Perimeter
News & Commentary
Intrusion Suppression:' Transforming Castles into Prisons
Tom Kellermann,  CEO & Cofounder, Strategic Cyber Ventures Commentary
How building cybersecurity structures that decrease adversaries dwell time can reduce the damage from a cyberattack.
By Tom Kellermann CEO & Cofounder, Strategic Cyber Ventures , 4/18/2017
Comment0 comments  |  Read  |  Post a Comment
Got an Industrial Network? Reduce your Risk of a Cyberattack with Defense in Depth
Jeff Lund, Senior Director, Belden Industrial IT GroupCommentary
If an aggressive, all-out cyberdefense strategy isnt already on your operational technology plan for 2017, its time to get busy.
By Jeff Lund Senior Director, Belden Industrial IT Group, 4/13/2017
Comment0 comments  |  Read  |  Post a Comment
New Breed of DDoS Attack On the Rise
Jai Vijayan, Freelance writerNews
Akamai Networks since October has detected and mitigated at least 50 DDoS attacks using Connectionless LDAP.
By Jai Vijayan Freelance writer, 4/13/2017
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Seized Control of Brazilian Bank for 5 Hours
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Sophisticated heist compromised major bank's entire DNS infrastructure.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/4/2017
Comment0 comments  |  Read  |  Post a Comment
To Gain Influence, CISOs Must Get Security's Human Element Right
Rocco Grillo, Cyber Resilience Leader at Stroz FriedbergCommentary
Focusing on certain elements of security in isolation can cause a false sense of security.
By Rocco Grillo Cyber Resilience Leader at Stroz Friedberg, 3/29/2017
Comment1 Comment  |  Read  |  Post a Comment
Getting Beyond the Buzz & Hype of Threat Hunting
Kyle Wilhoit, Senior Security Researcher, DomainToolsCommentary
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it wont happen overnight.
By Kyle Wilhoit Senior Security Researcher, DomainTools, 3/20/2017
Comment0 comments  |  Read  |  Post a Comment
New Wave of Security Acquisitions Signals Start of Consolidation Trend
Steve Zurier, Freelance Writer
A dozen recent high-profile deals reflect cybersecurity vendors' hopes of expanding their offerings with next-generation technology, ideas, and talent.
By Steve Zurier Freelance Writer, 3/20/2017
Comment0 comments  |  Read  |  Post a Comment
Ethical Hacking: The Most Important Job No One Talks About
Amit Ashbel, Cybersecurity Evangelist at CheckmarxCommentary
If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.
By Amit Ashbel Cybersecurity Evangelist at Checkmarx, 3/16/2017
Comment4 comments  |  Read  |  Post a Comment
Trust Begins With Layer 1 Encryption
Hector Menendez, Product Marketing Manager, IP/Optical Networks, NokiaCommentary
In todays distributed environment, cloud and communication service providers can play a key role in providing organizations with a scalable and secure platform for the connection of everything to everything. Heres how.
By Hector Menendez Product Marketing Manager, IP/Optical Networks, Nokia, 3/15/2017
Comment0 comments  |  Read  |  Post a Comment
What Your SecOps Team Can (and Should) Do
Chris Crowley, Independent Consultant at Montance, LLCCommentary
If your organization has all of these pieces in place, congratulations!
By Chris Crowley Independent Consultant at Montance, LLC, 3/13/2017
Comment0 comments  |  Read  |  Post a Comment
Mobile (In)security: Dark Reading Cartoon Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Clever word play on mobile ransomware, cloud and the Internet of Things. And the winners are
By Marilyn Cohodas Community Editor, Dark Reading, 3/9/2017
Comment3 comments  |  Read  |  Post a Comment
Securing Todays 'Elastic Attack Surface'
Amit Yoran, Chairman & CEO, Tenable Network SecurityCommentary
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
By Amit Yoran Chairman & CEO, Tenable Network Security, 3/9/2017
Comment1 Comment  |  Read  |  Post a Comment
9 Phishing Lures that Could Hijack your 2017 Tax Refund
Steve Zurier, Freelance Writer
Scammers are taking an aggressive approach to tax season this year, packing attachments and links with banking Trojans, and fairly new strains of ransomware.
By Steve Zurier Freelance Writer, 3/9/2017
Comment0 comments  |  Read  |  Post a Comment
Trust, Cloud & the Quest for a Glass Wall around Security
Stan Black, CSO, CitrixCommentary
In the next year, were going to see a leap towards strategic, business-level objectives that can be resolved by simplifying infrastructure and granting greater visibility in real time.
By Stan Black CSO, Citrix, 3/8/2017
Comment0 comments  |  Read  |  Post a Comment
FTC Report Highlights Low DMARC Adoption
Kelly Sheridan, Associate Editor, Dark ReadingNews
New Federal Trade Commission research discovers most online businesses employ email authentication, but few use DMARC to combat phishing.
By Kelly Sheridan Associate Editor, Dark Reading, 3/6/2017
Comment0 comments  |  Read  |  Post a Comment
7 Hot Security Terms (and Buzzwords) to Know
Terry Sweeney, Contributing Editor
How the security industry has a conversation with itself is constantly changing and the latest terms as well as buzzwords point us to where the technology is heading.
By Terry Sweeney Contributing Editor, 3/6/2017
Comment5 comments  |  Read  |  Post a Comment
Palo Alto Networks Acquires LightCyber
Dark Reading Staff, Quick Hits
Company will integrate LightCyber technology into its Next-Generation Security Platform.
By Dark Reading Staff , 3/1/2017
Comment0 comments  |  Read  |  Post a Comment
Tunneling Through The "Walls" Of IoT In The Enterprise
Jose Nazario, Director of Security Research at FastlyCommentary
The movie "Die Hard" has a thing or two to teach us about the pitfalls of the Internet of Things.
By Jose Nazario Director of Security Research at Fastly, 2/22/2017
Comment1 Comment  |  Read  |  Post a Comment
Why We Need To Reinvent How We Catalogue Malware
Paul Shomo,  Technical Manager Strategic Partnerships, Guidance SoftwareCommentary
One obvious trend: crimeware technologies that come with simple user consoles and functionality to create unique binaries at the click of a button.
By Paul Shomo Technical Manager Strategic Partnerships, Guidance Software, 2/22/2017
Comment1 Comment  |  Read  |  Post a Comment
IoT Security: A Ways To Go, But Some Interim Steps For Safety
Terry Sweeney, Contributing EditorNews
The Internet of Things remains vulnerable to botnets and malware, but Cisco's Anthony Grieco offers some tips to keep networks and users more secure
By Terry Sweeney Contributing Editor, 2/15/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by [email protected]
Current Conversations Her: I wonder how much our ISP will sell the Story of Us for? Him: I hope we get a discount.
In reply to: Cartoon Caption
Post Your Own Reply
Posted by Shantaram
Current Conversations Thanks, nice thoughts!
In reply to: Re:
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.