News & Commentary
To Gain Influence, CISOs Must Get Security's Human Element Right
Rocco Grillo, Cyber Resilience Leader at Stroz FriedbergCommentary
Focusing on certain elements of security in isolation can cause a false sense of security.
By Rocco Grillo Cyber Resilience Leader at Stroz Friedberg, 3/29/2017
Comment1 Comment  |  Read  |  Post a Comment
Getting Beyond the Buzz & Hype of Threat Hunting
Kyle Wilhoit, Senior Security Researcher, DomainToolsCommentary
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it wont happen overnight.
By Kyle Wilhoit Senior Security Researcher, DomainTools, 3/20/2017
Comment0 comments  |  Read  |  Post a Comment
New Wave of Security Acquisitions Signals Start of Consolidation Trend
Steve Zurier, Freelance Writer
A dozen recent high-profile deals reflect cybersecurity vendors' hopes of expanding their offerings with next-generation technology, ideas, and talent.
By Steve Zurier Freelance Writer, 3/20/2017
Comment0 comments  |  Read  |  Post a Comment
Ethical Hacking: The Most Important Job No One Talks About
Amit Ashbel, Cybersecurity Evangelist at CheckmarxCommentary
If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.
By Amit Ashbel Cybersecurity Evangelist at Checkmarx, 3/16/2017
Comment4 comments  |  Read  |  Post a Comment
Trust Begins With Layer 1 Encryption
Hector Menendez, Product Marketing Manager, IP/Optical Networks, NokiaCommentary
In todays distributed environment, cloud and communication service providers can play a key role in providing organizations with a scalable and secure platform for the connection of everything to everything. Heres how.
By Hector Menendez Product Marketing Manager, IP/Optical Networks, Nokia, 3/15/2017
Comment0 comments  |  Read  |  Post a Comment
What Your SecOps Team Can (and Should) Do
Chris Crowley, Independent Consultant at Montance, LLCCommentary
If your organization has all of these pieces in place, congratulations!
By Chris Crowley Independent Consultant at Montance, LLC, 3/13/2017
Comment0 comments  |  Read  |  Post a Comment
Mobile (In)security: Dark Reading Cartoon Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Clever word play on mobile ransomware, cloud and the Internet of Things. And the winners are
By Marilyn Cohodas Community Editor, Dark Reading, 3/9/2017
Comment3 comments  |  Read  |  Post a Comment
Securing Todays 'Elastic Attack Surface'
Amit Yoran, Chairman & CEO, Tenable Network SecurityCommentary
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
By Amit Yoran Chairman & CEO, Tenable Network Security, 3/9/2017
Comment1 Comment  |  Read  |  Post a Comment
9 Phishing Lures that Could Hijack your 2017 Tax Refund
Steve Zurier, Freelance Writer
Scammers are taking an aggressive approach to tax season this year, packing attachments and links with banking Trojans, and fairly new strains of ransomware.
By Steve Zurier Freelance Writer, 3/9/2017
Comment0 comments  |  Read  |  Post a Comment
Trust, Cloud & the Quest for a Glass Wall around Security
Stan Black, CSO, CitrixCommentary
In the next year, were going to see a leap towards strategic, business-level objectives that can be resolved by simplifying infrastructure and granting greater visibility in real time.
By Stan Black CSO, Citrix, 3/8/2017
Comment0 comments  |  Read  |  Post a Comment
FTC Report Highlights Low DMARC Adoption
Kelly Sheridan, Associate Editor, InformationWeekNews
New Federal Trade Commission research discovers most online businesses employ email authentication, but few use DMARC to combat phishing.
By Kelly Sheridan Associate Editor, InformationWeek, 3/6/2017
Comment0 comments  |  Read  |  Post a Comment
7 Hot Security Terms (and Buzzwords) to Know
Terry Sweeney, Contributing Editor
How the security industry has a conversation with itself is constantly changing and the latest terms as well as buzzwords point us to where the technology is heading.
By Terry Sweeney Contributing Editor, 3/6/2017
Comment5 comments  |  Read  |  Post a Comment
Palo Alto Networks Acquires LightCyber
Dark Reading Staff, Quick Hits
Company will integrate LightCyber technology into its Next-Generation Security Platform.
By Dark Reading Staff , 3/1/2017
Comment0 comments  |  Read  |  Post a Comment
Tunneling Through The "Walls" Of IoT In The Enterprise
Jose Nazario, Director of Security Research at FastlyCommentary
The movie "Die Hard" has a thing or two to teach us about the pitfalls of the Internet of Things.
By Jose Nazario Director of Security Research at Fastly, 2/22/2017
Comment1 Comment  |  Read  |  Post a Comment
Why We Need To Reinvent How We Catalogue Malware
Paul Shomo,  Technical Manager Strategic Partnerships, Guidance SoftwareCommentary
One obvious trend: crimeware technologies that come with simple user consoles and functionality to create unique binaries at the click of a button.
By Paul Shomo Technical Manager Strategic Partnerships, Guidance Software, 2/22/2017
Comment1 Comment  |  Read  |  Post a Comment
IoT Security: A Ways To Go, But Some Interim Steps For Safety
Terry Sweeney, Contributing EditorNews
The Internet of Things remains vulnerable to botnets and malware, but Cisco's Anthony Grieco offers some tips to keep networks and users more secure
By Terry Sweeney Contributing Editor, 2/15/2017
Comment0 comments  |  Read  |  Post a Comment
Verizon Data Breach Digest Triangulates Humanity Inside Security
Terry Sweeney, Contributing EditorNews
The 99-page report breaks out 16 different attack scenarios and specifies the target, sophistication level, attributes, and attack patterns, along with their times to discovery and containment.
By Terry Sweeney Contributing Editor, 2/13/2017
Comment4 comments  |  Read  |  Post a Comment
How Cybercriminals Turn Employees Into Rogue Insiders
Kelly Sheridan, Associate Editor, InformationWeekNews
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
By Kelly Sheridan Associate Editor, InformationWeek, 1/31/2017
Comment2 comments  |  Read  |  Post a Comment
How I Would Hack Your Network (If I Woke Up Evil)
John Strand, SANS Senior Instructor & Owner, Black Hills Information SecurityCommentary
How would an attacker target your company? Here's a first-person account of what might happen.
By John Strand SANS Senior Instructor & Owner, Black Hills Information Security, 1/26/2017
Comment23 comments  |  Read  |  Post a Comment
4 Reasons Why You Should Take Ransomware Seriously
Dan Larson,  Technical Director at CrowdStrikeCommentary
The threats keep getting more sophisticated and the stakes keep getting higher. Is your organization ready to meet the challenge?
By Dan Larson Technical Director at CrowdStrike, 1/24/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Shantaram
Current Conversations Thanks, nice thoughts!
In reply to: Re:
Post Your Own Reply
Posted by Shantaram
Current Conversations Nice videos. Thanks!
In reply to:">Re:
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.