Commentary
Latest Content
|
Security's #1 Problem: Economic Incentives
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
Health IT & Cybersecurity: 5 Hiring Misconceptions to Avoid
Why healthcare organizations need a good strategy to find talent, or get left behind.
Why Size Doesn't Matter in DDoS Attacks
Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."
Software Assurance: Thinking Back, Looking Forward
Ten personal observations that aim to bolster state-of-the-art and state-of-practice in application security.
Get Serious about IoT Security
These four best practices will help safeguard your organization in the Internet of Things.
GDPR & the Rise of the Automated Data Protection Officer
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
To Be Ready for the Security Future, Pay Attention to the Security Past
It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.
Security Orchestration & Automation: Parsing the Options
Once you head down the path of orchestration, security teams will need to decide how much automation they are ready for. Here's how.
Cloud Security's Shared Responsibility Is Foggy
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
Encryption: A New Boundary for Distributed Infrastructure
As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?
5 Problems That Keep CISOs Awake at Night
The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.
20 Questions to Help Achieve Security Program Goals
There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.
The 'Team of Teams' Model for Cybersecurity
Security leaders can learn some valuable lessons from a real-life military model.
Deception: A Convincing New Approach to Cyber Defense
How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.
Why Relaxing Our Password Policies Might Actually Bolster User Safety
Recent guidance from NIST may seem counterintuitive.
If Blockchain Is the Answer, What Is the Security Question?
Like any technology, blockchain has its strengths and weaknesses. But debunking three common myths can help you cut through the hype.
Is Public Sector Cybersecurity Adequate?
Many governmental organizations are unstaffed, underfunded, and unprepared to fight common attacks, and they could learn a thing or two from the private sector.
Sandbox-Aware Malware Foreshadows Potential Attacks
For the continuous monitoring industry to remain relevant, it needs to match the vigor of sandbox vendors against targeted subversion.
Is Your Organization Merely PCI-Compliant or Is It Actually Secure?
The Host Identity Protocol might be the answer to inadequate check-the-box security standards.
Workplace IoT Puts Companies on Notice for Smarter Security
Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.
3 Ways AI Could Help Resolve the Cybersecurity Talent Crisis
There's no escaping the fact that there's a skills shortage, and companies aren't doing enough to cultivate talent. AI could relieve some of the pressure.
How Effective Boards Drive Security Mandates
The focus on cybersecurity policies must be prioritized from the top down.
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
Hacking the Security Job Application Process
Simple advice to help job seekers dig out of the black hole of recruiter and employer hiring portals.
How Hackers Hide Their Malware: Advanced Obfuscation
Hackers continue to develop new ways to break into systems. Here are three of them, along with ways to fight back.
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Once you've got a lake full of data, it's essential that your analysis isn't left stranded on the shore.
Dark Reading Now HTTPS
Moving a site that's more than a decade old to HTTPS has been a journey, and we're almost there.
How Hackers Hide Their Malware: The Basics
Malware depends on these four basic techniques to avoid detection.
Cybersecurity: An Asymmetrical Game of War
To stay ahead of the bad guys, security teams need to think like criminals, leverage AI’s ability to find malicious threats, and stop worrying that machine learning will take our jobs.
A Call for New Voices on the Security Conference Circuit
If the mere idea of talking in public makes you want to hide in a bathroom stall with a stuffed bobcat, think again.
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
GDPR Compliance Preparation: A High-Stakes Guessing Game
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
The Changing Face & Reach of Bug Bounties
HackerOne CEO Mårten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
Why You Need to Study Nation-State Attacks
Want to know what attacks against businesses will look like soon? Examine nation-state attacks now.
Coming Soon to Dark Reading...
Event calendar: Dark Reading brings you threat intelligence tomorrow, boardroom communication next week, and coming in November, a brand new conference in the D.C. area.
Battle of the AIs: Don't Build a Better Box, Put Your Box in a Better Loop
Powered by big data and machine learning, next-gen attacks will include perpetual waves of malware, phishes, and false websites nearly indistinguishable from the real things. Here's how to prepare.
Comparing Private and Public Cloud Threat Vectors
Many companies moving from a private cloud to a cloud service are unaware of increased threats.
The Pitfalls of Cyber Insurance
Cyber insurance is 'promising' but it won't totally protect your company against hacks.
Curbing the Cybersecurity Workforce Shortage with AI
By using cognitive technologies, an organization can address the talent shortage by getting more productivity from current employees and improving processes.
Critical Infrastructure, Cybersecurity & the 'Devil’s Rope'
How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it.
Kill Switches, Vaccines & Everything in Between
The language can be a bit fuzzy at times, but there are real differences between the various ways of disabling malware.
The Day of Reckoning: Cybercrime’s Impact on Brand
Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.
Discover a Data Breach? Try Compassion First
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
Cybersecurity: The Responsibility of Everyone
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
What CISOs Need to Know about the Psychology behind Security Analysis
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
Breaches Are Coming: What Game of Thrones Teaches about Cybersecurity
Whether you’re Lord Commander of the Night’s Watch or the CISO of a mainstream business, it’s not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.
Taking Down the Internet Has Never Been Easier
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
Uptick in Malware Targets the Banking Community
A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next WaveJust when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Dark Reading Security Spending Survey
Enterprises are spending an unprecedented amount of money on IT security — where does it all go? In this survey, Dark Reading polled senior IT management on security budgets and spending plans, and their priorities for the coming year. Download the report and find out what they had to say.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
CVE-2016-10369NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2016-8202unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
CVE-2016-8209A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
CVE-2017-0890Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2017 UBM, All rights reserved
Tweet This