Operations

News & Commentary
Insider Threats & Insider Objections
Richard Ford, Chief Scientist, ForcepointCommentary
The tyranny of the urgent and three other reasons why its hard for CISOs to establish a robust insider threat prevention program.
By Richard Ford Chief Scientist, Forcepoint, 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
Bringing Compliance into the SecDevOps Process
Joe Ward, Senior Security Analyst, Bishop FoxCommentary
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
By Joe Ward Senior Security Analyst, Bishop Fox, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
4 Lessons Die Hard Teaches About Combating Cyber Villains
Keith Graham, Chief Technology Officer, SecureAuthCommentary
With proper planning, modern approaches, and tools, we can all be heroes in the epic battle against the cyber threat.
By Keith Graham Chief Technology Officer, SecureAuth, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
55% of Companies Don't Offer Mandatory Security Awareness Training
Dark Reading Staff, Quick Hits
Even those that provide employee training do so sparingly, a new study finds.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Boosting SOC IQ Levels with Knowledge Transfer
Mike Fowler, Vice President of Professional Services at DFLabsCommentary
Despite shortages of skills and staff, these six best practices can improve analysts' performance in a security operations center.
By Mike Fowler Vice President of Professional Services at DFLabs, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark ReadingNews
New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.
By Kelly Sheridan Staff Editor, Dark Reading, 12/5/2018
Comment1 Comment  |  Read  |  Post a Comment
The Case for a Human Security Officer
Ira Winkler, CISSP, President, Secure MentemCommentary
Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.
By Ira Winkler CISSP, President, Secure Mentem, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways to Strengthen Your GDPR Compliance Efforts
Steve Zurier, Freelance Writer
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
By Steve Zurier Freelance Writer, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new partnership wants to improve how people use and manage the virtual identities that govern their lives online.
By Kelly Sheridan Staff Editor, Dark Reading, 12/3/2018
Comment8 comments  |  Read  |  Post a Comment
Filling the Cybersecurity Jobs Gap Now and in the Future
John DeSimone & Russ Schrader, VP, Cybersecurity & Special Missions, Raytheon; Executive Director, National Cyber Security AllianceCommentary
Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.
By John DeSimone & Russ Schrader VP, Cybersecurity & Special Missions, Raytheon; Executive Director, National Cyber Security Alliance, 12/3/2018
Comment0 comments  |  Read  |  Post a Comment
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
Elad Menahem, Head of Security Research, Cato NetworksCommentary
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
By Elad Menahem Head of Security Research, Cato Networks, 11/30/2018
Comment0 comments  |  Read  |  Post a Comment
Dunkin' Donuts Serves Up Data Breach Alert
Dark Reading Staff, Quick Hits
Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.
By Dark Reading Staff , 11/29/2018
Comment0 comments  |  Read  |  Post a Comment
The Return of Email Flooding
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
An old attack technique is making its way back into the mainstream with an onslaught of messages that legacy tools and script writing can't easily detect.
By Eyal Benishti CEO & Founder of IRONSCALES, 11/29/2018
Comment5 comments  |  Read  |  Post a Comment
The "Typical" Security Engineer: Hiring Myths & Stereotypes
Lysa Myers, Security Researcher, ESETCommentary
In an environment where talent is scarce, it's critical that hiring managers remove artificial barriers to those whose mental operating systems are different.
By Lysa Myers Security Researcher, ESET, 11/28/2018
Comment9 comments  |  Read  |  Post a Comment
Who's the Weakest Link in Your Supply Chain?
Kelly Sheridan, Staff Editor, Dark ReadingNews
Nearly 60% of organizations have suffered data breaches resulting from a third party, as suppliers pose a growing risk to enterprise security.
By Kelly Sheridan Staff Editor, Dark Reading, 11/27/2018
Comment2 comments  |  Read  |  Post a Comment
How to Find a Privacy Job That You'll Love (& Why)
Louise Thorpe, Chief Privacy Officer, American ExpressCommentary
Advice from a millennial woman who has done it: Find your niche and master your craft. You will be amazed at how significant your work will be.
By Louise Thorpe Chief Privacy Officer, American Express, 11/27/2018
Comment0 comments  |  Read  |  Post a Comment
8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
JD Sherry, Chief Revenue Officer, Remediant, Inc.Commentary
Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.
By JD Sherry Chief Revenue Officer, Remediant, Inc., 11/27/2018
Comment0 comments  |  Read  |  Post a Comment
Buckle Up: A Closer Look at Airline Security Breaches
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cyberattacks on airports and airlines are often unrelated to passenger safety but that's no reason to dismiss them, experts say.
By Kelly Sheridan Staff Editor, Dark Reading, 11/26/2018
Comment0 comments  |  Read  |  Post a Comment
Transforming into a CISO Security Leader
Todd Fitzgerald, Managing Director/CISO at CISO Spotlight, LLCCommentary
Are you thinking of changing your career route from techie to CISO? Are you making the right choice? Only you know for sure.
By Todd Fitzgerald Managing Director/CISO at CISO Spotlight, LLC, 11/26/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Real-Life Dangers That Threaten Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/26/2018
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Agent Aix les Bains
Current Conversations What do you mean ?
In reply to: Re: BLOCKCHAIN
Post Your Own Reply
Posted by tDi443
Current Conversations ?
In reply to: BLOCKCHAIN
Post Your Own Reply
More Conversations
PR Newswire
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
CVE-2018-20051
PUBLISHED: 2018-12-10
Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on.
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.