Upcoming Webinars
Webinar Archives
7 Key Cloud Security Trends Shaping 2017 & Beyond
Date: Dec 15, 2016
View webinar
Cloud computing is enabling business transformation as organizations accelerate time to market and business agility. Evolving cloud technologies and approaches, however, can create security gaps and human errors. Data protection rests with you and your organization and not the cloud provider.

4 Keys to Improving Security Threat Detection
Date: Dec 15, 2016
View webinar
In this webinar, Ixia will show how to combine the four keys to improving security threat detection into a Security Fabric to deliver greater context and intelligent distribution to monitored traffic. You will learn how to create actionable threat intelligence specific to your organization and increase the value of your existing security tool infrastructure.

Why Is IT Availability So Hard?
Date: Dec 15, 2016
View webinar
If your production environment stayed the same, then backup, recovery, and availability would be easier to achieve. But your production environment isn't stagnant, so how do one keep solving for a moving target? How can you and your IT team "keep up" with modernizing protection with each modernization of production. What should you be looking for or considering around data protection in an ever-changing IT landscape?

[Secure Application Development] New Best Practices You Need
Date: Dec 14, 2016
View webinar
The rapidly-changing app environment brings new challenges for information security. Learn how your enterprise can combine emerging app development methods, cloud services capabilities, and new security practices to create a fast and more secure application environment.

Exploit Kits: How to Protect Your Organization
Date: Dec 08, 2016
View webinar
Today's attackers are using exploit kits to automatically find vulnerabilities in common systems. As the use of these attacks increase, so does your chance of being compromised. In order to better protect your organization, you'll need to understand the inner workings of exploit kits.

[Ransomware] Taking the Mystery out of Ransomware
Date: Dec 07, 2016
View webinar
Lost data. Systems locked down. Whole companies coming to a grinding halt. When it comes to ransomware, the damage it can do to your company is immense. Many companies are perplexed by ransomware and don't know how to best protect themselves - but there's no reason to remain in the dark. Join us for this informative webinar presented by Michael Mimoso from Kaspersky Lab's GReAT team as we take the mystery out of this growing threat.

[Security] How Organizations Are Gaining a Radical Advantage with Bug Bounties
Date: Dec 07, 2016
View webinar
Despite thousands of large and small organizations running bug bounty programs, there is still a lot of fear and uncertainty about these in the cybersecurity community. In this webinar we will explore 7 myths about Bug Bounty programs, the hackers who are involved, and the impact they are having on the security posture of organizations around the world.

[Cybersecurity] Build & Maintain an Effective Cyberthreat-Hunting Team
Date: Dec 07, 2016
View webinar
As online attackers and exploits get more sophisticated, many enterprises are discovering that more traditional, passive methods of detecting cyberthreats aren't working as well as they used to. To help find and eradicate sophisticated threats more quickly, enterprises are building "threat hunting" programs to actively analyze internal telemetry and external threat intelligence data, and to better prevent the compromise of critical business data.

Secure Your Organization against Phishing Attacks
Date: Dec 06, 2016
View webinar
Most major cyberattacks on enterprises begin with a social engineering attack, in which an employee is fooled into downloading malware or giving up online credentials. These attacks often come as realistic-looking phishing emails that purport to be from a colleague or trustworthy source. To prevent these attacks, you need to know who attackers are looking for inside your organization, how they choose their phishing victims, and what methods they use.

[Security] Dramatically Improve Your Security Response Program with Automation
Date: Dec 06, 2016
View webinar
Automation in Security. Most enterprises talk about it - but are they really doing it? And if so, where does good automation end? Tools that enable automatic blocking or isolate a compromised system can inadvertently take down critical business applications. However, there are security tasks that can be safely automated, giving back time to security teams - without putting systems or jobs at risk.

Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.