Operations
News & Commentary
Silicon & Artificial Intelligence: The Foundation of Next Gen Data Security
Mark Papermaster, SVP & CTO, AMDCommentary
Why new challenges like ‘real-time, always-on’ authentication and access control can only be met by a combination of smart hardware and software.
By Mark Papermaster SVP & CTO, AMD, 5/5/2016
Comment0 comments  |  Read  |  Post a Comment
The Balancing Act: Government Security In The Cloud
Lance Dubsky, CISSP, CISM, Chief Security Strategist, Americas, at FireEyeCommentary
The cloud offers great opportunities and challenges to public sector security teams defending critical systems against advanced threats. These 7 strategies will help you avoid a worst-case scenario.
By Lance Dubsky, CISSP, CISM Chief Security Strategist, Americas, at FireEye, 5/4/2016
Comment0 comments  |  Read  |  Post a Comment
Enterprises Lack Top-Down Management Of Third-Party Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report finds there's not enough leadership in managing risks from business partners and vendors.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/3/2016
Comment0 comments  |  Read  |  Post a Comment
It’s A Dog’s Life: Caption Contest Winners Announced
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Packet sniffing, drones and cat memes. And the winning caption is….
By Marilyn Cohodas Community Editor, Dark Reading, 5/3/2016
Comment2 comments  |  Read  |  Post a Comment
10 Biggest Mega Breaches Of The Past 10 Years
Ericka Chickowski, Contributing Writer, Dark Reading
These data breaches from Dark Reading's 10-year history boggle the mind in terms of scale and fallout.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/3/2016
Comment0 comments  |  Read  |  Post a Comment
8 Microsoft Office 365 Security Tips To Reduce Data Loss
Sean Martin, CISSP | President, imsmartin
Even with a slew of new security tools and compliance guidance, there are still things you can do to protect this critical business system.
By Sean Martin CISSP | President, imsmartin, 5/2/2016
Comment0 comments  |  Read  |  Post a Comment
How To Succeed At Third-Party Cyber Risk Management: 10 Steps
Charlie Miller, Senior Vice President, The Santa Fe GroupCommentary
Organizations are failing -- and badly -- assessing the risk of attacks and data breaches from vendors and supply chains, according to a recent Ponemon Institute study. The solution starts at the top.
By Charlie Miller Senior Vice President, The Santa Fe Group, 5/2/2016
Comment0 comments  |  Read  |  Post a Comment
6 Steps for Responding to a Disruptive Attack
Steve Zurier, Freelance Writer
Today’s threat landscape dictates that companies must have a workable incident response plan.
By Steve Zurier Freelance Writer, 4/29/2016
Comment0 comments  |  Read  |  Post a Comment
Stop Building Silos. Security Is Everyone’s Problem
Robert Reeves, CTO & Co-Founder, DaticalCommentary
Yes, it’s true that the speed of DevOps has made security more difficult. But that doesn’t mean accelerated release cycles and secure applications have to be mutually exclusive.
By Robert Reeves CTO & Co-Founder, Datical, 4/29/2016
Comment1 Comment  |  Read  |  Post a Comment
Government Cybersecurity Performance, Confidence Bottoms Out
Ericka Chickowski, Contributing Writer, Dark ReadingNews
In the wake of OPM and other big gov breaches, government cybersecurity performance scores and employee confidence ratings sink through the floor.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/28/2016
Comment0 comments  |  Read  |  Post a Comment
4 Tips For Planning An Effective Security Budget
Rutrell Yasin, Freelance WriterNews
Security budgets start with managers assessing all of their resources and measuring the effectiveness of their security programs for strengths and weaknesses
By Rutrell Yasin Freelance Writer, 4/27/2016
Comment3 comments  |  Read  |  Post a Comment
8 Signs Your Security Culture Lacks Consistency
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Organizations that practice what they preach and match their actions to their words do far better achieving their goals than those that do not. Here's why that matters.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 4/27/2016
Comment0 comments  |  Read  |  Post a Comment
Crowdsourcing The Dark Web: A One-Stop Ran$om Shop
Nitsan Saddan, Advanced Threat Researcher, CymmetriaCommentary
Say hello to Ran$umBin, a new kind of ransom market dedicated to criminals and victims alike.
By Ran$umBin Ran$omBin , 4/26/2016
Comment0 comments  |  Read  |  Post a Comment
Surviving InfoSec: Digital Crime And Emotional Grime
Lysa Myers, Security Researcher, ESETCommentary
The never ending stream of threats, vulnerabilities, and potential attacks can take its toll on the typical security professional. Here’s how to fight back against the pressure.
By Lysa Myers Security Researcher, ESET, 4/25/2016
Comment0 comments  |  Read  |  Post a Comment
Be Prepared: How Proactivity Improves Cybersecurity Defense
Jason Sachowski, Director, Security Forensics & Civil Investigations, Scotiabank GroupCommentary
These five strategies will help you achieve a state of readiness in a landscape of unpredictable risk.
By Jason Sachowski Director, Security Forensics & Civil Investigations, Scotiabank Group, 4/23/2016
Comment2 comments  |  Read  |  Post a Comment
10 Tips for Securing Your SAP Implementation
Sean Martin, CISSP | President, imsmartin
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
By Sean Martin CISSP | President, imsmartin, 4/23/2016
Comment0 comments  |  Read  |  Post a Comment
Microsoft: Keep Calm But Vigilant About Ransomware
Jai Vijayan, Freelance writerNews
Though a growing problem, ransomware is still nowhere as prevalent as other threats, Microsoft says.
By Jai Vijayan Freelance writer, 4/22/2016
Comment13 comments  |  Read  |  Post a Comment
The Problem With Patching: 7 Top Complaints
Ashley Leonard, President & CEO, Verismic SoftwareCommentary
Is your security team suffering from patching fatigue? Check out these tips and eliminate critical vulnerabilities in your IT environment.
By Ashley Leonard President & CEO, Verismic Software, 4/22/2016
Comment12 comments  |  Read  |  Post a Comment
SpyEye Creators Sentenced To Long Prison Terms
Sara Peters, Senior Editor at Dark ReadingNews
FBI found that arrest halted the release of nasty SpyEye 2.0.
By Sara Peters Senior Editor at Dark Reading, 4/21/2016
Comment1 Comment  |  Read  |  Post a Comment
Mea Culpa: Time To Build Security Into Connectivity
Mark Hoover, CEO, Vidder, Inc.Commentary
How those of us who spent decades developing faster, easier, and more scalable networking technology have made the lives of our security counterparts a living hell.
By Mark Hoover CEO, Vidder, Inc., 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: It's A Dog's Life: Caption Contest Winners Announced
Current Issue
Understanding & Managing the Mobile Security Threat
Mobile devices are increasing IT security risk. Is your enterprise ready?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join us as Dark Reading editors speak with IT security hiring experts about improving IT career prospects.