Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Careers & People posted in July 2016
How to Roll Your Own Threat Intelligence Team
Commentary  |  7/29/2016  | 
A lot of hard work needs to go into effectively implementing an intelligence-driven security model. It starts with five critical factors.
7 Ways To Charm Users Out of Their Passwords
Slideshows  |  7/27/2016  | 
While the incentives have changed over time, it still takes remarkably little to get users to give up their passwords.
5 Failsafe Techniques For Interviewing Security Candidates
Commentary  |  7/22/2016  | 
Filling critical information security roles with the right people is never easy. But learning how to separate the 'wheat from the chaff' is a smart step in the right direction.
5 Mr. Robot Hacks That Could Happen in Real Life
Commentary  |  7/20/2016  | 
As season two of the popular TV series gets underway, we reality-check anti-hero Elliots hacking prowess against real-life security and attack scenarios.
Ex-Cardinal Exec Jailed For Hacking Astros
Quick Hits  |  7/20/2016  | 
Christopher Correa gets 46 months for unlawful access of rivals database and downloading confidential details.
Meet The Teams In DARPA's All-Machine Hacking Tournament
Slideshows  |  7/15/2016  | 
"Autonomous security" is DARPA's latest game. Its Cyber Grand Challenge will culminate at DEF CON with a contest to see which of these seven finalists' machines will automatically detect and remediate the most security vulnerabilities.
What's Next For Canadas Surveillance Landscape?
Commentary  |  7/14/2016  | 
Edward Snowden headlines SecTor security conference as Canadian privacy advocates await the Trudeau governments next move in the countrys complex privacy and security debate.
72% of Black Hat Attendees Expect To Be Hit By 'Major' Data Breach Within A Year
Commentary  |  7/14/2016  | 
End users are the biggest weakness, and we're not doing enough to address the problem.
What I Expect to See At Black Hat 2016: 5 Themes
Commentary  |  7/13/2016  | 
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Here's what piques my interest this year.
A Holistic Approach to Cybersecurity Wellness: 3 Strategies
Commentary  |  7/7/2016  | 
Security professionals need to rely on more than vaccinations to protect the health and safety of company systems and data.
So You Want To Be A Penetration Tester
News  |  7/6/2016  | 
Penetration testers must have an innate curiosity of how networked systems work coupled with a solid understanding of IT operations. It also helps to be able to think like an attacker.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42699
PUBLISHED: 2022-12-06
Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.
CVE-2022-44030
PUBLISHED: 2022-12-06
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
CVE-2022-41902
PUBLISHED: 2022-12-06
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have p...
CVE-2022-41910
PUBLISHED: 2022-12-06
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have p...
CVE-2022-45816
PUBLISHED: 2022-12-06
Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.