News & Commentary
A Proactive Approach To Vulnerability Management: 3 Steps
Kevin Overcash, Director of SpiderLabs North America, TrustwaveCommentary
Having the tools to detect a breach is important, but what if you could prevent the attack from happening in the first place?
By Kevin Overcash Director of SpiderLabs North America, Trustwave, 10/22/2016
Comment0 comments  |  Read  |  Post a Comment
Cyber Training For First Responders To Crime Scene
Dark Reading Staff, Quick Hits
FBI ties up with police association and Carnegie Mellon University to improve working knowledge of cyber investigations.
By Dark Reading Staff , 10/21/2016
Comment0 comments  |  Read  |  Post a Comment
Flipping Security Awareness Training
Stan Black, CSO, CitrixCommentary
Threats can be minimized when teams understand business goals and objectives. These four tips can help turn things around.
By Stan Black CSO, Citrix, 10/21/2016
Comment0 comments  |  Read  |  Post a Comment
US Bank Regulators Draft Rules For Financial Services Cybersecurity
Dark Reading Staff, Quick Hits
Proposed standards will require financial firms to recover from any cyberattack within two hours.
By Dark Reading Staff , 10/20/2016
Comment1 Comment  |  Read  |  Post a Comment
St. Jude Medical Plans Cybersecurity Advisory Panel
Dark Reading Staff, Quick Hits
The medical device maker says committee will work with tech experts and external researchers on issues affecting patient care and safety.
By Dark Reading Staff , 10/19/2016
Comment0 comments  |  Read  |  Post a Comment
How To Become A Cybersecurity Entrepreneur In A Crowded Market
Yoav Leitersdorf and Ofer Schreiber , Managing Partner & Partner, YL VenturesCommentary
If you want to build the next great cybersecurity startup, use your expertise, then follow these three simple suggestions.
By Yoav Leitersdorf and Ofer Schreiber Managing Partner & Partner, YL Ventures, 10/17/2016
Comment1 Comment  |  Read  |  Post a Comment
Encryption: A Backdoor For One Is A Backdoor For All
Joe Levy, Chief Technology Officer, SophosCommentary
We need legislation that allows law enforcement to find criminals and terrorists without eroding our security and privacy.
By Joe Levy Chief Technology Officer, Sophos, 10/14/2016
Comment0 comments  |  Read  |  Post a Comment
Information Security Spending Will Top $101 Billion By 2020
Jai Vijayan, Freelance writerNews
Spending on security services will drive much of the growth, IDC says in new forecast
By Jai Vijayan Freelance writer, 10/13/2016
Comment1 Comment  |  Read  |  Post a Comment
Political Positions On Cybersecurity Matter To Millennials
Steve Zurier, Freelance WriterNews
New study on millennials and cybersecurity points to a growing awareness of the field, an interest in pursuing careers in security, and the influence of cybersecurity in politics.
By Steve Zurier Freelance Writer, 10/12/2016
Comment1 Comment  |  Read  |  Post a Comment
Database Breaches: An Alarming Lack Of Preparedness
John Moynihan, President, Minuteman GovernanceCommentary
It's no secret that databases are fertile ground for malicious activities. Here's how a seven-step process for monitoring known harbingers of an imminent attack can help reduce the risk.
By John Moynihan President, Minuteman Governance, 10/10/2016
Comment3 comments  |  Read  |  Post a Comment
Security Industry Takes Steps To Close Gender Gap
Emily Johnson, Associate Editor, UBM AmericasNews
A recent surge of programs and initiatives to nurture women and girl's interests and careers in cybersecurity and technology bodes well for an industry that desperately needs to close a persistent gender gap.
By Emily Johnson Associate Editor, UBM Americas, 10/6/2016
Comment0 comments  |  Read  |  Post a Comment
20 Questions To Explore With Security-as-a-Service Providers
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
This list will help you leverage the niche expertise of security-as-a-service providers, and assess which vendor can best meet your needs
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 10/5/2016
Comment0 comments  |  Read  |  Post a Comment
OTA Issues Checklist For Securing IoT Devices
Dark Reading Staff, Quick Hits
Online Trust Alliance marks National Cybersecurity Awareness Month with measures on how to enhance online safety.
By Dark Reading Staff , 10/5/2016
Comment0 comments  |  Read  |  Post a Comment
NIST Study: User 'Security Fatigue' Adding to Online Risk
Terry Sweeney, Contributing EditorNews
Decision-making overload with passwords, certificates, software updates frustrates users
By Terry Sweeney Contributing Editor, 10/4/2016
Comment0 comments  |  Read  |  Post a Comment
16 Innovative Cybersecurity Technologies Of 2016
Kelly Sheridan, Associate Editor, InformationWeek
This year's SINET 16 Innovators were chosen from 82 applicants representing nine countries.
By Kelly Sheridan Associate Editor, InformationWeek, 10/3/2016
Comment1 Comment  |  Read  |  Post a Comment
Cybercriminals' Superior Business Savvy Keeps Them Ahead
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Rick Holland of Digital Shadows explains how the attackers' superior business agility, faster change management, specialized job force, lower barriers to entry and bulletproof hosting keeps them ahead of the good guys.
By Sara Peters Senior Editor at Dark Reading, 9/30/2016
Comment0 comments  |  Read  |  Post a Comment
6 Ways To Prepare For The EUs GDPR
Jai Vijayan, Freelance writerNews
In less than 20 months, all US companies doing business in the EU will face new consumer privacy requirements. Heres how to prepare for them.
By Jai Vijayan Freelance writer, 9/30/2016
Comment1 Comment  |  Read  |  Post a Comment
Hacking The Polls: Where US Voting Processes Fall Short
Jeff Schilling, Chief of Operations and Security, ArmorCommentary
The patchwork of 50 decentralized state electoral systems threatens to disrupt our national election through ransomware attacks, hijacked voter registration rolls, and altered voting results.
By Jeff Schilling Chief of Operations and Security, Armor, 9/28/2016
Comment5 comments  |  Read  |  Post a Comment
More Than Half Of IT Pros Employ Insecure Data Wiping Methods
Emily Johnson, Associate Editor, UBM AmericasNews
Recent study shows most enterprise IT professionals incorrectly believe emptying a Recycle Bin or reformatting a computer drive permanently erases data.
By Emily Johnson Associate Editor, UBM Americas, 9/28/2016
Comment0 comments  |  Read  |  Post a Comment
Improving Security Savvy Of Execs And Board Room
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Jeff Welgan describes how best to improve cybersecurity literacy throughout the C-suite.
By Sara Peters Senior Editor at Dark Reading, 9/28/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by sbynoe
Current Conversations A very good post.
In reply to: reply
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.