Operations
News & Commentary
10 Critical Steps to Create a Culture of Cybersecurity
Edward J. McAndrew, Partner & Co-Chair, Privacy & Data Security  Group, Ballard Spahr LLP, Faculty Member of the Compliance, Governance &  Oversight CouncilCommentary
Businesses are more vulnerable than they need to be. Here's what you should do about it.
By Edward J. McAndrew Partner & Co-Chair, Privacy & Data Security Group, Ballard Spahr LLP, Faculty Member of the Compliance, Governance & Oversight Council, 7/26/2017
Comment0 comments  |  Read  |  Post a Comment
How 'Postcript' Exploits Networked Printers
Dawn Kawamoto, Associate Editor, Dark ReadingNews
At Black Hat 2017, a university researcher will demo how attackers can drill into networked printers by way of the ubiquitous PostScript programming language.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
How Women Can Raise Their Profile within the Cybersecurity Industry
Jodie Nel, Event Organizer, Cyber Security Event SeriesCommentary
Closing the cybersecurity gender gap won't happen overnight, but women can take can take steps to begin leveling the playing field.
By Jodie Nel Event Organizer, Cyber Security Event Series, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
Ericka Chickowski, Contributing Writer, Dark Reading
Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/24/2017
Comment0 comments  |  Read  |  Post a Comment
Majority of Security Pros Let Productivity Trump Security
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A survey found that 64% of IT security professionals will tweak security to give workers more flexibility to be productive when asked to make that move by top executives.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/24/2017
Comment8 comments  |  Read  |  Post a Comment
DevOps & Security: Butting Heads for Years but Integration is Happening
Zeus Kerravala, Founder and Principal Analyst, ZK ResearchCommentary
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
By Zeus Kerravala Founder and Principal Analyst, ZK Research, 7/20/2017
Comment7 comments  |  Read  |  Post a Comment
98% of Companies Favor Integrating Security with DevOps
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A majority of companies are either planning or have launched an integrated DevOps and security team, a new report shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
4 Steps to Securing Citizen-Developed Apps
Mike Lemire, Compliance & Information Security Officer at  Quick BaseCommentary
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
By Mike Lemire Compliance & Information Security Officer at Quick Base, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
New IBM Mainframe Encrypts All the Things
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Next-generation Z series features the elusive goal of full data encryption - from an application, cloud service, or database in transit or at rest.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/17/2017
Comment1 Comment  |  Read  |  Post a Comment
AWS S3 Breaches: What to Do & Why
Rob Enns, VP Engineering, Bracket ComputingCommentary
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
By Rob Enns VP Engineering, Bracket Computing, 7/17/2017
Comment0 comments  |  Read  |  Post a Comment
7 Deadly Sins to Avoid When Mitigating Cyberthreats
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
How digitally savvy organizations can take cyber resilience to a whole new dimension.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/14/2017
Comment0 comments  |  Read  |  Post a Comment
Black Hat to Host Discussion on Diversity
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Panel of diversity pioneers will share their views and firsthand experience on how to make inclusion a priority in security.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/13/2017
Comment5 comments  |  Read  |  Post a Comment
How Security Pros Can Help Protect Patients from Medical Data Theft
Reza Chapman, Managing Director, Cybersecurity, for Accenture's Global  Healthcare BusinessCommentary
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
By Reza Chapman Managing Director, Cybersecurity, for Accenture's Global Healthcare Business, 7/13/2017
Comment0 comments  |  Read  |  Post a Comment
Verizon Suffers Cloud Data Leak Exposing Data on Millions of Customers
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Six million of Verizon's US customers had their personal and account information exposed, including PIN numbers.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/12/2017
Comment6 comments  |  Read  |  Post a Comment
The High Costs of GDPR Compliance
Chris Babel, CEO, TrustArcCommentary
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
By Chris Babel CEO, TrustArc, 7/11/2017
Comment0 comments  |  Read  |  Post a Comment
Desperately Seeking Security: 6 Skills Most In Demand
Ericka Chickowski, Contributing Writer, Dark Reading
When people say there's a security skills gap, this is what they really mean.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/8/2017
Comment4 comments  |  Read  |  Post a Comment
The SOC Is DeadLong Live the SOC
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
New Google Security Controls Tighten Third-Party Data Access
Kelly Sheridan, Associate Editor, Dark ReadingNews
Google adds OAuth app whitelisting to G Suite so admins can vet third-party applications before users can grant them authorized data access.
By Kelly Sheridan Associate Editor, Dark Reading, 7/6/2017
Comment0 comments  |  Read  |  Post a Comment
Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years
Tim Wilson, Editor in Chief, Dark Reading, News
Significant compromises are not just feared, but expected, Black Hat attendees say.
By Tim Wilson, Editor in Chief, Dark Reading , 7/6/2017
Comment4 comments  |  Read  |  Post a Comment
Avoiding the Dark Side of AI-Driven Security Awareness
Tom Pendergast, Chief Strategist, Security, Privacy, & Compliance, MediaProCommentary
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
By Tom Pendergast Chief Strategist, Security, Privacy, & Compliance, MediaPro, 7/5/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: " I think Google Doodle is getting a little out of control"
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.