Operations
News & Commentary
No Cybersecurity Exec In Nearly Half Of Companies, UAE Survey Finds
Dark Reading Staff, Quick Hits
New DarkMatter survey exposes security concerns and issues.
By Dark Reading Staff , 5/31/2016
Comment1 Comment  |  Read  |  Post a Comment
How Security And IT Teams Can Get Along: 4 Ways
Rutrell Yasin, Freelance WriterNews
Security managers need to change the conversation with IT teams, showing how to secure critical assets without stifling innovation and business processes.
By Rutrell Yasin Freelance Writer, 5/31/2016
Comment0 comments  |  Read  |  Post a Comment
Ultimate Guide To DDoS Protection: Strategies And Best Practices
Vincent Berk, CEO, FlowTraqCommentary
To be in the best position to defend against DDoS, companies need to protect against a range of exploitable vulnerabilities -- and have the tools to detect and react to attacks.
By Vincent Berk CEO, FlowTraq, 5/30/2016
Comment2 comments  |  Read  |  Post a Comment
SWIFT Proposes New Measures For Bolstering Its Security
Jai Vijayan, Freelance writerNews
Measures come amid news that up to 12 banks may have fallen victim to attacks attempting to steal millions via the SWIFT network.
By Jai Vijayan Freelance writer, 5/27/2016
Comment5 comments  |  Read  |  Post a Comment
Ultimate Guide To DDoS Protection: DDoS Is A Business Problem
Vincent Berk, CEO, FlowTraqCommentary
In the first of a two-part series, we examine the impact DDoS attacks have on business continuity – and why it is so much more than a network security problem.
By Vincent Berk CEO, FlowTraq, 5/27/2016
Comment2 comments  |  Read  |  Post a Comment
FBI Report: Deconstructing The Wide Scope Of Internet Crime
Ericka Chickowski, Contributing Writer, Dark Reading
Hottest crimes reported to IC3 last year include ransomware and email scams via business email compromise and all account compromise attacks.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/27/2016
Comment0 comments  |  Read  |  Post a Comment
DNS Management Provider Hit With Sophisticated, 'Precise' DDoS Attacks
Jai Vijayan, Freelance writerNews
NS1 CEO says other DNS providers also have been attacked over the past few months.
By Jai Vijayan Freelance writer, 5/27/2016
Comment0 comments  |  Read  |  Post a Comment
What's At Risk When CISOs Say 'No'
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Employee satisfaction and hundreds of billions in revenue when CISOs don't look for creative ways to secure innovative change.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/26/2016
Comment1 Comment  |  Read  |  Post a Comment
A Wish List For The Security Conference Stage
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
All the world may be a stage, but in the theater of cybersecurity, we need a more relevant dialogue of fresh ideas, novel approaches, and new ways of thinking.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 5/26/2016
Comment0 comments  |  Read  |  Post a Comment
Bangladesh Reopens 2013 Cold Case Of Bank Theft Via SWIFT
Dark Reading Staff, Quick Hits
Authorities cite similarities in Sonali Bank hack with February's $81 million central bank theft.
By Dark Reading Staff , 5/26/2016
Comment0 comments  |  Read  |  Post a Comment
A Newer Variant Of RawPOS: An In-Depth Look
Melia Kelley, Managing Consultant, UnitedLexCommentary
There's no silver bullet for RawPOS prevention, but you can impede RawPOS's ability to execute successfully by understanding how it works.
By Melia Kelley Managing Consultant, UnitedLex, 5/25/2016
Comment2 comments  |  Read  |  Post a Comment
Poor Airport Security Practices Just Don’t Fly
Joe Schorr, Director of Advanced Security Solutions, BomgarCommentary
Five lessons learned the hard way by the Tampa International Airport about bringing third parties into a security environment.
By Joe Schorr Director of Advanced Security Solutions, Bomgar, 5/24/2016
Comment0 comments  |  Read  |  Post a Comment
G7 Global Finance Leaders Push Cybersecurity Framework
Dark Reading Staff, Quick Hits
At G7 meeting, US Treasury official says cybercrime issues 'not going away.'
By Dark Reading Staff , 5/23/2016
Comment0 comments  |  Read  |  Post a Comment
What Europe Tells Us About The Future Of Data Privacy
Alan M Usas, Adjunct Professor, Department of Computer Science, Brown UniversityCommentary
Recent initiatives offer new strategies for balancing technology, security, and organizational policy goals. Here are three approaches worth considering.
By Alan M Usas Adjunct Professor, Department of Computer Science, Brown University, 5/23/2016
Comment1 Comment  |  Read  |  Post a Comment
Closing the Gender Gap in Cybersecurity: 3 Critical Steps
Haiyan Song, SVP Security Markets, SplunkCommentary
Women in security need to step up as industry role models and set the example for future generations. Here’s how.
By Haiyan Song SVP Security Markets, Splunk, 5/20/2016
Comment9 comments  |  Read  |  Post a Comment
OPM Breach: ‘Cyber Sprint’ Response More Like A Marathon
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Sixty-five percent of federal security execs surveyed in new (ISC)2 report say that government still can’t detect ongoing cyber attacks.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 5/19/2016
Comment0 comments  |  Read  |  Post a Comment
Why Security Investigators Should Care About Forensic Research
Paul Shomo,  Technical Manager Strategic Partnerships, Guidance SoftwareCommentary
Despite the promise of expanded visibility into the user trail behind a data breach, the security industry has largely ignored the meticulous advances of forensic researchers. Privacy is just one reason for the snub.
By Paul Shomo Technical Manager Strategic Partnerships, Guidance Software, 5/19/2016
Comment2 comments  |  Read  |  Post a Comment
Surviving Infosec: Keep Calm & Make Time For Yourself
Lysa Myers, Security Researcher, ESETCommentary
Nine simple but powerful ways to break out of those painful states of mind when you can’t leave the office.
By Lysa Myers Security Researcher, ESET, 5/17/2016
Comment1 Comment  |  Read  |  Post a Comment
5 Secret Habits Of Highly Successful Network Security Programs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The key ingredients to network cybersecurity success and how they improve security results.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/16/2016
Comment0 comments  |  Read  |  Post a Comment
CISO Playbook: Games Of War & Cyber Defenses
Danelle Au, VP Strategy, SafeBreachCommentary
Limiting incident response planning to hypothetical table-top scenarios is far too risky in today’s threat environment. But with cyberwar gaming, you can simulate the experience of a real attack.
By Danelle Au VP Strategy, SafeBreach, 5/16/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
8 Key Building Blocks for Enterprise Network Defense
Networks are changing rapidly -- and so are strategies for protecting them. This Tech Digest looks at the fundamentals for the next-gen environment.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In this episode of Dark Reading Radio, veteran CISOs will share their experience and insight into how organizations can get the best bang for their security buck.