Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Careers & People posted in March 2018
10 Women in Security You May Not Know But Should
Slideshows  |  3/30/2018  | 
The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.
How Measuring Security for Risk & ROI Can Empower CISOs
Commentary  |  3/28/2018  | 
For the vast majority of business decisions, organizations seek metrics-driven proof. Why is cybersecurity the exception?
Automating Ethics for Cybersecurity
Commentary  |  3/28/2018  | 
Having a code of ethics and enforcing it are two different things.
UVA Defeats UMBC, in Stunning Upset
Commentary  |  3/27/2018  | 
In first trip to Mid-Atlantic Collegiate Cyber Defense Competition, University of Virginia's Cyber Defense Team defeats reigning national champs from University of Maryland, Baltimore County.
780 Days in the Life of a Computer Worm
Commentary  |  3/27/2018  | 
This is a story of a worm, from the time it was coded and deployed onto the Internet. It is narrated by the worm in the first person.
SOC in Translation: 4 Common Phrases & Why They Raise Flags
Commentary  |  3/21/2018  | 
By keeping an ear out for out for catchphrases like "Just ask Stu" or "I've got a bad feeling about this," CISOs can overcome the barriers that get between business leaders and their security teams.
Facebook CISO Stamos to Depart from the Social Media Firm: Report
Quick Hits  |  3/20/2018  | 
Stamos will remain in his position through August, according to a report in The New York Times.
Who Does What in Cybersecurity at the C-Level
Slideshows  |  3/16/2018  | 
As security evolve as a corporate priority, so do the roles and responsibilities of the executive team. These seven titles are already feeling the impact.
Online Ads vs. Security: An Invisible War
Commentary  |  3/15/2018  | 
Why visiting one website is like visiting 50, and how you can fight back against malvertisers.
(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
News  |  3/15/2018  | 
While the average US security salary is $122,000, the average salary for people of color is $115,000, with men identifying as minorities making $6000 more than minority women.
A Secure Enterprise Starts with a Cyber-Aware Staff
Commentary  |  3/14/2018  | 
An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.
What CISOs Should Know About Quantum Computing
Slideshows  |  3/13/2018  | 
As quantum computing approaches real-world viability, it also poses a huge threat to today's encryption measures.
Disappearing Act: Dark Reading Caption Contest Winners
Commentary  |  3/12/2018  | 
A standout field with hysterical puns about security policies, Meltdown, Amazon Web Services, and the right to be forgotten. And the winner is
DevSecOps: The Importance of Building Security from the Beginning
Commentary  |  3/9/2018  | 
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
7 University-Connected Cyber Ranges to Know Now
Slideshows  |  3/9/2018  | 
Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.
Privilege Abuse Attacks: 4 Common Scenarios
Commentary  |  3/7/2018  | 
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
Pragmatic Security: 20 Signs You Are 'Boiling the Ocean'
Commentary  |  3/6/2018  | 
Ocean-boiling is responsible for most of the draconian, nonproductive security policies I've witnessed over the course of my career. Here's why they don't work.
Hacking Back & the Digital Wild West
Commentary  |  3/5/2018  | 
Far from helping organizations defend themselves, hacking back will escalate an already chaotic situation.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41086
PUBLISHED: 2021-09-21
jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a malicious and pastin...
CVE-2021-41087
PUBLISHED: 2021-09-21
in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass DISALLOW rules in the sam...
CVE-2020-19554
PUBLISHED: 2021-09-21
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
CVE-2020-35540
PUBLISHED: 2021-09-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
CVE-2020-35541
PUBLISHED: 2021-09-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.