Operations

News & Commentary
6 Steps for Applying Data Science to Security
Steve Zurier, Freelance Writer
Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.
By Steve Zurier Freelance Writer, 5/23/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Battle Against Banks' Incident Response
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
'Filess' attacks account for more than half of successful breaches of bank networks, new data shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Marc French, Senior VP, Chief Trust Officer & Data Protection Officer, MimecastCommentary
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
By Marc French Senior VP, Chief Trust Officer & Data Protection Officer, Mimecast, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
The State of Information Sharing 20 Years after the First White House Mandate
Paul Kurtz, CEO & Cofounder, TruSTAR TechnologyCommentary
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
By Paul Kurtz CEO & Cofounder, TruSTAR Technology, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
New BIND Vulnerabilities Threaten DNS Availability
Dark Reading Staff, Quick Hits
A pair of vulnerabilities in BIND could leave some organizations without DNS.
By Dark Reading Staff , 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, CybereasonCommentary
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
By Lital Asher-Dotan Senior Director, Security Research and Content, Cybereason, 5/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Boosting Security Effectiveness with 'Adjuvants'
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrustCommentary
It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.
By John De Santis CEO, HyTrust, 5/16/2018
Comment7 comments  |  Read  |  Post a Comment
Taming the Chaos of Application Security: 'We Built an App for That'
Caleb Sima, Founder, Badkode VenturesCommentary
Want to improve the state of secure software coding? Hide the complexity from developers.
By Caleb Sima Founder, Badkode Ventures, 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
20 Signs You Are Heading for a Retention Problem
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 5/9/2018
Comment3 comments  |  Read  |  Post a Comment
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Peter Merkulov, Chief Technology Officer, GlobalscapeCommentary
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
By Peter Merkulov Chief Technology Officer, Globalscape, 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
6 Enterprise Password Managers That Lighten the Load for Security
Steve Zurier, Freelance Writer
EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.
By Steve Zurier Freelance Writer, 5/3/2018
Comment2 comments  |  Read  |  Post a Comment
Automation Exacerbates Cybersecurity Skills Gap
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Three out of four security pros say the more automated AI products they bring in, the harder it is to find trained staff to run the tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/2/2018
Comment1 Comment  |  Read  |  Post a Comment
Spring Clean Your Security Systems: 6 Places to Start
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 5/2/2018
Comment0 comments  |  Read  |  Post a Comment
Breaches Drive Consumer Stress over Cybersecurity
Kelly Sheridan, Staff Editor, Dark ReadingNews
As major data breaches make headlines, consumers are increasingly worried about cyberattacks, password management, and data security.
By Kelly Sheridan Staff Editor, Dark Reading, 5/2/2018
Comment0 comments  |  Read  |  Post a Comment
Are You Protecting Your DevOps Software 'Factory'?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New study highlights insecurities in DevOps toolchain implementations.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/1/2018
Comment2 comments  |  Read  |  Post a Comment
'Zero Login:' The Rise of Invisible Identity
Sarah Squire, Senior Technical Architect at Ping IdentityCommentary
Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?
By Sarah Squire Senior Technical Architect at Ping Identity, 4/27/2018
Comment1 Comment  |  Read  |  Post a Comment
Routing Security Gets Boost with New Set of MANRS for IXPs
Dark Reading Staff, Quick Hits
The Internet Society debuts a new mutually agreed norms initiative for IXPs.
By Dark Reading Staff , 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
12 Trends Shaping Identity Management
Sara Peters, Senior Editor at Dark Reading
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
By Sara Peters Senior Editor at Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVE-2018-6411
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.