Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Careers & People
Page 1 / 2   >   >>
Employee Privacy in a Mobile Workplace
Commentary  |  11/20/2019  | 
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.
A Security Strategy That Centers on Humans, Not Bugs
Commentary  |  11/19/2019  | 
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
13 Security Pros Share Their Most Valuable Experiences
Slideshows  |  11/18/2019  | 
From serving as an artillery Marine to working a help desk, infosec practitioners pinpoint experiences that had the greatest influence on their careers.
DevSecOps: The Answer to the Cloud Security Skills Gap
Commentary  |  11/15/2019  | 
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.
Capture the Flag Planned to Find Missing Persons Information
Quick Hits  |  11/14/2019  | 
The competition, launched by SANS and Trace Labs, will put to use open source information in search of new clues.
5 Cybersecurity CISO Priorities for the Future
Commentary  |  11/14/2019  | 
Seven chief information security officers share their pain points and two-year spending plans.
SHAKEN/STIR: Finally! A Solution to Caller ID Spoofing?
Commentary  |  11/12/2019  | 
The ubiquitous Caller ID hasn't changed much over the years, but the technology to exploit it has exploded. That may be about to change.
9 Principles to Simplify Security
Commentary  |  11/8/2019  | 
This isn't a one-size-fits-all situation. Simplify as much as you can, as the saying goes, but no more than that.
Black Hat Q&A: Hacking a '90s Sports Car
News  |  11/7/2019  | 
Security researcher Stanislas Lejay offers a preview of his upcoming Black Hat Europe talk on automotive engine computer management and hardware reverse engineering.
Raising Security Awareness: Why Tools Can't Replace People
Commentary  |  11/1/2019  | 
Training your people and building relationships outside of the security organization is the most significant investment a CISO can make.
Quantifying Security Results to Justify Costs
Commentary  |  10/31/2019  | 
The CISO job isn't to protect the entire business from all threats for any budget. It's to spell out what level of protection executives can expect for a given budget.
9 Ways Data Vampires Are Bleeding Your Sensitive Information
Commentary  |  10/31/2019  | 
Pull a Van Helsing on those sucking the lifeblood from your data and intellectual property.
Email Threats Poised to Haunt Security Pros into Next Decade
Commentary  |  10/30/2019  | 
Decentralized threat intel sharing, more public-private collaboration, and greater use of automated incident response are what's needed to combat phishing
Hacking Phones: How Law Enforcement Is Saving Privacy
Commentary  |  10/30/2019  | 
It's no longer true that society must choose to either weaken everybody's privacy or let criminals run rampant.
Why It's Imperative to Bridge the IT & OT Cultural Divide
Commentary  |  10/29/2019  | 
As industrial enterprises face the disruptive forces of an increasingly connected world, these two cultures must learn to coexist.
4 Security Lessons Federal IT Pros Can Teach the Private Sector
Commentary  |  10/25/2019  | 
With a little research and basic planning, small companies can make big strides against the cybersecurity threats they face. Here's how.
It's Time to Improve Website Identity Indicators, Not Remove Them
Commentary  |  10/24/2019  | 
Why Google and Mozilla are wrong about the benefits of Extended Validation certificates that aim to prevent fraud and protect user privacy.
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Commentary  |  10/23/2019  | 
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
Commentary  |  10/22/2019  | 
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
Keeping Too Many Cooks out of the Security Kitchen
Commentary  |  10/22/2019  | 
A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.
SOC Puppet: Dark Reading Caption Contest Winners
Commentary  |  10/18/2019  | 
Social engineering, SOC analysts, and Sock puns. And the winners are:
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Commentary  |  10/17/2019  | 
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
How to Think Like a Hacker
Commentary  |  10/10/2019  | 
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
Virginia a Hot Spot For Cybersecurity Jobs
News  |  10/9/2019  | 
State has highest number of people in information security roles and the most current job openings, Comparitech study finds.
A Realistic Threat Model for the Masses
Commentary  |  10/9/2019  | 
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
Utilities' Operational Networks Continue to Be Vulnerable
News  |  10/8/2019  | 
More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.
Lack of Role Models, Burnout & Pay Disparity Hold Women Back
News  |  10/7/2019  | 
New ISACA data emphasizes a gap between men and women who share their opinions on underrepresentation of women and equal pay in the tech industry.
