Threat Intelligence
News & Commentary
Healthcare Suffers Security Awareness Woes
Kelly Sheridan, Associate Editor, InformationWeekNews
Weak security practices are putting patient data at risk, new SecurityScorecard report shows.
By Kelly Sheridan Associate Editor, InformationWeek, 10/27/2016
Comment0 comments  |  Read  |  Post a Comment
Blockchain & The Battle To Secure Digital Identities
Xavier Larduinat, Manager for Innovation, GemaltoCommentaryy
This emerging technology is a promising way to verify transactions without compromising your digital identity.
By Xavier Larduinat Manager for Innovation, Gemalto, 10/25/2016
Comment8 comments  |  Read  |  Post a Comment
New Financial System Analysis & Resilience Center Formed
Dark Reading Staff, Quick Hits
Associated with Financial Services ISAC (FS-ISAC), the new FSARC works more closely with government partners for deeper threat analysis and systemic defense of financial sector.
By Dark Reading Staff , 10/24/2016
Comment0 comments  |  Read  |  Post a Comment
NSA Contractor Over 20 Years Stole More Than 50 Terabytes Of Gov't Data
Jai Vijayan, Freelance writerNews
Harold Martin, now in custody, is a risk to himself and others if freed from custody, a US prosecutor warns in a detailed filing in the case.
By Jai Vijayan Freelance writer, 10/21/2016
Comment0 comments  |  Read  |  Post a Comment
Cyber Training For First Responders To Crime Scene
Dark Reading Staff, Quick Hits
FBI ties up with police association and Carnegie Mellon University to improve working knowledge of cyber investigations.
By Dark Reading Staff , 10/21/2016
Comment0 comments  |  Read  |  Post a Comment
Alleged Hacker Behind 2012 LinkedIn Breach Nabbed In Prague
Jai Vijayan, Freelance writerNews
Czech judge to decide on US extradition request.
By Jai Vijayan Freelance writer, 10/19/2016
Comment0 comments  |  Read  |  Post a Comment
7 Regional Hotbeds For Cybersecurity Innovation
Kelly Sheridan, Associate Editor, InformationWeek
These regions are driving cybersecurity innovation across the US with an abundance of tech talent, educational institutions, accelerators, incubators, and startup activity.
By Kelly Sheridan Associate Editor, InformationWeek, 10/18/2016
Comment1 Comment  |  Read  |  Post a Comment
A Job In Security Leads To Job Security
Paul Curran, Application Security Community Specialist, CheckmarxCommentaryy
Developers who focus on secure development skills find themselves in high demand.
By Paul Curran Application Security Community Specialist, Checkmarx, 10/18/2016
Comment0 comments  |  Read  |  Post a Comment
How To Become A Cybersecurity Entrepreneur In A Crowded Market
Yoav Leitersdorf and Ofer Schreiber , Managing Partner & Partner, YL VenturesCommentaryy
If you want to build the next great cybersecurity startup, use your expertise, then follow these three simple suggestions.
By Yoav Leitersdorf and Ofer Schreiber Managing Partner & Partner, YL Ventures, 10/17/2016
Comment1 Comment  |  Read  |  Post a Comment
Russia, Russia, Russia: What Clinton Or Trump Can Do About Nation-State Hacking Gone Wild
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
US mulls 'proportional' response to Democratic Party hacks in midst of an unprecedented presidential campaign clouded by cybersecurity concerns (among other things).
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/12/2016
Comment4 comments  |  Read  |  Post a Comment
Attackers Exploit Weak IoT Security
Marcia Savage, Managing Editor, Network ComputingNews
Akamai researchers say attackers are using an old OpenSSH vulnerability to target IoT devices and launch attacks.
By Marcia Savage Managing Editor, Network Computing, 10/12/2016
Comment0 comments  |  Read  |  Post a Comment
Executable Files, Old Exploit Kits Top Most Effective Attack Methods
Kelly Sheridan, Associate Editor, InformationWeekNews
Researchers for the new 'Hacker's Playbook' analyzed 4 million breach methods from an attacker's point of view to gauge the real risks today to enterprises.
By Kelly Sheridan Associate Editor, InformationWeek, 10/12/2016
Comment0 comments  |  Read  |  Post a Comment
Cyber Hunters, Incident Response & The Changing Nature Of Network Defense
Vincent Berk, CEO, FlowTraqCommentaryy
Or how I learned that network defense needs to evolve from a game of "stumbled upon" to "search and discover."
By Vincent Berk CEO, FlowTraq, 10/11/2016
Comment0 comments  |  Read  |  Post a Comment
Database Breaches: An Alarming Lack Of Preparedness
John Moynihan, President, Minuteman GovernanceCommentaryy
It's no secret that databases are fertile ground for malicious activities. Here's how a seven-step process for monitoring known harbingers of an imminent attack can help reduce the risk.
By John Moynihan President, Minuteman Governance, 10/10/2016
Comment3 comments  |  Read  |  Post a Comment
Data Science & Security: Overcoming The Communication Challenge
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentaryy
Data scientists face a tricky task -- taking raw data and making it meaningful for both security and business teams. Here's how to bridge the gap.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 10/7/2016
Comment0 comments  |  Read  |  Post a Comment
NSA Director Not Opposed To Splitting Cyber Command From Agency
Jai Vijayan, Freelance writerNews
In the long run it may make sense to keep nations cyber offense mission separate from NSA, Michael Rogers says.
By Jai Vijayan Freelance writer, 10/6/2016
Comment0 comments  |  Read  |  Post a Comment
Partners In The Battle Against Cyberthreats
Dark Reading Staff, CommentaryyVideo
George Karidis of CompuCom and Rodel Alejo from Intel stop by the Dark Reading News Desk.
By Dark Reading Staff , 10/6/2016
Comment0 comments  |  Read  |  Post a Comment
Incident Response A Challenge For 98% Of InfoSec Pros
Sara Peters, Senior Editor at Dark ReadingNews
Too many alerts and too little staff leave security pros swimming in threat intel and begging for automation.
By Sara Peters Senior Editor at Dark Reading, 10/6/2016
Comment0 comments  |  Read  |  Post a Comment
Why Its Always Cyber Hunting Season (& What To Do About It)
David Amsler, Founder, Foreground SecurityCommentaryy
To stop todays most capable and persistent adversaries, security organizations must rely less on tools and more on human analysis.
By David Amsler Founder, Foreground Security, 10/6/2016
Comment1 Comment  |  Read  |  Post a Comment
FBI Arrests NSA Contractor For Alleged Code Theft
Kelly Sheridan, Associate Editor, InformationWeekQuick Hits
The FBI has arrested a contractor from the National Security Agency for the possible theft of secret codes created to break into foreign government networks.
By Kelly Sheridan Associate Editor, InformationWeek, 10/5/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.