Operations

News & Commentary
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Ransomware Takes Down Airport's Flight Information Screens
Dark Reading Staff, Quick Hits
The attack left airport staff to post flight times and gates on whiteboards at Bristol Airport in Britain.
By Dark Reading Staff , 9/17/2018
Comment0 comments  |  Read  |  Post a Comment
New Study Details Business Benefits of Biometrics
Dark Reading Staff, Quick Hits
Biometric authentication can be good for security and for business, according to a new study from Goode Intelligence
By Dark Reading Staff , 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
4 Trends Giving CISOs Sleepless Nights
Mike Convertino, CISO & VP, Information Security, F5 NetworksCommentary
IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
By Mike Convertino CISO & VP, Information Security, F5 Networks, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
4 Practical Measures to Improve Election Security Now
Chris Wysopal,  Chief Technology Officer, CA Veracode Commentary
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
By Chris Wysopal Chief Technology Officer, CA Veracode , 9/11/2018
Comment1 Comment  |  Read  |  Post a Comment
The Role of Incident Response in ICS Security Compliance
John Moran, Senior Product Manager, DFLabsCommentary
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
By John Moran Senior Product Manager, DFLabs, 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
Why a Healthy Data Diet Is the Secret to Healthy Security
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
In the same way that food is fuel to our bodies, data is the fuel on which our security programs run. Here are 10 action items to put on your cybersecurity menu.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 9/6/2018
Comment0 comments  |  Read  |  Post a Comment
Understanding & Solving the Information-Sharing Challenge
Jonathan Couch, Senior VP of Strategy, ThreatQuotientCommentary
Why cybersecurity threat feeds from intel-sharing groups diminish in value and become just another source of noise. (And what to do about it.)
By Jonathan Couch Senior VP of Strategy, ThreatQuotient, 9/6/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Ways Blockchain is Being Used for Security
Curtis Franklin Jr., Senior Editor at Dark Reading
Blockchain is being used as a security tool. If you haven't thought about adopting it, you might want to reconsider your take.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/5/2018
Comment0 comments  |  Read  |  Post a Comment
NIST Releases Draft on BGP Security
Dark Reading Staff, Quick Hits
Paper describes a technique to protect the Internet from Border Gateway Protocol route hijacking attacks.
By Dark Reading Staff , 9/5/2018
Comment0 comments  |  Read  |  Post a Comment
Thoughts on the Latest Apache Struts Vulnerability
 Tim Mackey, Technical Evangelist, Black Duck by SynopsysCommentary
CVE-2018-11776 operates at a far deeper level within the code than all prior Struts vulnerabilities. This requires a greater understanding of the Struts code itself as well as the various libraries used by Struts.
By Tim Mackey Technical Evangelist, Black Duck by Synopsys, 9/5/2018
Comment0 comments  |  Read  |  Post a Comment
Machine Identities Need Protection, Too
Dark Reading Staff, Quick Hits
A new study shows that device identities need a level of protection that they're not getting from most organizations.
By Dark Reading Staff , 8/31/2018
Comment0 comments  |  Read  |  Post a Comment
Why Automation Will Free Security Pros to Do What They Do Best
Roy Katmor, CEO & Co-Founder, enSiloCommentary
There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.
By Roy Katmor CEO & Co-Founder, enSilo, 8/31/2018
Comment1 Comment  |  Read  |  Post a Comment
Lessons From the Black Hat USA NOC
Curtis Franklin Jr., Senior Editor at Dark ReadingCommentary
The conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/30/2018
Comment0 comments  |  Read  |  Post a Comment
4 Benefits of a World with Less Privacy
Reg Harnish, CEO, GreyCastle SecurityCommentary
The privacy issue is a problem for a lot of people. I see it differently.
By Reg Harnish CEO, GreyCastle Security, 8/30/2018
Comment5 comments  |  Read  |  Post a Comment
How One Companys Cybersecurity Problem Becomes Another's Fraud Problem
Curtis Jordan, Lead Security Engineer, TruSTARCommentary
The solution: When security teams see something in cyberspace, they need to say something.
By Curtis Jordan Lead Security Engineer, TruSTAR, 8/29/2018
Comment8 comments  |  Read  |  Post a Comment
The Difference Between Sandboxing, Honeypots & Security Deception
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 8/27/2018
Comment0 comments  |  Read  |  Post a Comment
A False Sense of Security
Steve Durbin, Managing Director of the Information Security ForumCommentary
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
By Steve Durbin Managing Director of the Information Security Forum, 8/24/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Reasons Security Awareness Programs Go Wrong
Steve Zurier, Freelance Writer
While plenty of progress has been made on the training front, there's still some work ahead in getting the word out and doing so effectively.
By Steve Zurier Freelance Writer, 8/23/2018
Comment0 comments  |  Read  |  Post a Comment
New Insurance Product Adds Coverage for Cryptomining Malware Losses
Dark Reading Staff, Quick Hits
Product also covers all forms of illicit use of business services, including toll fraud and unauthorized use of cloud services.
By Dark Reading Staff , 8/22/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.