Operations

News & Commentary
Cybersecurity at the Core
Troy Mattern, Vice President for Product and Services Cybersecurity at Motorola SolutionsCommentary
For too long, cybersecurity has been looked at as one team's responsibility. If we maintain that mentality, we will fail.
By Troy Mattern Vice President for Product and Services Cybersecurity at Motorola Solutions, 11/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Consumers Are Forgiving After a Data Breach, but Companies Need To Respond Well
Steve Zurier, Freelance WriterNews
A solid response and reputation management program will go a long way in surviving a major breach.
By Steve Zurier Freelance Writer, 11/20/2018
Comment0 comments  |  Read  |  Post a Comment
8 Security Buzzwords That Are Too Good to Be True
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 11/20/2018
Comment0 comments  |  Read  |  Post a Comment
7 Holiday Security Tips for Retailers
Steve Zurier, Freelance Writer
It's the most wonderful time of the year and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
By Steve Zurier Freelance Writer, 11/19/2018
Comment0 comments  |  Read  |  Post a Comment
Instagram Privacy Tool Exposed Passwords
Dark Reading Staff, Quick Hits
The 'Download Your Data' tool, intended to improve users' privacy, actually became a privacy risk.
By Dark Reading Staff , 11/19/2018
Comment0 comments  |  Read  |  Post a Comment
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The public/private task force takes early steps toward securing the end-to-end supply chain.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
95% of Organizations Have Cultural Issues Around Cybersecurity
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Can Businesses Stand Up to Cybercrime? Only 61% Say Yes
Dark Reading Staff, Quick Hits
While 96% of US organizations say business resilience should be core to company strategy, only 61% say it actually is.
By Dark Reading Staff , 11/14/2018
Comment0 comments  |  Read  |  Post a Comment
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360Commentary
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
By Shay Colson CISSP, Senior Manager, CyberClarity360, 11/13/2018
Comment3 comments  |  Read  |  Post a Comment
RIP, 'IT Security'
Kevin Kurzawa, Senior Information Security AuditorCommentary
Information security is vital, of course. But the concept of "IT security" has never made sense.
By Kevin Kurzawa Senior Information Security Auditor, 11/13/2018
Comment2 comments  |  Read  |  Post a Comment
Paris Agreement on Cybercrime Falls Short of Unanimous Agreement
Dark Reading Staff, Quick Hits
More than 50 nations and 150 global companies agree to join effort to fight cybercrime.
By Dark Reading Staff , 11/12/2018
Comment0 comments  |  Read  |  Post a Comment
7 Cool New Security Tools to be Revealed at Black Hat Europe
Ericka Chickowski, Contributing Writer, Dark Reading
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/12/2018
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
Michael Fabian, Principal Security Consultant, SynopsysCommentary
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.
By Michael Fabian Principal Security Consultant, Synopsys, 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
Checkmarx Acquires Custodela
Dark Reading Staff, Quick Hits
The purchase adds DevSecOps capabilities to a software exposure platform.
By Dark Reading Staff , 11/7/2018
Comment0 comments  |  Read  |  Post a Comment
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance WriterNews
Researchers say companies need to rethink their password training and take a more holistic approach to security.
By Steve Zurier Freelance Writer, 11/7/2018
Comment1 Comment  |  Read  |  Post a Comment
Thoma Bravo Buys Veracode
Kelly Sheridan, Staff Editor, Dark ReadingNews
Broadcom will sell Veracode, acquired last year by CA, for $950M to Thoma Bravo as it broadens its security portfolio.
By Kelly Sheridan Staff Editor, Dark Reading, 11/5/2018
Comment1 Comment  |  Read  |  Post a Comment
After the Breach: Tracing the 'Smoking Gun'
Jackson Shaw, VP of Product Management, One IdentityCommentary
Systems, technology, and threats change, and your response plan should, too. Here are three steps to turn your post-breach assessment into a set of workable best practices.
By Jackson Shaw VP of Product Management, One Identity, 11/5/2018
Comment0 comments  |  Read  |  Post a Comment
Speed Up AppSec Improvement With an Adversary-Driven Approach
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Stop overwhelming developers and start using real-world attack behavior to prioritize application vulnerability fixes.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/2/2018
Comment0 comments  |  Read  |  Post a Comment
New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
'BleedingBit' could give attackers control of the wireless network from a remote vantage point.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/1/2018
Comment0 comments  |  Read  |  Post a Comment
Where Is the Consumer Outrage about Data Breaches?
Richard Ford, Chief Scientist, ForcepointCommentary
Facebook, Equifax, Cambridge Analytica Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.
By Richard Ford Chief Scientist, Forcepoint, 11/1/2018
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff 11/16/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19406
PUBLISHED: 2018-11-21
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.
CVE-2018-19407
PUBLISHED: 2018-11-21
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
CVE-2018-19404
PUBLISHED: 2018-11-21
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= ...
CVE-2018-19387
PUBLISHED: 2018-11-20
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.
CVE-2018-19388
PUBLISHED: 2018-11-20
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.