Operations
News & Commentary
The First 24 Hours In The Wake Of A Data Breach
Stephen Treglia, JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute SoftwareCommentary
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
By Stephen Treglia JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute Software, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
Smartwatches Could Become New Frontier for Cyber Attackers
Jai Vijayan, Freelance writerNews
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
By Jai Vijayan Freelance writer, 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Internet of Things: Anything You Track Could Be Used Against You
Lysa Myers, Security Researcher, ESETCommentary
Lawyers – not security advocates – have fired the first salvos over wearable tech privacy. The results may surprise you.
By Lysa Myers Security Researcher, ESET, 7/23/2015
Comment0 comments  |  Read  |  Post a Comment
Finding The ROI Of Threat Intelligence: 5 Steps
Ryan Trost, CIO & Co-founder, ThreatQuotientCommentary
Advice from a former SOC manager on how to leverage threat intel without increasing the bottom line.
By Ryan Trost CIO & Co-founder, ThreatQuotient, 7/22/2015
Comment0 comments  |  Read  |  Post a Comment
Detection: A Balanced Approach For Mitigating Risk
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Only detection and response can complete the security picture that begins with prevention.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Time’s Running Out For The $76 Billion Detection Industry
Simon Crosby, Co-founder & CTO, BromiumCommentary
The one strategy that can deliver the needle to the security team without the haystack is prevention.
By Simon Crosby Co-founder & CTO, Bromium, 7/21/2015
Comment2 comments  |  Read  |  Post a Comment
CISOs Caught In A Catch-22
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Chief information security officers are considered 'accountable' for breaches while not always in charge of all infosec strategy and purchases, new report shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/21/2015
Comment1 Comment  |  Read  |  Post a Comment
How I Learned To Love Active Defense
John Strand, SANS Senior Instructor & Owner, Black Hills Information SecurityCommentary
Yes, traditional cyber defenses can be effective. They just need to be a little more active.
By John Strand SANS Senior Instructor & Owner, Black Hills Information Security, 7/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Mobile App Security: 4 Critical Issues
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 7/17/2015
Comment3 comments  |  Read  |  Post a Comment
10 Trends In Infosec Careers And Staffing
Ericka Chickowski, Contributing Writer, Dark Reading
Employment stable for job-seekers, but staffing gaps persist for employers who need better security teams to counter threats
By Ericka Chickowski Contributing Writer, Dark Reading, 7/16/2015
Comment1 Comment  |  Read  |  Post a Comment
The Insiders: A Rogues Gallery
Mike Tierney, COO, SpectorSoftCommentary
You can defend against an insider threat if you know where to look.
By Mike Tierney COO, SpectorSoft, 7/16/2015
Comment0 comments  |  Read  |  Post a Comment
4 Lasting Impacts Of The Hacking Team Leaks
Sara Peters, Senior Editor at Dark ReadingNews
Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash.
By Sara Peters Senior Editor at Dark Reading, 7/15/2015
Comment7 comments  |  Read  |  Post a Comment
The End Of Whac-A-Mole: From Incident Response To Strategic Intelligence
Rick Howard, CSO, Palo Alto NetworksCommentary
In the face of mounting cybercrime, hacktivism, and espionage, network defenders need to transform their tactical IR groups into full-scale cyber intelligence teams.
By Rick Howard CSO, Palo Alto Networks, 7/15/2015
Comment1 Comment  |  Read  |  Post a Comment
Shared Passwords And No Accountability Plague Privileged Account Use
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Even IT decision-makers guilty of poor account hygiene.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Inside A Vicious DDoS Attack
Anthony Lye, President & CEO Chief Executive Officer, HotSchedulesCommentary
What it's really like to fend off a relentless distributed denial-of-service attack.
By Anthony Lye President & CEO Chief Executive Officer, HotSchedules, 7/14/2015
Comment0 comments  |  Read  |  Post a Comment
Black Hat For Beginners: 4 Tips
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
What happens in Vegas stays in Vegas. But for newbies, these helpful hints will make sure you get the most out of the Black Hat USA experience.
By Kerstyn Clover Attack & Defense Team Consultant, 7/10/2015
Comment0 comments  |  Read  |  Post a Comment
Hacking Team 0-Day Shows Widespread Dangers Of All Offense, No Defense
Sara Peters, Senior Editor at Dark ReadingNews
While the Italian surveillance company sells government agencies high-end zero-day proof-of-concept exploits, it secures root systems with the password 'P4ssword.' What's vulnerability commoditization got to do with it?
By Sara Peters Senior Editor at Dark Reading, 7/8/2015
Comment0 comments  |  Read  |  Post a Comment
The Role of the Board In Cybersecurity: ‘Learn, Ensure, Inspect’
Jason Straight, Senior VP & Chief Privacy Officer, UnitedLexCommentary
Board members of the most forward-thinking U.S. companies are not just throwing money at the mounting problem of managing cyber risk.
By Jason Straight Senior VP & Chief Privacy Officer, UnitedLex, 7/8/2015
Comment1 Comment  |  Read  |  Post a Comment
Cloud & The Security Skills Gap
David Holmes, World-Wide Security Evangelist, F5CommentaryVideo
F5 Network security evangelist David Holmes tells how cloud outsourcing can help companies fill the talent gap in three critical areas of enterprise security.
By David Holmes World-Wide Security Evangelist, F5, 7/6/2015
Comment0 comments  |  Read  |  Post a Comment
FBI Offering $4.3 Million For Help Finding Cyber Most-Wanted
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Big prize still going to whomever can help find Gameover ZeuS mastermind.
By Sara Peters Senior Editor at Dark Reading, 7/2/2015
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by pentareddy
Current Conversations good video
In reply to: Re: Pending Review
Post Your Own Reply
Posted by suhasuseless
Current Conversations cool article..really cool
In reply to: good post
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

CVE-2015-1840
Published: 2015-07-26
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space cha...

CVE-2015-1872
Published: 2015-07-26
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via craft...

CVE-2015-2847
Published: 2015-07-26
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

CVE-2015-2848
Published: 2015-07-26
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!