Network Computing Dark Reading

Advertise

Analytics //

Security Monitoring

News & Commentary

Dragos Buys ICS Firm with US Dept. of Energy Roots

Quick Hits

NexDefense ICS security tool will be offered for free by Dragos.

By Dark Reading Staff , 3/18/2019

0 comments | Read | Post a Comment

4 Reasons to Take an 'Inside Out' View of Security

Earl D. Matthews, Senior Vice President and Chief Strategy Officer at Verodin

Commentary

When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.

By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019

0 comments | Read | Post a Comment

Startup Armor Scientific Launches Multifactor Identity System

Robert Lemos, Technology Journalist/Data Researcher

News

Company aims to replace usernames and passwords by combining GPS location, biometrics, and keys issued through a blockchain-based network.

By Robert Lemos Technology Journalist/Data Researcher, 3/4/2019

0 comments | Read | Post a Comment

Here's What Happened When a SOC Embraced Automation

Heather Hixon, Senior Solutions Architect, DFLabs

Commentary

Despite initial apprehension, security engineers and analysts immediately began to notice a variety of benefits.

By Heather Hixon Senior Solutions Architect, DFLabs, 3/4/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, A number of them were on the unemployment line.

Human Negligence to Blame for the Majority of Insider Threats

News

In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web – a 20% jump from 2018.

By Steve Zurier Freelance Writer, 2/21/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, This should come as a surprise to nobody. 'Gee, that email looked real...

The Evolution of SIEM

Chetan Mundhada, Vice President of Sales at NETMONASTERY

Commentary

Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.

By Chetan Mundhada Vice President of Sales at NETMONASTERY, 1/23/2019

0 comments | Read | Post a Comment

How Well Is Your Organization Investing Its Cybersecurity Dollars?

Commentary

The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.

By Jack Jones Chairman, FAIR Institute, 12/11/2018

3 comments | Read | Post a Comment

Latest Comment: StephenGiderson, I think you will only know if you've invested your cyber security money properly...

Cyber Crooks Diversify Business with Multi-Intent Malware

Commentary

The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.

By Avi Chesla CEO and Founder, empow, 11/15/2018

2 comments | Read | Post a Comment

Latest Comment: sharmapriya, I really like your work...

Energy Sector's IT Networks in the Bulls-Eye

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Attackers are actively infiltrating energy organizations and utilities for reconnaissance purposes.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/5/2018

0 comments | Read | Post a Comment

7 Non-Computer Hacks That Should Never Happen

From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.

By Steve Zurier Freelance Writer, 11/5/2018

3 comments | Read | Post a Comment

Latest Comment: Big Ralfie, Worse yet, when I try to print the article, no matter which page I try to print,...

Security Researchers Struggle with Bot Management Programs

Kaan Onarlioglu, Senior Security Researcher, Akamai

Commentary

Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.

By Kaan Onarlioglu Senior Security Researcher, Akamai, 10/10/2018

0 comments | Read | Post a Comment

Turn the NIST Cybersecurity Framework into Reality: 5 Steps

Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems

Commentary

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018

6 comments | Read | Post a Comment

Latest Comment: ElizaPt, Your way of telling the whole thing in this post is genuinely fastidious, all...

The Top 5 Security Threats & Mitigations for Industrial Networks

Commentary

While vastly different than their IT counterparts, operational technology environments share common risks and best practices.

By Barak Perelman CEO, Indegy, 9/18/2018

0 comments | Read | Post a Comment

The Economics of AI-Enabled Security

Commentary Video

While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Filtering the Threat Intelligence Tsunami

Commentary Video

Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Ensuring Web Applications Are Hardened, Secure

Commentary Video

Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Improving the Adoption of Security Automation

Dan Koloski, Vice President, Oracle's Systems Management and Security products group

Commentary

Four barriers to automation and how to overcome them.

By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018

1 Comment | Read | Post a Comment

Latest Comment: nathanluise92, You mention only 4 barriers, but what if it is more than 4? Also it depends...

Panorays Debuts With $5 Million Investment

Quick Hits

Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.

By Dark Reading Staff , 6/5/2018

1 Comment | Read | Post a Comment

Latest Comment: [email protected], Graet team, smart solution that provides a smart, non-intrussive risk-scoring...

I, for One, Welcome Our Robotic Security Overlords

Commentary

Automation will come in more subtle ways than C-3PO — and it's transforming cybersecurity.

By Danelle Au VP Strategy, SafeBreach, 6/5/2018

1 Comment | Read | Post a Comment

Latest Comment: Babette, Good post.Thank you for sharing it.It is informative and very useful too

Building a Safe, Efficient, Cost-Effective Security Infrastructure

Ken Mills, General Manager of IoT, Surveillance and Security, Dell EMC

Commentary

The Industrial Internet of Things allows organizations to address both physical and digital security concerns.

