Analytics // Security Monitoring
News & Commentary
FireEye CEO Shares State of IT Threat Landscape
InformationWeek Staff, CommentaryVideo
FireEye CEO Kevin Mandia talks about the state of the IT threat landscape and where enterprises should focus their attention when it comes to cybersecurity.
By InformationWeek Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
How to Succeed at Incident Response Metrics
Tom Webb, Incident Handler, SANS Internet Storm CenterCommentary
Establishing a baseline of what information you need is an essential first step.
By Tom Webb Incident Handler, SANS Internet Storm Center, 6/2/2017
Comment1 Comment  |  Read  |  Post a Comment
How to Integrate Threat Intel & DevOps
Andrew Storms, VP Security Services, New ContextCommentary
Automating intelligence can help your organization in myriad ways.
By Andrew Storms VP Security Services, New Context, 5/4/2017
Comment1 Comment  |  Read  |  Post a Comment
Forget the Tax Man: Time for a DNS Security Audit
Ericka Chickowski, Contributing Writer, Dark Reading
Here's a 5-step DNS security review process that's not too scary and will help ensure your site availability and improve user experience.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/11/2017
Comment0 comments  |  Read  |  Post a Comment
As Cloud Use Expands, So Do Security Blind Spots, Studies Show
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Three-quarters of IaaS and SaaS apps arent monitored.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/4/2017
Comment2 comments  |  Read  |  Post a Comment
Data Visualization: Keeping an Eye on Security
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 3/27/2017
Comment2 comments  |  Read  |  Post a Comment
Prioritizing Threats: Why Most Companies Get It Wrong
Michael A. Davis, CTO of CounterTackCommentary
To stay safer, focus on multiple-threat attack chains rather than on individual threats.
By Michael A. Davis CTO of CounterTack, 3/24/2017
Comment6 comments  |  Read  |  Post a Comment
Getting Beyond the Buzz & Hype of Threat Hunting
Kyle Wilhoit, Senior Security Researcher, DomainToolsCommentary
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it wont happen overnight.
By Kyle Wilhoit Senior Security Researcher, DomainTools, 3/20/2017
Comment0 comments  |  Read  |  Post a Comment
Trust, Cloud & the Quest for a Glass Wall around Security
Stan Black, CSO, CitrixCommentary
In the next year, were going to see a leap towards strategic, business-level objectives that can be resolved by simplifying infrastructure and granting greater visibility in real time.
By Stan Black CSO, Citrix, 3/8/2017
Comment0 comments  |  Read  |  Post a Comment
20 Cybersecurity Startups To Watch In 2017
Ericka Chickowski, Contributing Writer, Dark Reading
VC money flowed plentifully into the security market last year, fueling a new crop of innovative companies.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/24/2017
Comment3 comments  |  Read  |  Post a Comment
IBM Brings Watson Cognitive Computing To The SOC
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Technology known for a Jeopardy stunt six years ago is now powering question answering within IBM Security's QRadar system.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/13/2017
Comment1 Comment  |  Read  |  Post a Comment
Why Youre Doing Cybersecurity Risk Measurement Wrong
Daniel Gordon, Cyber Intel Analyst, Lockheed Martin Computer Incident Response TeamCommentary
Measuring risk isnt as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five.
By Daniel Gordon Cyber Intel Analyst, Lockheed Martin Computer Incident Response Team, 1/30/2017
Comment0 comments  |  Read  |  Post a Comment
Cloud Security & IoT: A Look At What Lies Ahead
Bill Kleyman, Chief Technology Officer, MTM TechnologiesCommentary
In the brave new world of cloud, security teams must be as agile as possible. This means leveraging proactive monitoring tools, locking down access points, and forecasting requirements
By Bill Kleyman Chief Technology Officer, MTM Technologies, 1/18/2017
Comment0 comments  |  Read  |  Post a Comment
7 Ways To Fine-Tune Your Threat Intelligence Model
Terry Sweeney, Contributing Editor
The nature of security threats is too dynamic for set-and-forget. Here are some ways to shake off that complacency.
By Terry Sweeney Contributing Editor, 1/5/2017
Comment3 comments  |  Read  |  Post a Comment
Chinas Cybersecurity Law Seeks Scrutiny Of Technology
Dark Reading Staff, Quick Hits
Countrys top internet regulator releases framework for stricter cyberspace laws, including review of local and foreign technology.
By Dark Reading Staff , 12/28/2016
Comment0 comments  |  Read  |  Post a Comment
5 Things Security Pros Need To Know About Machine Learning
Rutrell Yasin, Business Technology Writer, Tech Writers Bureau
Experts share best practices for data integrity, pattern recognition and computing power to help enterprises get the most out of machine learning-based technology for cybersecurity.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 12/12/2016
Comment2 comments  |  Read  |  Post a Comment
Encryption: A Backdoor For One Is A Backdoor For All
Joe Levy, Chief Technology Officer, SophosCommentary
We need legislation that allows law enforcement to find criminals and terrorists without eroding our security and privacy.
By Joe Levy Chief Technology Officer, Sophos, 10/14/2016
Comment0 comments  |  Read  |  Post a Comment
Incident Response A Challenge For 98% Of InfoSec Pros
Sara Peters, Senior Editor at Dark ReadingNews
Too many alerts and too little staff leave security pros swimming in threat intel and begging for automation.
By Sara Peters Senior Editor at Dark Reading, 10/6/2016
Comment0 comments  |  Read  |  Post a Comment
20 Questions To Explore With Security-as-a-Service Providers
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
This list will help you leverage the niche expertise of security-as-a-service providers, and assess which vendor can best meet your needs
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 10/5/2016
Comment0 comments  |  Read  |  Post a Comment
A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
This slightly modified model is a practical way to keep attackers out of your systems.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by joye121
Current Conversations nice good work
In reply to: new york
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.