News & Commentary
How To Bullet Proof Your PAM Accounts: 7 Tips
Steve Zurier, Freelance Writer
Recent studies demonstrate the need for companies to focus more on their privileged users.
By Steve Zurier Freelance Writer, 8/26/2016
Comment0 comments  |  Read  |  Post a Comment
The Hidden Dangers Of 'Bring Your Own Body'
Kon Leong, CEO/Co-founder, ZL TechnologiesCommentary
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
By Kon Leong CEO/Co-founder, ZL Technologies, 8/26/2016
Comment0 comments  |  Read  |  Post a Comment
The Secret Behind the NSA Breach: Network Infrastructure Is the Next Target
Yoni Allon, Research Team Leader, LightCyberCommentary
How the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches.
By Yoni Allon Research Team Leader, LightCyber, 8/25/2016
Comment0 comments  |  Read  |  Post a Comment
Russian Cyberspies' Leaked Hacks Could Herald New Normal
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Time to set cyber espionage 'norms' before more volatile nation-states follow suit, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/24/2016
Comment1 Comment  |  Read  |  Post a Comment
Security Leadership & The Art Of Decision Making
Vincent Liu, Partner, Bishop FoxCommentary
What a classically-trained guitarist with a Masters Degree in counseling brings to the table as head of cybersecurity and privacy at one of the worlds major healthcare organizations.
By Vincent Liu Partner, Bishop Fox, 8/24/2016
Comment0 comments  |  Read  |  Post a Comment
Reporters At New York Times Targeted By Russian Hackers
Dark Reading Staff, Quick Hits
CNN reports an FBI investigation into an even wider victim base in recently exposed cyber spy operations focusing on the US presidential campaign.
By Dark Reading Staff , 8/23/2016
Comment0 comments  |  Read  |  Post a Comment
Anatomy Of A Social Media Attack
Mike Raggo, Chief Research Scientist, ZeroFOX (CISSP, NSA-IAM, ACE, CSI)Commentary
Finding and addressing Twitter and Facebook threats requires a thorough understanding of how theyre accomplished.
By Mike Raggo Chief Research Scientist, ZeroFOX (CISSP, NSA-IAM, ACE, CSI), 8/23/2016
Comment5 comments  |  Read  |  Post a Comment
5 Strategies For Enhancing Targeted Security Monitoring
Jason Sachowski, Director, Security Forensics & Civil Investigations, Scotiabank GroupCommentary
These examples will help you improve early incident detection results.
By Jason Sachowski Director, Security Forensics & Civil Investigations, Scotiabank Group, 8/18/2016
Comment0 comments  |  Read  |  Post a Comment
8 Surprising Statistics About Insider Threats
Ericka Chickowski, Contributing Writer, Dark Reading
Insider theft and negligence is real--and so are the practices that amplify the risks.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/17/2016
Comment1 Comment  |  Read  |  Post a Comment
Security Must Become Driving Force For Auto Industry
Art Dahnert, Managing Consultant, Cigital, Inc.Commentary
Digital security hasnt kept pace in this always-connected era. Is infosec up to the challenge?
By Art Dahnert Managing Consultant, Cigital, Inc., 8/17/2016
Comment0 comments  |  Read  |  Post a Comment
15 US Cities Where Cybersecurity Professionals Earn Big Bucks
Sean Martin, CISSP | President, imsmartin
Demand continues to rise for cybersecurity professionals throughout the US, and the salaries seem to follow suit. New data shows best cities for salary and cost of living.
By Sean Martin CISSP | President, imsmartin, 8/16/2016
Comment1 Comment  |  Read  |  Post a Comment
The Real Reason Phishing Works So Well
Steve Zurier, Freelance WriterNews
New Duo Security study shows many companies dont update browsers and operating systems a first line of defense.
By Steve Zurier Freelance Writer, 8/16/2016
Comment1 Comment  |  Read  |  Post a Comment
Trump Winning Spam Race By Huge Margin
Jai Vijayan, Freelance writerNews
Republican Presidential contenders name appears nearly 170 times more often in spam email subject lines than Clintons over last two months.
By Jai Vijayan Freelance writer, 8/11/2016
Comment3 comments  |  Read  |  Post a Comment
Security Portfolios: A Different Approach To Leadership
Adam Shostack, Founder, Stealth StartupCommentary
How grounding a conversation around a well-organized list of controls and their goals can help everyone be, literally, on the same page.
By Adam Shostack Founder, Stealth Startup, 8/11/2016
Comment1 Comment  |  Read  |  Post a Comment
What The TSA Teaches Us About IP Protection
Brian White, Chief Operating Officer, RedOwlCommentary
Data loss prevention solutions are no longer effective. Todays security teams have to keep context and human data in mind, as the TSA does.
By Brian White Chief Operating Officer, RedOwl, 8/11/2016
Comment1 Comment  |  Read  |  Post a Comment
Google To Roll Out New Security Alerts On Gmail
Dark Reading Staff, Quick Hits
Gmail users to get alerts for suspicious email senders as well as sketchy links in messages.
By Dark Reading Staff , 8/11/2016
Comment0 comments  |  Read  |  Post a Comment
Government, Hackers Learn To Make Nice
Terry Sweeney, Contributing EditorNews
It's still an uneasy alliance, but the hacking community and government are finding their way toward more constructive dialog and cooperation
By Terry Sweeney Contributing Editor, 8/10/2016
Comment4 comments  |  Read  |  Post a Comment
Theory Vs Practice: Getting The Most Out Of Infosec
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Why being practical and operationally minded is the only way to build a successful security program.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 8/10/2016
Comment0 comments  |  Read  |  Post a Comment
Building A Detection Strategy With The Right Metrics
Giora Engel, VP Product & Strategy, LightCyberCommentary
The tools used in detecting intrusions can lead to an overwhelming number of alerts, but theyre a vital part of security.
By Giora Engel VP Product & Strategy, LightCyber, 8/9/2016
Comment0 comments  |  Read  |  Post a Comment
Kaspersky Lab Kicks Off Its First Bug Bounty Program
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security vendor teams up with HackerOne to pay out $50K to researchers over next six months.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/2/2016
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by [email protected]
Current Conversations This comment is waiting for review by our moderators.
In reply to: Pending Review
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.