Sign of the Times
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/19/2017
Comment1 Comment  |  Read  |  Post a Comment
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Shimrit Tzur-David, CTO & Co-founder, Secret Double OctopusCommentary
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
By Shimrit Tzur-David CTO & Co-founder, Secret Double Octopus, 9/19/2017
Comment0 comments  |  Read  |  Post a Comment
Encryption: A New Boundary for Distributed Infrastructure
Rob Enns, VP Engineering, Bracket ComputingCommentary
As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?
By Rob Enns VP Engineering, Bracket Computing, 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
Deception: A Convincing New Approach to Cyber Defense
Ofer Israeli, CEO & Founder, illusive networksCommentary
How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.
By Ofer Israeli CEO & Founder, illusive networks, 9/12/2017
Comment0 comments  |  Read  |  Post a Comment
Paul Vixie: How CISOs Can Use DNS to Up Security
Tim Wilson, Editor in Chief, Dark Reading, CommentaryVideo
FarSight CEO and DNS master Paul Vixie explains how enterprises, not just telecoms and infrastructure providers, can use DNS to improve cybersecurity.
By Tim Wilson, Editor in Chief, Dark Reading , 9/11/2017
Comment0 comments  |  Read  |  Post a Comment
Juniper Networks to Buy Cyphort for Threat Detection
Dark Reading Staff, Quick Hits
Company will integrate Cyphort into its Sky ATP platform to support more file types, and offer on- and off-premise support, analytics, and improved malware detection.
By Dark Reading Staff , 9/1/2017
Comment0 comments  |  Read  |  Post a Comment
IoTCandyJar: A HoneyPot for any IoT Device
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
By Sara Peters Senior Editor at Dark Reading, 8/29/2017
Comment0 comments  |  Read  |  Post a Comment
Forcepoint Snaps Up RedOwl
Dark Reading Staff, Quick Hits
The acquisition aims to bolster Forcepoint's behavioral analytics offerings.
By Dark Reading Staff , 8/28/2017
Comment0 comments  |  Read  |  Post a Comment
The Pitfalls of Cyber Insurance
Chris McDaniels, Chief Information Security Officer of Mosaic451Commentary
Cyber insurance is 'promising' but it won't totally protect your company against hacks.
By Chris McDaniels Chief Information Security Officer of Mosaic451, 8/21/2017
Comment6 comments  |  Read  |  Post a Comment
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment10 comments  |  Read  |  Post a Comment
Zero-Day Exploit Surfaces that May Affect Millions of IoT Users
Dark Reading Staff, Quick Hits
A zero-day vulnerability dubbed Devil's Ivy is discovered in a widely used third-party toolkit called gSOAP.
By Dark Reading Staff , 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
How Active Intrusion Detection Can Seek and Block Attacks
Kelly Sheridan, Associate Editor, Dark ReadingNews
Researchers at Black Hat USA will demonstrate how active intrusion detection strategies can help administrators detect hackers who are overly reliant on popular attack tools and techniques.
By Kelly Sheridan Associate Editor, Dark Reading, 7/12/2017
Comment0 comments  |  Read  |  Post a Comment
The SOC Is DeadLong Live the SOC
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
Hacking the State of the ISIS Cyber Caliphate
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers say Islamic State's United Cyber Caliphate remains in its infancy when it comes to cyberattack expertise.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/6/2017
Comment0 comments  |  Read  |  Post a Comment
Avoiding the Dark Side of AI-Driven Security Awareness
Tom Pendergast, Chief Strategist, Security, Privacy, & Compliance, MediaProCommentary
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
By Tom Pendergast Chief Strategist, Security, Privacy, & Compliance, MediaPro, 7/5/2017
Comment0 comments  |  Read  |  Post a Comment
Why Enterprise Security Needs a New Focus
Kirsten Bay, President and CEO, Cyber adAPTCommentary
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
By Kirsten Bay President and CEO, Cyber adAPT, 6/29/2017
Comment7 comments  |  Read  |  Post a Comment
Defining Security: The Difference Between Safety & Privacy
Lysa Myers, Security Researcher, ESETCommentary
Words matter, especially if you are making a case for new security measures, state-of-the-art technology or personnel.
By Lysa Myers Security Researcher, ESET, 6/28/2017
Comment1 Comment  |  Read  |  Post a Comment
WannaCry Blame Game: Why Delayed Patching is Not the Problem
T. Frank Downs, Senior Manager, Cyber/Information Security, ISACACommentary
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
By T. Frank Downs Senior Manager, Cyber/Information Security, ISACA, 6/27/2017
Comment0 comments  |  Read  |  Post a Comment
Recovering from Bad Decisions in the Cloud
Jeff Schilling, Chief Security Officer, ArmorCommentary
The cloud makes it much easier to make changes to security controls than in traditional networks.
By Jeff Schilling Chief Security Officer, Armor, 6/26/2017
Comment1 Comment  |  Read  |  Post a Comment
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Eric Thomas, Director of Solutions Architecture, ExtraHopCommentary
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
By Eric Thomas Director of Solutions Architecture, ExtraHop, 6/22/2017
Comment10 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
Get Serious about IoT Security
Derek Manky, Global Security Strategist, Fortinet,  9/20/2017
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.