Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Careers & People posted in May 2019
SANS Launches Security Awareness Certification
Quick Hits  |  5/31/2019  | 
The SANS Security Awareness Professional (SSAP) will be available this summer to professionals focused on measuring and mitigating human risk.
Why Fostering Flexibility Is a Win for Women & Cybersecurity
Commentary  |  5/29/2019  | 
Creating a culture of supporting and advancing women is no small feat, but it's worth the challenge. Start with yourself. Here's how.
How Security Vendors Can Address the Cybersecurity Talent Shortage
Commentary  |  5/24/2019  | 
The talent gap is too large for any one sector, and cybersecurity vendors have a big role to play in helping to close it.
Researcher Publishes Four Zero-Day Exploits in Three Days
News  |  5/23/2019  | 
The exploits for local privilege escalation vulnerabilities in Windows could be integrated into malware before Microsoft gets a chance to fix the issues.
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Commentary  |  5/22/2019  | 
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
To Narrow the Cyber Skills Gap with Attackers, Cut the Red Tape
Commentary  |  5/21/2019  | 
Attackers are getting further ahead, and entrenched corporate rules shoulder much of the blame.
Killer SecOps Skills: Soft Is the New Hard
Commentary  |  5/20/2019  | 
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.
Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists
News  |  5/20/2019  | 
Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why its so important for tech experts to be actively involved in setting public policy.
The Data Problem in Security
Commentary  |  5/16/2019  | 
CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
Cyber Workforce Exec Order: Right Question, Wrong Answer
Commentary  |  5/16/2019  | 
Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.
Resolution Requires Cybersecurity Training for Members of Congress
Quick Hits  |  5/14/2019  | 
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
Missing in Action: Cybersecurity Professionals
Commentary  |  5/14/2019  | 
Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.
Why AI Will Create Far More Jobs Than It Replaces
Commentary  |  5/14/2019  | 
Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats.
How the Skills Gap Strains and Constrains Security Pros
News  |  5/9/2019  | 
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
New Initiative Aims to Fast-Track Women into Cybersecurity Careers
Quick Hits  |  5/9/2019  | 
'100 Women in 100 Days' is a career development program made possible by a $160,000 gift from Craig Newmark Philanthropies.
How to Close the Critical Cybersecurity Talent Gap
Commentary  |  5/9/2019  | 
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
The Fine Line of Feedback: 6 Tips for Talking to Security Pros
Commentary  |  5/8/2019  | 
Feedback is a two-way street in terms of giving, receiving, and knowing how to give and receive.
Trust the Stack, Not the People
Commentary  |  5/6/2019  | 
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
New Executive Order Aims to Grow Federal Cybersecurity Staff
Quick Hits  |  5/3/2019  | 
The EO outlines a 'rotational assignment program' intended to help security practitioners develop their skills.
How Storytelling Can Help Keep Your Company Safe
Commentary  |  5/3/2019  | 
Well-crafted narratives can help you win over users in the battle to develop a sustainable cybersecurity culture.
World Password Day or Groundhog Day?
Commentary  |  5/2/2019  | 
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
8 Personality Traits for Cybersecurity
Quick Hits  |  5/1/2019  | 
Personality assessment firm Hogan Assessments lists top characteristics for a 'successful' cybersecurity hire.
Staffing the Software Security Team: Who You Gonna Call?
Commentary  |  5/1/2019  | 
Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here's why.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41011
PUBLISHED: 2021-09-22
LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.
CVE-2021-40875
PUBLISHED: 2021-09-22
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresp...
CVE-2021-31836
PUBLISHED: 2021-09-22
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.
CVE-2021-31841
PUBLISHED: 2021-09-22
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrar...
CVE-2021-31847
PUBLISHED: 2021-09-22
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, thro...