Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Careers & People posted in April 2017
A Day in the Life of a Security Avenger
Commentary  |  4/28/2017  | 
Behind the scenes with a security researcher as we follow her through a typical day defending the world against seemingly boundless cyberthreats and attacks
Why (& How) CISOs Should Talk to Company Boards
Commentary  |  4/25/2017  | 
The C-Suite needs to minimize cybersecurity risk in order to maximize its principal goal of attaining high-level, sustainable growth.
The Road Less Traveled: Building a Career in Cyberthreat Intelligence
Commentary  |  4/24/2017  | 
It's hard to become a threat intelligence pro, but there are three primary ways of going about it.
Russian Citizen Gets Record 27-Year Sentence for Hacking, Fraud Scheme
Quick Hits  |  4/21/2017  | 
Roman Valeryevich gets 27 years for hacking PoS machines. Meanwhile, spam master Pyotr Levashov's indictment is unsealed.
The Architecture of the Web Is Unsafe for Today's World
Commentary  |  4/19/2017  | 
The Internet is based on protocols that assume content is secure. A new, more realistic model is needed.
How Top Security Execs are Doing More with Less
Commentary  |  4/18/2017  | 
Even the largest corporations aren't immune to the cybersecurity skills gap an inside look at how they are coping and adjusting.
Why Brand Trumps Tech in C-Level Conversations
News  |  4/17/2017  | 
Brand reputation, not technical tools, should be the focus of the CIO's conversations with board members about the importance of security.
6 New Security Startups Named to MACH37 Spring Cohort
Slideshows  |  4/15/2017  | 
The companies selected this year include technical talent that draws from Silicon Valley to Hungary and Western Europe.
So You Want to Be a Security Rock Star?
Commentary  |  4/13/2017  | 
While the thrill of crafting attention-grabbing stunt hacks may seem like the coolest job on earth, what our industry needs more of are strong defenders who can fix things as well as break them.
How Innovative Companies Lock Down Data
Commentary  |  4/12/2017  | 
A mix of back-to-basics security and a set of new, data-centric best practices is key to defending against a future of growing and sophisticated cyberattacks.
When Hacks Are about Image instead of Money
Commentary  |  4/11/2017  | 
If you think fake news is a problem, how about the possibility of fake medical or financial information making the rounds with no way to verify its legitimacy?
Computer Engineer Charged with Theft of Proprietary Computer Code
Quick Hits  |  4/11/2017  | 
Zhengquan Zhang arrested for stealing over 3 million files containing company trade secrets from his employer, a global finance firm.
Setting Up Security as a Business: 3 Best Practices for Security Execs
Commentary  |  4/10/2017  | 
Security leaders need to show they provide more than stop-the-bad guys services. Here's how.
How to Crack Cybersecuritys Glass Ceiling
Commentary  |  4/6/2017  | 
Sage career advice to young women from the female CTO of a security startup: Get a pair of earplugs, and put them in when you hear words like 'can't' or 'don't.'
7 Ways Hackers Target Your Employees
Slideshows  |  4/6/2017  | 
One employee under reconnaissance by cyberattackers can put your whole business at risk. Where are they being targeted, and what should they know?
GDPR Doesnt Need to be GDP-Argh!
Commentary  |  4/5/2017  | 
These 10 steps will ease the pain of compliance with the General Data Protection Regulation, the EU's new privacy law that goes into effect in a little over a year.
The Power of the Crowd: 3 Approaches to Sharing Threat Intel
Commentary  |  4/4/2017  | 
Crowdsourced intelligence can help you build a stronger, more informed cyberdefense. Heres how.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41127
PUBLISHED: 2021-10-21
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot...
CVE-2021-41169
PUBLISHED: 2021-10-21
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
CVE-2021-27746
PUBLISHED: 2021-10-21
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
CVE-2021-36869
PUBLISHED: 2021-10-21
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.
CVE-2021-39352
PUBLISHED: 2021-10-21
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrat...