Commentary
Latest Content
|
WannaCry? You’re Not Alone: The 5 Stages of Security Grief
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
The Folly of Vulnerability & Patch Management for ICS Networks
Yes, such efforts matter. But depending on them can give a false sense of security.
Dark Reading Launches New Conference on Cyber Defense
November event will focus on attendee interaction, "blue team" best practices
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
Cybersecurity Fact vs. Fiction
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
Why Your AppSec Program Is Doomed to Fail & How to Save It
With these measures in place, organizations can avoid common pitfalls.
Climbing the Security Maturity Ladder in Cloud
These five steps will insure that you achieve the broadest coverage for onboarding your most sensitive workloads.
Trump’s Executive Order: What It Means for US Cybersecurity
The provisions are all well and good, but it’s hardly the first time they’ve been ordered by the White House.
By the Numbers: Parsing the Cybersecurity Challenge
Why your CEO should rethink company security priorities in the drive for digital business growth.
How Smart Cities Can Minimize the Threat of Cyberattacks
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
Deep Learning's Growing Impact on Security
Neural networks are now practical for real-world applications, cutting back on work needed from analysts.
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
Intruders often understand the networks they target better than their defenders do.
Your Information Isn't Being Hacked, It's Being Neglected
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
From Reporter to Private Investigator to Security Engineer
How I fell in love with coding and traded in a camera-rigged Prius for a MacBook and a GitHub account.
The Economics of Software Security: What Car Makers Can Teach Enterprises
Embedding security controls early in the application development process will go a long way towards driving down the total cost of software ownership.
Why Compromised Identities Are IT’s Fault
The eternal battle between IT and security is the source of the problem.
Balancing the Risks of the Internet of Things
Do the benefits of an Internet-connected coffee maker really outweigh its security issues?
Why Phishing Season Lasts All Year for Top US Retailers
No major brand is immune from cyber squatters; the more popular the company, the more look-alike domains phishers register as bait. Here are some techniques to watch out for.
Advice for Windows Migrations: Automate as Much as Possible
The security lessons Riverside Health System learned when moving to Windows 7 will help it quickly move to Windows 10.
Securely Managing Employee Turnover: 3 Tips
Don't let the process spiral into organizational chaos. Here are steps you can take to keep your company safe.
How to Succeed at Incident Response Metrics
Establishing a baseline of what information you need is an essential first step.
Security & Development: Better Together
How DevSecOps removes the silos between security and application development teams so that everyone can work together at the same speed.
SMB Security: Don’t Leave the Smaller Companies Behind
Helping improve the security posture of small and medium-sized businesses should be a priority for security organizations of all sizes.
The Case for Disclosing Insider Breaches
Too often organizations try to sweep intentional, accidental or negligent employee theft of data under the rug. Here’s why they shouldn’t.
Rethinking Vulnerabilities: Network Infrastructure as a Software System
Increasing complexity is putting networks at risk. It's time to shift our security approach and take some lessons from software development.
Securing IoT Devices Requires a Change in Thinking
There's no magic bullet for IoT security, but there are ways to help detect and mitigate problems.
Elections, Deceptions & Political Breaches
Political hacks have many lessons for the business world.
In the Cloud, Evolving Infrastructure Means Evolving Alliances
New opportunities make for unusual bedfellows. Here's how to navigate the shift in organizational dynamics between security operations, line-of-business managers, and developers.
Ransomware: Carding's Replacement for the Criminal Masses
Ransomware is not only here to stay, it's going to proliferate by orders of magnitude and cause substantial risk to businesses for the foreseeable future.
Data Security & Privacy: The Risks of Not Playing by the Rules
Achieving compliance is a complex and challenging process. But with the right systems and policies, you can stay ahead of the next data breach — and the regulators.
4 Reasons the Vulnerability Disclosure Process Stalls
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
Staying a Step Ahead of Internet Attacks
There's no getting around the fact that targeted attacks, such as spearphishing, will happen. But you can figure out the type of attack to expect next.
With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?
Technology alone won't keep you safe. Fully engaged employees should be your first line of defense.
In Search of an Rx for Enterprise Security Fatigue
Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.
Deconstructing the 2016 Yahoo Security Breach
One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.
All Generations, All Risks, All Contained: A How-To Guide
Organizations must have a security plan that considers all of their employees.
WannaCry: Ransomware Catastrophe or Failure?
Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
Why We Need a Data-Driven Cybersecurity Market
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
The Fundamental Flaw in TCP/IP: Connecting Everything
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
The Wide-Ranging Impact of New York's Cybersecurity Regulations
New York's toughest regulations yet are now in effect. Here's what that means for your company.
How Many People Does It Take to Defend a Network?
The question is hard to answer because there aren't enough cybersecurity pros to go around.
Your Grandma Could Be the Next Ransomware Millionaire
Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.
5 Steps to Maximize the Value of your Security Investments
How a ‘security rationalization’ process can help CISOs make the most out of their information security infrastructure, and also improve the company bottom line.
What Developers Don't Know About Security Can Hurt You
Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset.
Artificial Intelligence: Cybersecurity Friend or Foe?
The next generation of situation-aware malware will use AI to behave like a human attacker: performing reconnaissance, identifying targets, choosing methods of attack, and intelligently evading detection.
Your IoT Baby Isn't as Beautiful as You Think It Is
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
Extreme Makeover: AI & Network Cybersecurity
In the future, artificial intelligence will constantly adapt to the growing attack surface. Today, we are still connecting the dots.
Shining a Light on Security’s Grey Areas: Process, People, Technology
The changing distributed and mobile business landscape brings with it new security and privacy risks. Here’s how to meet the challenge.
Deciphering the GDPR: What You Need to Know to Prepare Your Organization
The European Union's upcoming privacy regulations are incredibly complex. Here are four important points to keep in mind.
|
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Wow, they weren't lying! Emacs does have a command for everything..."
Latest Comment: "Wow, they weren't lying! Emacs does have a command for everything..."
Current Issue
Security Operations and IT Operations: Finding the Path to CollaborationA wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
The Dark Reading Security Spending Survey
Enterprises are spending an unprecedented amount of money on IT security — where does it all go? In this survey, Dark Reading polled senior IT management on security budgets and spending plans, and their priorities for the coming year. Download the report and find out what they had to say.
Slideshows
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
CVE-2016-10369NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2016-8202unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
CVE-2016-8209A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
CVE-2017-0890Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2017 UBM, All rights reserved
Tweet This