Analytics
News & Commentary
Crowdsourcing 20 Answers To Security Ops & IR Questions
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Those who know do not speak. Those who speak do not know. Why it pays to take a hard look at our own incident response functions and operations.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 1/12/2017
Comment1 Comment  |  Read  |  Post a Comment
'Molecular' Cybersecurity Vs. Information Cybersecurity
David Zahn, General Manager of Cybersecurity at PASCommentary
When it comes to industrial processes, security begins at the molecular level.
By David Zahn General Manager of Cybersecurity at PAS, 1/10/2017
Comment0 comments  |  Read  |  Post a Comment
7 Ways To Fine-Tune Your Threat Intelligence Model
Terry Sweeney, Contributing Editor
The nature of security threats is too dynamic for set-and-forget. Here are some ways to shake off that complacency.
By Terry Sweeney Contributing Editor, 1/5/2017
Comment3 comments  |  Read  |  Post a Comment
Cyberrisk Through A Business Lens
Jack Jones, Chairman, FAIR InstituteCommentary
Boards and CEOs can focus on these critical factors to provide better cyberrisk governance.
By Jack Jones Chairman, FAIR Institute, 1/3/2017
Comment7 comments  |  Read  |  Post a Comment
Security Analytics: Don't Let Your Data Lake Turn Into A Data Swamp
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
It's easy to get bogged down when looking for insights from data using Hadoop. But that doesn't have to happen, and these tips can help.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 12/21/2016
Comment0 comments  |  Read  |  Post a Comment
5 Things Security Pros Need To Know About Machine Learning
Rutrell Yasin, Business Technology Writer, Tech Writers Bureau
Experts share best practices for data integrity, pattern recognition and computing power to help enterprises get the most out of machine learning-based technology for cybersecurity.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 12/12/2016
Comment2 comments  |  Read  |  Post a Comment
Holiday Weekend Online Payment Card Fraud 20% Higher In 2016
Dark Reading Staff, Quick Hits
In the face of EMV chips, criminals turned online to commit card-not-present fraud this Black Friday and Cyber Monday.
By Dark Reading Staff , 12/1/2016
Comment2 comments  |  Read  |  Post a Comment
Dark Reading Virtual Event Seeks To Break Security Myths, Conventional Wisdom
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Three keynotes, two panel sessions offer new ways to think about enterprise information security.
By Tim Wilson, Editor in Chief, Dark Reading , 11/14/2016
Comment6 comments  |  Read  |  Post a Comment
Surveys: Security Pros Overwhelmed, Not Communicating, Threat Intel Data
Terry Sweeney, Contributing EditorNews
Two new studies underscore the challenges of making threat intelligence part of the enterprise arsenal.
By Terry Sweeney Contributing Editor, 11/3/2016
Comment2 comments  |  Read  |  Post a Comment
New Free Tool Stops Petya Ransomware & Rootkits
Sara Peters, Senior Editor at Dark ReadingNews
Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
By Sara Peters Senior Editor at Dark Reading, 10/20/2016
Comment1 Comment  |  Read  |  Post a Comment
7 Regional Hotbeds For Cybersecurity Innovation
Kelly Sheridan, Associate Editor, InformationWeek
These regions are driving cybersecurity innovation across the US with an abundance of tech talent, educational institutions, accelerators, incubators, and startup activity.
By Kelly Sheridan Associate Editor, InformationWeek, 10/18/2016
Comment1 Comment  |  Read  |  Post a Comment
Encryption: A Backdoor For One Is A Backdoor For All
Joe Levy, Chief Technology Officer, SophosCommentary
We need legislation that allows law enforcement to find criminals and terrorists without eroding our security and privacy.
By Joe Levy Chief Technology Officer, Sophos, 10/14/2016
Comment0 comments  |  Read  |  Post a Comment
Data Science & Security: Overcoming The Communication Challenge
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
Data scientists face a tricky task -- taking raw data and making it meaningful for both security and business teams. Here's how to bridge the gap.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 10/7/2016
Comment0 comments  |  Read  |  Post a Comment
Partners In The Battle Against Cyberthreats
Dark Reading Staff, CommentaryVideo
George Karidis of CompuCom and Rodel Alejo from Intel stop by the Dark Reading News Desk.
By Dark Reading Staff , 10/6/2016
Comment0 comments  |  Read  |  Post a Comment
Incident Response A Challenge For 98% Of InfoSec Pros
Sara Peters, Senior Editor at Dark ReadingNews
Too many alerts and too little staff leave security pros swimming in threat intel and begging for automation.
By Sara Peters Senior Editor at Dark Reading, 10/6/2016
Comment0 comments  |  Read  |  Post a Comment
20 Questions To Explore With Security-as-a-Service Providers
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
This list will help you leverage the niche expertise of security-as-a-service providers, and assess which vendor can best meet your needs
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 10/5/2016
Comment0 comments  |  Read  |  Post a Comment
D-FENSE! Using Research To Craft Effective Cyber Defenses
Dark Reading Staff, CommentaryVideo
A pair of experts from Imperva stops by the Dark Reading News Desk to chat.
By Dark Reading Staff , 9/23/2016
Comment3 comments  |  Read  |  Post a Comment
A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
This slightly modified model is a practical way to keep attackers out of your systems.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
20 Questions Security Leaders Need To Ask About Analytics
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
The game of 20 questions is a great way to separate vendors that meets your needs from those who will likely disappoint.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 9/15/2016
Comment1 Comment  |  Read  |  Post a Comment
Students Say They'd Only Pay Ransomware Operators About $50
Dark Reading Staff, Quick Hits
Webroot survey finds that students will pay more to recover their private photos than to recover their schoolwork.
By Dark Reading Staff , 9/15/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by jonesj26
Current Conversations Thanks, RickL273!
In reply to: Re: Spot On
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Secure Application Development - New Best Practices
Secure Application Development - New Best Practices
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.