Network Computing Dark Reading

Advertise

Analytics //

Security Monitoring

News & Commentary

How Well Is Your Organization Investing Its Cybersecurity Dollars?

Commentary

The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.

By Jack Jones Chairman, FAIR Institute, 12/11/2018

1 Comment | Read | Post a Comment

Latest Comment: tcorbeill, Security Instrumentation provides empirical evidence regarding security...

Cyber Crooks Diversify Business with Multi-Intent Malware

Commentary

The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.

By Avi Chesla CEO and Founder, empow, 11/15/2018

1 Comment | Read | Post a Comment

Latest Comment: arogyalokeshv, Firstly i want to say congrats on the article. Lot of information was provided...

Energy Sector's IT Networks in the Bulls-Eye

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Attackers are actively infiltrating energy organizations and utilities for reconnaissance purposes.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/5/2018

0 comments | Read | Post a Comment

7 Non-Computer Hacks That Should Never Happen

From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.

By Steve Zurier Freelance Writer, 11/5/2018

3 comments | Read | Post a Comment

Latest Comment: Big Ralfie, Worse yet, when I try to print the article, no matter which page I try to print,...

Security Researchers Struggle with Bot Management Programs

Kaan Onarlioglu, Senior Security Researcher, Akamai

Commentary

Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.

By Kaan Onarlioglu Senior Security Researcher, Akamai, 10/10/2018

0 comments | Read | Post a Comment

Turn the NIST Cybersecurity Framework into Reality: 5 Steps

Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems

Commentary

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018

6 comments | Read | Post a Comment

Latest Comment: ElizaPt, Your way of telling the whole thing in this post is genuinely fastidious, all...

The Top 5 Security Threats & Mitigations for Industrial Networks

Commentary

While vastly different than their IT counterparts, operational technology environments share common risks and best practices.

By Barak Perelman CEO, Indegy, 9/18/2018

0 comments | Read | Post a Comment

The Economics of AI-Enabled Security

Commentary Video

While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Filtering the Threat Intelligence Tsunami

Commentary Video

Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Ensuring Web Applications Are Hardened, Secure

Commentary Video

Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Improving the Adoption of Security Automation

Dan Koloski, Vice President, Oracle's Systems Management and Security products group

Commentary

Four barriers to automation and how to overcome them.

By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018

1 Comment | Read | Post a Comment

Latest Comment: nathanluise92, You mention only 4 barriers, but what if it is more than 4? Also it depends...

Panorays Debuts With $5 Million Investment

Quick Hits

Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.

By Dark Reading Staff , 6/5/2018

1 Comment | Read | Post a Comment

Latest Comment: [email protected], Graet team, smart solution that provides a smart, non-intrussive risk-scoring...

I, for One, Welcome Our Robotic Security Overlords

Commentary

Automation will come in more subtle ways than C-3PO — and it's transforming cybersecurity.

By Danelle Au VP Strategy, SafeBreach, 6/5/2018

1 Comment | Read | Post a Comment

Latest Comment: Babette, Good post.Thank you for sharing it.It is informative and very useful too

Building a Safe, Efficient, Cost-Effective Security Infrastructure

Ken Mills, General Manager of IoT, Surveillance and Security, Dell EMC

Commentary

The Industrial Internet of Things allows organizations to address both physical and digital security concerns.

By Ken Mills General Manager of IoT, Surveillance and Security, Dell EMC, 6/4/2018

3 comments | Read | Post a Comment

Latest Comment: OtherKen, Paul Thank you taking time to read my article. You are right that IoT is all...

FireEye Offers Free Tool to Detect Malicious Remote Logins

News

Open source GeoLogonalyzer helps to weed out hackers exploiting stolen credentials to log into their targets.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/30/2018

0 comments | Read | Post a Comment

Machine Learning, Artificial Intelligence & the Future of Cybersecurity

Commentary

The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.

By Craig Hinkley CEO, WhiteHat Security, 5/30/2018

1 Comment | Read | Post a Comment

Latest Comment: artificial intelligence, - Very useful blog with clear standardisation and great quality.

6 Steps for Applying Data Science to Security

Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.

By Steve Zurier Freelance Writer, 5/23/2018

1 Comment | Read | Post a Comment

Latest Comment: Sandeep647, thank you for sharing the article on how to apply data science to security...

New Survey Shows Hybrid Cloud Confidence

Quick Hits

Executives are mostly confident in their hybrid cloud security, according to the results of a new survey.

By Dark Reading Staff , 4/23/2018

0 comments | Read | Post a Comment

How Measuring Security for Risk & ROI Can Empower CISOs

Vikram Phatak, Chief Executive Officer of NSS Labs

Commentary

For the vast majority of business decisions, organizations seek metrics-driven proof. Why is cybersecurity the exception?

By Vikram Phatak Chief Executive Officer of NSS Labs, 3/28/2018

1 Comment | Read | Post a Comment

Latest Comment: AnnaEverson, Thanks a lot for such incredible article) I think it is really usefull...

