Analytics // Security Monitoring
News & Commentary
Encryption: A Backdoor For One Is A Backdoor For All
Joe Levy, Chief Technology Officer, SophosCommentaryy
We need legislation that allows law enforcement to find criminals and terrorists without eroding our security and privacy.
By Joe Levy Chief Technology Officer, Sophos, 10/14/2016
Comment0 comments  |  Read  |  Post a Comment
Incident Response A Challenge For 98% Of InfoSec Pros
Sara Peters, Senior Editor at Dark ReadingNews
Too many alerts and too little staff leave security pros swimming in threat intel and begging for automation.
By Sara Peters Senior Editor at Dark Reading, 10/6/2016
Comment0 comments  |  Read  |  Post a Comment
20 Questions To Explore With Security-as-a-Service Providers
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentaryy
This list will help you leverage the niche expertise of security-as-a-service providers, and assess which vendor can best meet your needs
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 10/5/2016
Comment0 comments  |  Read  |  Post a Comment
A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentaryy
This slightly modified model is a practical way to keep attackers out of your systems.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
Yes, The Cloud Can Be A Security Win
Stan Black, CSO, CitrixCommentaryy
With the right controls in place, the cloud doesnt have to be a scary place. These guidelines can help your company stay safe.
By Stan Black CSO, Citrix, 9/15/2016
Comment1 Comment  |  Read  |  Post a Comment
Look The Other Way: DDoS Attacks As Diversions
Dark Reading Staff, CommentaryyVideo
Black Hat News Desk talks to Joe Loveless of Neustar.
By Dark Reading Staff , 9/7/2016
Comment0 comments  |  Read  |  Post a Comment
Introducing Deep Learning: Boosting Cybersecurity With An Artificial Brain
Guy Caspi, Deep Instinct Co-Founder & CEOCommentaryy
With nearly the same speed and precision that the human eye can identify a water bottle, the technology of deep learning is enabling the detection of malicious activity at the point of entry in real-time.
By Guy Caspi Deep Instinct Co-Founder & CEO, 9/6/2016
Comment0 comments  |  Read  |  Post a Comment
The New Security Mindset: Embrace Analytics To Mitigate Risk
Todd Thibodeaux, President & CEO, CompTIACommentaryy
Sure, conducting a penetration test can find a weakness. But to truly identify key areas of risk, organizations must start to think more creatively, just like todays hackers.
By Todd Thibodeaux President & CEO, CompTIA, 9/5/2016
Comment0 comments  |  Read  |  Post a Comment
How To Talk About Security With Every C-Suite Member
Andrew Storms, VP Security Services, New ContextCommentaryy
Reframe your approach with context in order to get your message across.
By Andrew Storms VP Security Services, New Context, 9/1/2016
Comment0 comments  |  Read  |  Post a Comment
Malware Markets: Exposing The Hype & Filtering The Noise
Jim Walter, Senior SPEAR Researcher, CylanceCommentaryy
Theres a lot of useful infosec information out there, but cutting through clutter is harder than it should be.
By Jim Walter Senior SPEAR Researcher, Cylance, 8/30/2016
Comment1 Comment  |  Read  |  Post a Comment
The Secret Behind the NSA Breach: Network Infrastructure Is the Next Target
Yoni Allon, Research Team Leader, LightCyberCommentaryy
How the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches.
By Yoni Allon Research Team Leader, LightCyber, 8/25/2016
Comment1 Comment  |  Read  |  Post a Comment
Anatomy Of A Social Media Attack
Mike Raggo, Chief Research Scientist, ZeroFOX (CISSP, NSA-IAM, ACE, CSI)Commentaryy
Finding and addressing Twitter and Facebook threats requires a thorough understanding of how theyre accomplished.
By Mike Raggo Chief Research Scientist, ZeroFOX (CISSP, NSA-IAM, ACE, CSI), 8/23/2016
Comment5 comments  |  Read  |  Post a Comment
5 Strategies For Enhancing Targeted Security Monitoring
Jason Sachowski, Director, Security Forensics & Civil Investigations, Scotiabank GroupCommentaryy
These examples will help you improve early incident detection results.
By Jason Sachowski Director, Security Forensics & Civil Investigations, Scotiabank Group, 8/18/2016
Comment0 comments  |  Read  |  Post a Comment
Google To Roll Out New Security Alerts On Gmail
Dark Reading Staff, Quick Hits
Gmail users to get alerts for suspicious email senders as well as sketchy links in messages.
By Dark Reading Staff , 8/11/2016
Comment0 comments  |  Read  |  Post a Comment
Theory Vs Practice: Getting The Most Out Of Infosec
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentaryy
Why being practical and operationally minded is the only way to build a successful security program.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 8/10/2016
Comment0 comments  |  Read  |  Post a Comment
Building A Detection Strategy With The Right Metrics
Giora Engel, VP Product & Strategy, LightCyberCommentaryy
The tools used in detecting intrusions can lead to an overwhelming number of alerts, but theyre a vital part of security.
By Giora Engel VP Product & Strategy, LightCyber, 8/9/2016
Comment0 comments  |  Read  |  Post a Comment
Context-Rich And Context-Aware Cybersecurity
Ned Miller, Intel Security, Chief Technology Strategist for Public Sector
An adaptive threat-prevention model is quickly replacing traditional, unintegrated architectures as security teams work to achieve a sustainable advantage against complex threats.
By Ned Miller Intel Security, Chief Technology Strategist for Public Sector, 7/14/2016
Comment1 Comment  |  Read  |  Post a Comment
SWIFT Boosts Defense Against Cyberattacks
Dark Reading Staff, Quick Hits
Cyber security firms hired, intelligence team set up to ward off future attacks on banks through SWIFT.
By Dark Reading Staff , 7/12/2016
Comment0 comments  |  Read  |  Post a Comment
5 Ways To Think Like A Hacker
Steve Zurier, Freelance Writer
Security expert says CISOs need to use simulations more effectively so they can understand how hackers work and beat them at their own game.
By Steve Zurier Freelance Writer, 6/24/2016
Comment0 comments  |  Read  |  Post a Comment
10 Tips for Securing Your SAP Implementation
Sean Martin, CISSP | President, imsmartin
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
By Sean Martin CISSP | President, imsmartin, 4/23/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by NikWhitfield
Current Conversations Nice article.
In reply to: Harnessing the Dark Web
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.