Commentary
Latest Content
|
Bots Make Lousy Dates, But Not Cheap Ones
The danger of dating sites: If a beautiful woman asks men to click on malware, they'll probably click.
Dark Reading News Desk Live at Black Hat USA 2017
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
20 Questions for Improving SMB Security
Security leaders in small and medium-sized business who want to up their game need to first identify where they are now, then, where they want to go.
DevOps & Security: Butting Heads for Years but Integration is Happening
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
4 Steps to Securing Citizen-Developed Apps
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
SIEM Training Needs a Better Focus on the Human Factor
The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
AWS S3 Breaches: What to Do & Why
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
7 Deadly Sins to Avoid When Mitigating Cyberthreats
How digitally savvy organizations can take cyber resilience to a whole new dimension.
Black Hat to Host Discussion on Diversity
Panel of diversity pioneers will share their views and firsthand experience on how to make inclusion a priority in security.
How Security Pros Can Help Protect Patients from Medical Data Theft
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
Dealing with Due Diligence
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
The High Costs of GDPR Compliance
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
How Code Vulnerabilities Can Lead to Bad Accidents
The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.
The SOC Is Dead…Long Live the SOC
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
The Growing Danger of IP Theft and Cyber Extortion
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
Avoiding the Dark Side of AI-Driven Security Awareness
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
The Problem with Data
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
The Case for Crowdsourcing Security Buying Decisions
Why our industry needs a sharing platform with open and transparent access to peer knowledge, meaningful metrics, and transparency around security products and services
Why Enterprise Security Needs a New Focus
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
Defining Security: The Difference Between Safety & Privacy
Words matter, especially if you are making a case for new security measures, state-of-the-art technology or personnel.
WannaCry Blame Game: Why Delayed Patching is Not the Problem
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
Recovering from Bad Decisions in the Cloud
The cloud makes it much easier to make changes to security controls than in traditional networks.
Threat Intelligence Sharing: The New Normal?
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
KPMG: Cybersecurity Has Reached a ‘Tipping Point’ from Tech to CEO Business Issue
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
WannaCry? You’re Not Alone: The 5 Stages of Security Grief
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
The Folly of Vulnerability & Patch Management for ICS Networks
Yes, such efforts matter. But depending on them can give a false sense of security.
Dark Reading INsecurity Conference Registration Now Open
November event will focus on attendee interaction, "blue team" best practices.
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
Cybersecurity Fact vs. Fiction
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
Why Your AppSec Program Is Doomed to Fail & How to Save It
With these measures in place, organizations can avoid common pitfalls.
Climbing the Security Maturity Ladder in Cloud
These five steps will insure that you achieve the broadest coverage for onboarding your most sensitive workloads.
Trump’s Executive Order: What It Means for US Cybersecurity
The provisions are all well and good, but it’s hardly the first time they’ve been ordered by the White House.
By the Numbers: Parsing the Cybersecurity Challenge
Why your CEO should rethink company security priorities in the drive for digital business growth.
How Smart Cities Can Minimize the Threat of Cyberattacks
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
Deep Learning's Growing Impact on Security
Neural networks are now practical for real-world applications, cutting back on work needed from analysts.
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
Intruders often understand the networks they target better than their defenders do.
Your Information Isn't Being Hacked, It's Being Neglected
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
From Reporter to Private Investigator to Security Engineer
How I fell in love with coding and traded in a camera-rigged Prius for a MacBook and a GitHub account.
The Economics of Software Security: What Car Makers Can Teach Enterprises
Embedding security controls early in the application development process will go a long way towards driving down the total cost of software ownership.
Why Compromised Identities Are IT’s Fault
The eternal battle between IT and security is the source of the problem.
Balancing the Risks of the Internet of Things
Do the benefits of an Internet-connected coffee maker really outweigh its security issues?
Why Phishing Season Lasts All Year for Top US Retailers
No major brand is immune from cyber squatters; the more popular the company, the more look-alike domains phishers register as bait. Here are some techniques to watch out for.
Advice for Windows Migrations: Automate as Much as Possible
The security lessons Riverside Health System learned when moving to Windows 7 will help it quickly move to Windows 10.
Securely Managing Employee Turnover: 3 Tips
Don't let the process spiral into organizational chaos. Here are steps you can take to keep your company safe.
How to Succeed at Incident Response Metrics
Establishing a baseline of what information you need is an essential first step.
Security & Development: Better Together
How DevSecOps removes the silos between security and application development teams so that everyone can work together at the same speed.
SMB Security: Don’t Leave the Smaller Companies Behind
Helping improve the security posture of small and medium-sized businesses should be a priority for security organizations of all sizes.
The Case for Disclosing Insider Breaches
Too often organizations try to sweep intentional, accidental or negligent employee theft of data under the rug. Here’s why they shouldn’t.
Rethinking Vulnerabilities: Network Infrastructure as a Software System
Increasing complexity is putting networks at risk. It's time to shift our security approach and take some lessons from software development.
|
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While “red team” conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the “blue team” will be the focus.
White Papers
Video
2 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Tell the sysadmin that we have a situation.
Latest Comment: Tell the sysadmin that we have a situation.
Current Issue
Security Vulnerabilities: The Next WaveJust when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
![[Strategic Security Report] Assessing Cybersecurity Risk](https://dsimg.ubm-us.net/asset/390613/528673/Rapid7-Report.png)
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
CVE-2016-10369NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2016-8202unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
CVE-2016-8209A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
CVE-2017-0890Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2017 UBM, All rights reserved
Tweet This