The Containerization of Artificial Intelligence

Hamid Karimi, VP of Business Development at Beyond Security

Commentary

AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.

By Hamid Karimi VP of Business Development at Beyond Security, 3/16/2018

1 Comment | Read | Post a Comment

Latest Comment: AnnaEverson, You need more example - nothing to analyse(

More Stories

Current Conversations

Posted by tcorbeill

Security Instrumentation provides empirical evidence regarding security investments that enables executives to define metrics to capture the ROI of their security investments with quantifiable, evidence-based data.

In reply to: Security Instrumentation
Post Your Own Reply

Posted by Big Ralfie

Worse yet, when I try to print the article, no matter which page I try to print, all I get is page one. Why are your web designers so lazy?

In reply to: Piss-Poor Printouts
Post Your Own Reply

Posted by wperry31

When we go through the selection process to view a report - it would be helpful if we could print out the ENTIIRE article rather than one page at a time. That's a pain. Thanks, Bill

In reply to: How about giving us the opportunity to print out the entire article/
Post Your Own Reply

Posted by markgrogan

When several industry giants all come forward to make use of a platform that they deem as appropriate, we all know for sure that there is no doubting it. This is just what they need to emerge together as one united service...

In reply to: When several industry
Post Your Own Reply

Posted by arogyalokeshv

Firstly i want to say congrats on the article. Lot of information was provided in the article the use of artificial intellegience is more now a days & improving more chances for getting hacked. The over all analysis of the...

In reply to: Regarding Defense Mechanism
Post Your Own Reply

Posted by jswalsh2000

The information I've read about the Target breach was a Target provided vendor web portal was breached. The HVAC service provider's staff had been victims of a phishing attack which allowed for the credentials to...

In reply to: Target breach via HVAC devices?
Post Your Own Reply

Posted by ElizaPt

Your way of telling the whole thing in this post is genuinely fastidious, all be capable of simply understand it, Thanks a lot.

In reply to: Thanks!
Post Your Own Reply

Posted by Sportialize

Hehe, nice find !

In reply to: Re: proof reading is for losers right?
Post Your Own Reply

Posted by Marilyn Cohodas

Yep. copy & paste error left out Step 4! Details in the commentary. But here's a brief recap: Step 1: Set your target goals Step 2: Create a detailed profile Step 3: Assess your current position Step 4: Gap analysis...

In reply to: There really are 5 steps!
Post Your Own Reply

Posted by Marilyn Cohodas

Good catch! All fixed. Thanks for being such a great proofreader. --the editors

In reply to: Re: proof reading is for losers right?
Post Your Own Reply

Posted by Marilyn Cohodas

Good catch! It's four steps. Editor error! :-) Fortunately we have very astute readers. Thanks!

In reply to: Re: proof reading is for losers right?
Post Your Own Reply

Posted by errwhat

Step 1, Step 2, Step 2 again, Step 4 and no step 5? I think you might need to proof read this again ^^

In reply to: proof reading is for losers right?
Post Your Own Reply

More Conversations

Products & Releases

Eurofins Digital Testing Launches Cyber Security Division

Arctic Wolf Lands $45 Million in New Funding to Accelerate Company Growth

Endace Launches Petabyte Network Recording Appliance

Belden and Claroty Announce Strategic Partnership

Industrial Cybersecurity Leader Nozomi Networks Raises $30 Million

Corelight Secures $25 Million in Series B Funding Led by General Catalyst

Semmle Launches Globally with $21 Million Series B Investment Led by Accel Partners

A10 Adds Real-Time Security Analytics to A10 Harmony Controller

More Products & Releases

Hot Topics

Editors' Choice

Higher Education: 15 Books to Help Cybersecurity Pros Be Better

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

'PowerSnitch' Hacks Androids via Power Banks

Kelly Jackson Higgins, Executive Editor at Dark Reading, 12/8/2018

Worst Password Blunders of 2018 Hit Organizations East and West

Curtis Franklin Jr., Senior Editor at Dark Reading, 12/12/2018

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

Communications & Collaboration 2022 at EC19 Orlando March 18-21

White Papers

Reducing the Human Attack Surface with Phishing Simulations

The Year in Security 2018

Frost & Sullivan Report: SOC-as-a-Service Versus DIY SOC

Cybersecurity Checklist for SaaS Applications

Mitigating False-Positives to Improve Software Publishing

More White Papers

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......

Cartoon Archive

Current Issue

10 Best Practices That Could Reshape Your IT Security Department

This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Using IT Threat Intelligence

Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.

Download Now!

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-1848
PUBLISHED: 2018-12-14

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ...

CVE-2018-1977
PUBLISHED: 2018-12-14

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.

CVE-2018-18006
PUBLISHED: 2018-12-14

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.

CVE-2018-18984
PUBLISHED: 2018-12-14

Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.

CVE-2018-19003
PUBLISHED: 2018-12-14

GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails...

Terms of Service
Privacy Statement
Legal Entities