Commentary

Latest Content
Page 1 / 2   >   >>
Leveraging Security to Enable Your Business
Commentary  |  2/23/2018  | 
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Commentary  |  2/22/2018  | 
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
Anatomy of an Attack on the Industrial IoT
Commentary  |  2/22/2018  | 
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
Takeaways from the Russia-Linked US Senate Phishing Attacks
Commentary  |  2/21/2018  | 
The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Commentary  |  2/20/2018  | 
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
Rise of the 'Hivenet': Botnets That Think for Themselves
Commentary  |  2/16/2018  | 
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
Democracy & DevOps: What Is the Proper Role for Security?
Commentary  |  2/15/2018  | 
Security experts need a front-row seat in the application development process but not at the expense of the business.
From DevOps to DevSecOps: Structuring Communication for Better Security
Commentary  |  2/15/2018  | 
A solid approach to change management can help prevent problems downstream.
3 Tips to Keep Cybersecurity Front & Center
Commentary  |  2/14/2018  | 
In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.
Fileless Malware: Not Just a Threat, but a Super-Threat
Commentary  |  2/14/2018  | 
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
Can Android for Work Redefine Enterprise Mobile Security?
Commentary  |  2/13/2018  | 
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Commentary  |  2/13/2018  | 
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
Better Security Analytics? Clean Up the Data First!
Commentary  |  2/12/2018  | 
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
Tracking Bitcoin Wallets as IOCs for Ransomware
Commentary  |  2/12/2018  | 
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
Back to Basics: AI Isn't the Answer to What Ails Us in Cyber
Commentary  |  2/9/2018  | 
The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.
20 Signs You Need to Introduce Automation into Security Ops
Commentary  |  2/8/2018  | 
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
Ticking Time Bombs in Your Data Center
Commentary  |  2/7/2018  | 
The biggest security problems inside your company may result from problems it inherited.
AutoSploit: Mass Exploitation Just Got a Lot Easier
Commentary  |  2/6/2018  | 
But the response to the new hacking tool, now readily available to the masses of script kiddies, has been a mix of outrage, fear, some applause, and more than a few shrugs.
Mastering Security in the Zettabyte Era
Commentary  |  2/5/2018  | 
Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.
3 Ways Hackers Steal Your Company's Mobile Data
Commentary  |  2/2/2018  | 
The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.
Securing Cloud-Native Apps
Commentary  |  2/1/2018  | 
A useful approach for securing cloud-native platforms can be adapted for securing apps running on top of the platform as well.
Thinking about a Career Move in Cybersecurity?
Commentary  |  2/1/2018  | 
The numbers show career opportunities for cyber defenders.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Commentary  |  1/31/2018  | 
Authentication security methods are getting better all the time, but they are still not infallible.
5 Questions to Ask about Machine Learning
Commentary  |  1/31/2018  | 
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Breach-Proofing Your Data in a GDPR World
Commentary  |  1/30/2018  | 
Here are six key measures for enterprises to prioritize over the next few months.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
Commentary  |  1/30/2018  | 
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
An Action Plan to Fill the Information Security Workforce Gap
Commentary  |  1/29/2018  | 
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Commentary  |  1/26/2018  | 
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
How Containers & Serverless Computing Transform Attacker Methodologies
Commentary  |  1/25/2018  | 
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Commentary  |  1/25/2018  | 
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
Security Automation: Time to Start Thinking More Strategically
Commentary  |  1/24/2018  | 
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
GDPR: Ready or Not, Here It Comes
Commentary  |  1/24/2018  | 
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
Meltdown, Spectre Patches, Performance & My Neighbor's Sports Car
Commentary  |  1/23/2018  | 
When a flaw in the engine of a data center server makes it run more like a Yugo than a Porsche, it's the lawyers who will benefit.
5 Steps to Better Security in Hybrid Clouds
Commentary  |  1/23/2018  | 
Following these tips can improve your security visibility and standardize management across hybrid environments.
9 Steps to More-Effective Organizational Security
Commentary  |  1/22/2018  | 
Too often security is seen as a barrier, but it's the only way to help protect the enterprise from threats. Here are tips on how to strengthen your framework.
Understanding Supply Chain Cyber Attacks
Commentary  |  1/19/2018  | 
While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security.
Tax Reform, Cybersecurity-Style
Commentary  |  1/18/2018  | 
How the security industry can be more effective and efficient by recognizing four hidden "taxes" in the buying and selling process.
How to Keep Blue Teams Happy in an Automated Security World
Commentary  |  1/18/2018  | 
The creativity and intuition of your team members must be developed and nurtured.
Living with Risk: Where Organizations Fall Short
Commentary  |  1/17/2018  | 
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
How AI Would Have Caught the Forever 21 Breach
Commentary  |  1/17/2018  | 
Companies must realize that the days of the desktop/server model are over and focus on "nontraditional" devices.
In Security & Life, Busy Is Not a Badge of Honor
Commentary  |  1/16/2018  | 
All security teams are busy, but not all security teams are productive. The difference between the two is huge.
Mental Models & Security: Thinking Like a Hacker
Commentary  |  1/16/2018  | 
These seven approaches can change the way you tackle problems.
What Can We Learn from Counterterrorism and National Security Efforts?
Commentary  |  1/12/2018  | 
The best practices and technologies that originated in the intelligence realm can help businesses stay safer, too.
Privacy: The Dark Side of the Internet of Things
Commentary  |  1/11/2018  | 
Before letting an IoT device into your business or home, consider what data is being collected and where it is going.
AI in Cybersecurity: Where We Stand & Where We Need to Go
Commentary  |  1/11/2018  | 
How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.
'Shift Left': Codifying Intuition into Secure DevOps
Commentary  |  1/10/2018  | 
Shifting left is more than a catchy phrase. It's a mindset that emphasizes the need to think about security in all phases of the software development life cycle.
'Back to Basics' Might Be Your Best Security Weapon
Commentary  |  1/10/2018  | 
A company's ability to successfully reduce risk starts with building a solid security foundation.
'Tis the Season: Dark Reading Caption Contest Winners
Commentary  |  1/9/2018  | 
Bricked devices, penetration tests, and virtual reality were among the themes submitted in our latest holiday caption competition. And the winners are ...
CISOs' Cyber War: How Did We Get Here?
Commentary  |  1/9/2018  | 
We're fighting the good fight -- but, ultimately, losing the war.
Vulnerability Management: The Most Important Security Issue the CISO Doesn't Own
Commentary  |  1/8/2018  | 
Information security and IT need to team up to make patch management more efficient and effective. Here's how and why.
Page 1 / 2   >   >>


SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/22/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.