'Father of Identity Theft' Convicted on 13 Federal Counts
Quick Hits  |  10/1/2019  | 
James Jackson, a 58-year-old Memphis resident, used the identities of deceased individuals to steal money from banks and the estates of the dead.
Navigating Your First Month as a New CISO
Commentary  |  10/1/2019  | 
The single most important thing you can do is to start building the relationships and political capital you'll need to run your security program. Here's how.
DevSecOps: Recreating Cybersecurity Culture
Commentary  |  9/18/2019  | 
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Commentary  |  9/17/2019  | 
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
Preventing PTSD and Burnout for Cybersecurity Professionals
Commentary  |  9/16/2019  | 
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
No Quick Fix for Security-Worker Shortfall
News  |  9/13/2019  | 
Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees.
Taking a Fresh Look at Security Ops: 10 Tips
Commentary  |  9/13/2019  | 
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
Security Leaders Share Tips for Boardroom Chats
Slideshows  |  9/12/2019  | 
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.
A Definitive Guide to Crowdsourced Vulnerability Management
Commentary  |  9/12/2019  | 
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
Automation: Friend of the SOC Analyst
Commentary  |  9/5/2019  | 
Faced by increasingly sophisticated threats, organizations are realizing the benefits of automation in their cybersecurity programs.
Bug Bounties Continue to Rise, but Market Has Its Own 1% Problem
News  |  8/29/2019  | 
The average payout for a critical vulnerability has almost reached $3,400, but only the top bug hunters of a field of 500,000 are truly profiting.
10 Low-Cost (or Free!) Ways to Boost Your Security AI Skills
Slideshows  |  8/23/2019  | 
The following hardware and software options will amplify your know-how about artificial intelligence and how to apply it to security without busting any budgets.
Beat the Heat: Dark Reading Caption Contest Winners
Commentary  |  8/16/2019  | 
Phishing, token codes, training, MFA, polluted data entry, and whales. And the winners are ...
Does Personality Make You Vulnerable to Cybercrime?
News  |  8/13/2019  | 
A new study explores the connections between personality traits and susceptibility to different cyberattacks.
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
Slideshows  |  8/13/2019  | 
This year's round-up includes awards into two new categories: most under-hyped research and epic achievement.
Dark Reading News Desk Live at Black Hat USA 2019
News  |  8/8/2019  | 
Watch right here for 40 video interviews with speakers and sponsors. Streaming live from Black Hat USA Wednesday and Thursday 2 p.m. to 6 p.m. Eastern.
Black Hat 2019: Security Culture Is Everyone's Culture
News  |  8/7/2019  | 
In his Black Hat USA keynote, Square's Dino Dai Zovi discussed lessons learned throughout his cybersecurity career and why culture trumps strategy.
Security & the Infinite Capacity to Rationalize
Commentary  |  8/6/2019  | 
To improve the security posture of our organizations, we must open our eyes to rationalization and put an end to it with logic. Here's how.
Black Hat: A Summer Break from the Mundane and Controllable
Commentary  |  8/2/2019  | 
Enjoy the respite from the security tasks that await you back at home. Then prepare yourself for the uphill battles to come. Here's how.
SecOps Success Through Employee Retention
Commentary  |  8/1/2019  | 
To keep your turnover low, focus on these areas: compensation, advancement opportunities, training, and environment.
Transforming 'Tangible Security' into a Competitive Advantage
Commentary  |  7/30/2019  | 
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
Black Hat Q&A: Inside the Black Hat NOC
News  |  7/26/2019  | 
Cybersecurity expert Bart Stump explains what its like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.
Security Training That Keeps Up with Modern Development
News  |  7/25/2019  | 
Black Hat USA speakers to discuss what it will take to 'shift knowledge left' to build up a corps of security-savvy software engineers.
Page 1 / 2   >   >>


DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1817
PUBLISHED: 2019-11-20
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
CVE-2013-2091
PUBLISHED: 2019-11-20
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
CVE-2012-1257
PUBLISHED: 2019-11-20
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.
CVE-2013-1816
PUBLISHED: 2019-11-20
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
CVE-2011-4455
PUBLISHED: 2019-11-20
Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.