Analytics // Security Monitoring
News & Commentary
Finding The ROI Of Threat Intelligence: 5 Steps
Ryan Trost, CIO & Co-founder, ThreatQuotientCommentary
Advice from a former SOC manager on how to leverage threat intel without increasing the bottom line.
By Ryan Trost CIO & Co-founder, ThreatQuotient, 7/22/2015
Comment1 Comment  |  Read  |  Post a Comment
How I Learned To Love Active Defense
John Strand, SANS Senior Instructor & Owner, Black Hills Information SecurityCommentary
Yes, traditional cyber defenses can be effective. They just need to be a little more active.
By John Strand SANS Senior Instructor & Owner, Black Hills Information Security, 7/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
Tim Wilson, Editor in Chief, Dark ReadingNews
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
By Tim Wilson Editor in Chief, Dark Reading, 7/15/2015
Comment0 comments  |  Read  |  Post a Comment
Creating Your Own Threat Intel Through ‘Hunting’ & Visualization
Raffael Marty, Founder & CEO, pixlcloudCommentary
How security analysts armed with a visual interface can use data science to find hidden attacks and the ‘unknown unknowns.’
By Raffael Marty Founder & CEO, pixlcloud, 7/9/2015
Comment0 comments  |  Read  |  Post a Comment
User Monitoring Not Keeping Up With Risk Managers' Needs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
The Dark Web: An Untapped Source For Threat Intelligence
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Here’s how.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 6/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Report: NSA Secretly Expanded Warrantless Internet Surveillance To Find Hackers
Dark Reading Staff, Quick Hits
New York Times: Intelligence agency went looking not for criminal hackers on foreign and American soil.
By Dark Reading Staff , 6/4/2015
Comment0 comments  |  Read  |  Post a Comment
What Does China-Russia 'No Hack' Pact Mean For US?
Sara Peters, Senior Editor at Dark ReadingNews
It could be an Internet governance issue or a response to the U.S. DoD's new cyber strategy, but one thing is certain: it doesn't really mean China and Russia aren't spying on one another anymore.
By Sara Peters Senior Editor at Dark Reading, 5/11/2015
Comment2 comments  |  Read  |  Post a Comment
Big Data & The Security Skills Shortage
Peter Schlampp, VP of Products, PlatforaCommentary
Finding a security analyst with the data discovery experience to combat modern threats is like searching for the mythical unicorn. The person does not exist
By Peter Schlampp VP of Products, Platfora, 4/29/2015
Comment4 comments  |  Read  |  Post a Comment
Note To Vendors: CISOs Don’t Want Your Analytical Tools
Rick Gordon, Managing Partner, Mach37 Cyber AcceleratorCommentary
What they need are solutions that deliver prioritized recommendations and confidence in the analytical rigor behind those recommendations to take meaningful action.
By Rick Gordon Managing Partner, Mach37 Cyber Accelerator, 4/28/2015
Comment6 comments  |  Read  |  Post a Comment
Solving the Right Problem: Stop Adversaries, Not Just Their Tools
Dmitri Alperovitch, Co-Founder & CTO, CrowdStrikeCommentary
A malware-centric strategy is mere child’s play against today’s sophisticated adversaries. Here’s why.
By Dmitri Alperovitch Co-Founder & CTO, CrowdStrike, 4/9/2015
Comment0 comments  |  Read  |  Post a Comment
Obama’s War On Hackers
Jeremiah Grossman, Commentary
Cybersecurity legislation, for the most part, is a good idea. But not without protections for bug bounty programs and other vital, proactive security research.
By Jeremiah Grossman , 4/6/2015
Comment2 comments  |  Read  |  Post a Comment
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Here’s proof.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 3/31/2015
Comment5 comments  |  Read  |  Post a Comment
Cyber Hunting: 5 Tips To Bag Your Prey
David J. Bianco, Security Architect, SqrrlCommentary
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
By David J. Bianco Security Architect, Sqrrl, 3/26/2015
Comment9 comments  |  Read  |  Post a Comment
Context: Finding The Story Inside Your Security Operations Program
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
What’s missing in today’s chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 3/23/2015
Comment6 comments  |  Read  |  Post a Comment
Dark Reading Threat Intelligence Survey
InformationWeek Staff,
Threat intelligence is the best way to stay ahead of new and complex attacks, say survey respondents. How analytics influences their IT security strategies varies.
By InformationWeek Staff , 3/20/2015
Comment0 comments  |  Read  |  Post a Comment
10 Ways To Measure IT Security Program Effectiveness
Ericka Chickowski, Contributing Writer, Dark Reading
The right metrics can make or break a security program (or a budget meeting).
By Ericka Chickowski Contributing Writer, Dark Reading, 3/16/2015
Comment1 Comment  |  Read  |  Post a Comment
7 Deadly Sins Of Security Policy Change Management
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
Mitigating these deadly sins requires process, visibility and automation. It’s an effort that will improve security and increase business agility.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 3/16/2015
Comment1 Comment  |  Read  |  Post a Comment
Has Security Ops Outlived Its Purpose?
Tal Klein, VP Strategy, Lakeside Software.Commentary
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
By Tal Klein VP Strategy, Lakeside Software., 3/13/2015
Comment15 comments  |  Read  |  Post a Comment
Deconstructing Threat Models: 3 Tips
Peleus Uhley, Lead Security Strategist, AdobeCommentary
There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when.
By Peleus Uhley Lead Security Strategist, Adobe, 3/12/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2001-1594
Published: 2015-08-04
GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, an...

CVE-2002-2445
Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdwon user, which has unspecified impact and attack vectors.

CVE-2002-2446
Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.

CVE-2003-1603
Published: 2015-08-04
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.

CVE-2004-2777
Published: 2015-08-04
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002...

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!