By Ken Mills General Manager of IoT, Surveillance and Security, Dell EMC, 6/4/2018

3 comments | Read | Post a Comment

Latest Comment: OtherKen, Paul Thank you taking time to read my article. You are right that IoT is all...

More Stories

Current Conversations

Posted by Luna Tsee

The analogy may not be perfect but it does make a valid point. Largely the issue of security is not one of blame, though there is some. The point is simply the people responsible for security are patching holes in a bad...

In reply to: Who is at fault?
Post Your Own Reply

Posted by REISEN1955

A number of them were on the unemployment line.

In reply to: And in 2 weeks
Post Your Own Reply

Posted by Luna Tsee

In reply to: Who is at fault?
Post Your Own Reply

Posted by REISEN1955

This should come as a surprise to nobody. 'Gee, that email looked real enough?" And that invoice looked nice. Maybe I did get a refund. Users are always the weak link. The weight of infections...

In reply to: No shit Sherlock?
Post Your Own Reply

Posted by aborsi

thansk your posting obat klg

In reply to: Re: Data science
Post Your Own Reply

Posted by sharmapriya

I really like your work...

In reply to: Very Nice
Post Your Own Reply

Posted by StephenGiderson

I think you will only know if you've invested your cyber security money properly when you don't have any incidents to speak of. If all of your data units are safe in storage in your facility and you don't see hackers trying...

In reply to: Proof of your money's worth
Post Your Own Reply

Posted by EdwardThirlwall

It would be a scary thought to know that your organisation is actually not investing enough in cybersecurity dollars. With the recent increase in data breaches, organisations ought to step up their game in order to prevent...

In reply to: More cybersecurity dollars
Post Your Own Reply

Posted by tcorbeill

Security Instrumentation provides empirical evidence regarding security investments that enables executives to define metrics to capture the ROI of their security investments with quantifiable, evidence-based data.

In reply to: Security Instrumentation
Post Your Own Reply

Posted by Big Ralfie

Worse yet, when I try to print the article, no matter which page I try to print, all I get is page one. Why are your web designers so lazy?

In reply to: Piss-Poor Printouts
Post Your Own Reply

Posted by wperry31

When we go through the selection process to view a report - it would be helpful if we could print out the ENTIIRE article rather than one page at a time. That's a pain. Thanks, Bill

In reply to: How about giving us the opportunity to print out the entire article/
Post Your Own Reply

Posted by markgrogan

When several industry giants all come forward to make use of a platform that they deem as appropriate, we all know for sure that there is no doubting it. This is just what they need to emerge together as one united service...

In reply to: When several industry
Post Your Own Reply

More Conversations

Products & Releases

Eurofins Digital Testing Launches Cyber Security Division

Arctic Wolf Lands $45 Million in New Funding to Accelerate Company Growth

Endace Launches Petabyte Network Recording Appliance

Belden and Claroty Announce Strategic Partnership

Industrial Cybersecurity Leader Nozomi Networks Raises $30 Million

Corelight Secures $25 Million in Series B Funding Led by General Catalyst

Semmle Launches Globally with $21 Million Series B Investment Led by Accel Partners

A10 Adds Real-Time Security Analytics to A10 Harmony Controller

More Products & Releases

Hot Topics

Editors' Choice

Crowdsourced vs. Traditional Pen Testing

Alex Haynes, Chief Information Security Officer, CDL, 3/19/2019

Facebook Employees for Years Could See Millions of User Passwords in Plain Text

Dark Reading Staff 3/21/2019

BEC Scammer Pleads Guilty

Dark Reading Staff 3/20/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

White Papers

Dark Reading Report Roundup

[Hadoop] 3 Trends That Affect Business

2019 Ponemon Report: The Value of Threat Intelligence

[CISO Primer] How to Prioritize Cybersecurity Risks

3 Things You Need to Know About Prioritizing Vulnerabilities

More White Papers

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Well, at least it isn't Mobby Dick!

Cartoon Archive

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of Cyber Security Incident Response

Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2016-10743
PUBLISHED: 2019-03-23

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

CVE-2019-9947
PUBLISHED: 2019-03-23

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) follo...

CVE-2019-9948
PUBLISHED: 2019-03-23

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

CVE-2019-9945
PUBLISHED: 2019-03-23

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user...

CVE-2019-9942
PUBLISHED: 2019-03-23

A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.

Terms of Service
Privacy Statement
Legal Entities