Analytics // Security Monitoring
News & Commentary
The Secret Behind the NSA Breach: Network Infrastructure Is the Next Target
Yoni Allon, Research Team Leader, LightCyberCommentary
How the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches.
By Yoni Allon Research Team Leader, LightCyber, 8/25/2016
Comment0 comments  |  Read  |  Post a Comment
Anatomy Of A Social Media Attack
Mike Raggo, Chief Research Scientist, ZeroFOX (CISSP, NSA-IAM, ACE, CSI)Commentary
Finding and addressing Twitter and Facebook threats requires a thorough understanding of how theyre accomplished.
By Mike Raggo Chief Research Scientist, ZeroFOX (CISSP, NSA-IAM, ACE, CSI), 8/23/2016
Comment5 comments  |  Read  |  Post a Comment
5 Strategies For Enhancing Targeted Security Monitoring
Jason Sachowski, Director, Security Forensics & Civil Investigations, Scotiabank GroupCommentary
These examples will help you improve early incident detection results.
By Jason Sachowski Director, Security Forensics & Civil Investigations, Scotiabank Group, 8/18/2016
Comment0 comments  |  Read  |  Post a Comment
Google To Roll Out New Security Alerts On Gmail
Dark Reading Staff, Quick Hits
Gmail users to get alerts for suspicious email senders as well as sketchy links in messages.
By Dark Reading Staff , 8/11/2016
Comment0 comments  |  Read  |  Post a Comment
Theory Vs Practice: Getting The Most Out Of Infosec
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Why being practical and operationally minded is the only way to build a successful security program.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 8/10/2016
Comment0 comments  |  Read  |  Post a Comment
Building A Detection Strategy With The Right Metrics
Giora Engel, VP Product & Strategy, LightCyberCommentary
The tools used in detecting intrusions can lead to an overwhelming number of alerts, but theyre a vital part of security.
By Giora Engel VP Product & Strategy, LightCyber, 8/9/2016
Comment0 comments  |  Read  |  Post a Comment
Context-Rich And Context-Aware Cybersecurity
Ned Miller, Intel Security, Chief Technology Strategist for Public Sector
An adaptive threat-prevention model is quickly replacing traditional, unintegrated architectures as security teams work to achieve a sustainable advantage against complex threats.
By Ned Miller Intel Security, Chief Technology Strategist for Public Sector, 7/14/2016
Comment1 Comment  |  Read  |  Post a Comment
SWIFT Boosts Defense Against Cyberattacks
Dark Reading Staff, Quick Hits
Cyber security firms hired, intelligence team set up to ward off future attacks on banks through SWIFT.
By Dark Reading Staff , 7/12/2016
Comment0 comments  |  Read  |  Post a Comment
5 Ways To Think Like A Hacker
Steve Zurier, Freelance Writer
Security expert says CISOs need to use simulations more effectively so they can understand how hackers work and beat them at their own game.
By Steve Zurier Freelance Writer, 6/24/2016
Comment0 comments  |  Read  |  Post a Comment
10 Tips for Securing Your SAP Implementation
Sean Martin, CISSP | President, imsmartin
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
By Sean Martin CISSP | President, imsmartin, 4/23/2016
Comment0 comments  |  Read  |  Post a Comment
Databases Remain Soft Underbelly Of Cybersecurity
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Most enterprises still don't continuously monitor database activity.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
MIT AI Researchers Make Breakthrough On Threat Detection
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New artificial intelligence platform offers 3x detection capabilities with 5x fewer false positives.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/18/2016
Comment2 comments  |  Read  |  Post a Comment
7 Lessons From The Panama Papers Leak
Sara Peters, Senior Editor at Dark ReadingNews
Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.
By Sara Peters Senior Editor at Dark Reading, 4/5/2016
Comment3 comments  |  Read  |  Post a Comment
Machine Learning In Security: Seeing the Nth Dimension in Signatures
Gunter Ollmann,  Chief Security Officer, VectraCommentary
How adding supervised machine learning to the development of n-dimensional signature engines is moving the detection odds back to the defender.
By Gunter Ollmann Chief Security Officer, Vectra, 3/31/2016
Comment3 comments  |  Read  |  Post a Comment
Machine Learning In Security: Good & Bad News About Signatures
Gunter Ollmann,  Chief Security Officer, VectraCommentary
Why security teams that rely solely on signature-based detection are overwhelmed by a high number of alerts.
By Gunter Ollmann Chief Security Officer, Vectra, 3/30/2016
Comment0 comments  |  Read  |  Post a Comment
The Threat Of Security Analytics Complexity
Brian Gillooly, Vice President, Event Content & Strategy, UBM TechCommentaryVideo
Congratulations! You're protecting your organization with layered security...but now you're drowning in more security analytics data flows than you can handle.
By Brian Gillooly Vice President, Event Content & Strategy, UBM Tech, 3/23/2016
Comment8 comments  |  Read  |  Post a Comment
Using Offensive Security Mindset To Create Best Defense
Brian Gillooly, Vice President, Event Content & Strategy, UBM TechCommentaryVideo
Carbon Black's CTO and chief security strategist talk about how their background in offensive security helps them think like attackers, and better defend against them.
By Brian Gillooly Vice President, Event Content & Strategy, UBM Tech, 3/2/2016
Comment0 comments  |  Read  |  Post a Comment
Why Your Security Tools Are Exposing You to Added Risks
Dave Aitel & Alex McGeorge, CEO & Head of Threat Intelligence, Immunity Inc.Commentary
The big lesson from 12 months of security product vulnerabilities: theres no foundation of trust in any piece of software. They all represent a potential new attack vector.
By Dave Aitel & Alex McGeorge CEO & Head of Threat Intelligence, Immunity Inc., 3/2/2016
Comment3 comments  |  Read  |  Post a Comment
Measuring Security: My Dwell Time Obsession
Jeff Schilling, Chief of Operations and Security, ArmorCommentary
How I discovered the critical metric to fuel my drive to create the most secure environment possible.
By Jeff Schilling Chief of Operations and Security, Armor, 2/29/2016
Comment1 Comment  |  Read  |  Post a Comment
Breach Stats: Improving From Abysmal To Just Awful
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Breach response times and volumes decreased significantly last year, but overall numbers still look ugly.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/25/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by honey143
Current Conversations Nice post
In reply to: greetings!!
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.