Operations
News & Commentary
Controlling Privileged Access To Prevent Rogue Users In Active Directory
Derek Melber, Technical Evangelist for ManageEngineCommentary
Knowing which of your employees have which privileges is the first step to staying safe.
By Derek Melber Technical Evangelist for ManageEngine, 2/20/2017
Comment1 Comment  |  Read  |  Post a Comment
Why Identity Has Become A Top Concern For CSOs
Saryu Nayyar, CEO, GuruculCommentary
Seven of the world's top security leaders share their fears and challenges around the critical new role of identity in the fight against cyber adversaries.
By Saryu Nayyar CEO, Gurucul, 2/14/2017
Comment1 Comment  |  Read  |  Post a Comment
4 Signs You, Your Users, Tech Peers & C-Suite All Have 'Security Fatigue'
Tom Pendergast, Chief Strategist, Security, Privacy, & Compliance, MediaProCommentary
If security fatigue is the disease we've all got, the question is how do we get over it?
By Tom Pendergast Chief Strategist, Security, Privacy, & Compliance, MediaPro, 2/9/2017
Comment5 comments  |  Read  |  Post a Comment
What to Watch (& Avoid) At RSAC
Mike D. Kail, Chief Innovation Officer, CybricCommentary
A renowned security veteran shares his RSA dance card, offering views on technologies destined for the dustbin of history and those that will move the industry forward.
By Mike D. Kail Chief Innovation Officer, Cybric, 2/8/2017
Comment0 comments  |  Read  |  Post a Comment
Talking Cybersecurity From A Risk Management Point of View
Steven Grossman, VP of Strategy & Enablement, Bay DynamicsCommentary
CenturyLink CSO David Mahon reflects on the evolution of the chief information security officer, and why todays CISOs are increasingly adopting a risk-based approach to security.
By Steven Grossman VP of Strategy & Enablement, Bay Dynamics, 2/3/2017
Comment6 comments  |  Read  |  Post a Comment
How to Handle Threats When Short-Staffed
Dark Reading Staff, CommentaryVideo
Skyboxs Michelle Cobb, VP of Worldwide Marketing, explains how automation and advanced analytics can give security teams the data they need when their teams are stretched
By Dark Reading Staff , 2/3/2017
Comment0 comments  |  Read  |  Post a Comment
10 Essential Elements For Your Incident-Response Plan
Terry Sweeney, Contributing Editor
The middle of a DDoS attack or ransomware infection is hardly the time to start talking about divisions of labor, or who should do what when.
By Terry Sweeney Contributing Editor, 2/2/2017
Comment2 comments  |  Read  |  Post a Comment
The Interconnected Nature Of International Cybercrime
Ian W. Gray, Cyber Intelligence Analyst, FlashpointCommentary
How burgeoning hackers are honing their craft across language barriers from top tier cybercriminal ecosystems and forums of the Deep and Dark Web.
By Ian W. Gray Cyber Intelligence Analyst, Flashpoint, 2/1/2017
Comment1 Comment  |  Read  |  Post a Comment
A New Mantra For Cybersecurity: 'Simulate, Simulate, Simulate!'
Danelle Au, VP Strategy, SafeBreachCommentary
What security teams can learn from the Apollo 13 space program, a global pandemic, and major infrastructure disruptions to identify their best responses to attacks.
By Danelle Au VP Strategy, SafeBreach, 2/1/2017
Comment3 comments  |  Read  |  Post a Comment
Why Youre Doing Cybersecurity Risk Measurement Wrong
Daniel Gordon, Cyber Intel Analyst, Lockheed Martin Computer Incident Response TeamCommentary
Measuring risk isnt as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five.
By Daniel Gordon Cyber Intel Analyst, Lockheed Martin Computer Incident Response Team, 1/30/2017
Comment0 comments  |  Read  |  Post a Comment
Cloud Is Security-Ready But Is Your Security Team Ready For Cloud?
Frank Mong, Senior VP, Product, Industry & Solutions Marketing, Palo Alto NetworksCommentary
Cloud computing has moved beyond the early adopter phase and is now mainstream. Heres how to keep data safe in an evolving ecosystem.
By Frank Mong Senior VP, Product, Industry & Solutions Marketing, Palo Alto Networks, 1/25/2017
Comment0 comments  |  Read  |  Post a Comment
This Week On Dark Reading: Event Calendar
Dark Reading Staff, Commentary
Devote some time and headspace to improving your skills with these Dark Reading events.
By Dark Reading Staff , 1/25/2017
Comment0 comments  |  Read  |  Post a Comment
The Trouble With DMARC: 4 Serious Stumbling Blocks
Alexander Garca-Tobar, ValiMail CEO & co-founderCommentary
Popularity for the Domain-based Message Authentication, Reporting and Conformance email authentication standard is growing. So why are enterprises still struggling to implement it?
By Alexander Garca-Tobar ValiMail CEO & co-founder, 1/24/2017
Comment0 comments  |  Read  |  Post a Comment
JPMorgan Hack: One More Pleads Guilty For Operating Bitcoin Exchange
Dark Reading Staff, Quick Hits
Ricardo Hill allegedly operated Coin.mx which exchanged millions of dollars into bitcoin to support the hack scheme.
By Dark Reading Staff , 1/20/2017
Comment1 Comment  |  Read  |  Post a Comment
Cyber Lessons From NSAs Admiral Michael Rogers
Nathaniel Gleicher, Head of Cybersecurity Strategy, IllummioCommentary
Security teams must get better at catching intruders where we have the advantage: on our own networks.
By Nathaniel Gleicher Head of Cybersecurity Strategy, Illummio, 1/19/2017
Comment2 comments  |  Read  |  Post a Comment
Cloud Security & IoT: A Look At What Lies Ahead
Bill Kleyman, Chief Technology Officer, MTM TechnologiesCommentary
In the brave new world of cloud, security teams must be as agile as possible. This means leveraging proactive monitoring tools, locking down access points, and forecasting requirements
By Bill Kleyman Chief Technology Officer, MTM Technologies, 1/18/2017
Comment0 comments  |  Read  |  Post a Comment
10 Cocktail Party Security Tips From The Experts
Steve Zurier, Freelance Writer
Security pros offer basic advice to help average users ward off the bad guys.
By Steve Zurier Freelance Writer, 1/13/2017
Comment6 comments  |  Read  |  Post a Comment
Crowdsourcing 20 Answers To Security Ops & IR Questions
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Those who know do not speak. Those who speak do not know. Why it pays to take a hard look at our own incident response functions and operations.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 1/12/2017
Comment1 Comment  |  Read  |  Post a Comment
Operational Security Best Practices For Social Media
Malwarebytes Labs, Malwarebytes Labs
Building a firm, clear policy on disclosures online can provide a flexible, adaptive response that will protect proprietary data from winding up in a public leak.
By Malwarebytes Labs Malwarebytes Labs, 1/11/2017
Comment0 comments  |  Read  |  Post a Comment
Credit Freeze: The New Normal In Data Breach Protection?
Lysa Myers, Security Researcher, ESETCommentary
In era of rampant identity theft, consumers should be offered the protection of a credit freeze by default, instead of a nuisance fee each time a freeze is placed or removed.
By Lysa Myers Security Researcher, ESET, 1/11/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.