Commentary

Content posted in August 2016
How Not To Pay A Ransom: 3 Tips For Enterprise Security Pros
Commentary  |  8/31/2016  | 
At the most basic level, organizations must understand their data, the entry points, and who has access. But dont forget to keep your backup systems up to date.
Malware Markets: Exposing The Hype & Filtering The Noise
Commentary  |  8/30/2016  | 
Theres a lot of useful infosec information out there, but cutting through clutter is harder than it should be.
6 Ways To Hack An Election
Commentary  |  8/30/2016  | 
Threats to our electoral process can come from outside the country or nefarious insiders. Our country needs to be better prepared.
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Commentary  |  8/29/2016  | 
Once youve got a lake full of data, its essential that your analysis isnt left stranded on the shore.
Critical Infrastructure: The Next Cyber-Attack Target
Commentary  |  8/29/2016  | 
Power and utilities companies need a risk-centric cybersecurity approach to face coming threats.
The Hidden Dangers Of 'Bring Your Own Body'
Commentary  |  8/26/2016  | 
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
The Secret Behind the NSA Breach: Network Infrastructure Is the Next Target
Commentary  |  8/25/2016  | 
How the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches.
Security Leadership & The Art Of Decision Making
Commentary  |  8/24/2016  | 
What a classically-trained guitarist with a Masters Degree in counseling brings to the table as head of cybersecurity and privacy at one of the worlds major healthcare organizations.
When Securing Your Applications, Seeing Is Believing
Commentary  |  8/24/2016  | 
While the cloud is amazing, a worrying lack of visibility goes along with it. Keep that in mind as you develop your security approach.
CISO Security Portfolios Vs. Reporting Structures
Commentary  |  8/23/2016  | 
Organizational structure is a tool for driving action. Worrying about your bosss title wont help you as much as a better communication framework.
Anatomy Of A Social Media Attack
Commentary  |  8/23/2016  | 
Finding and addressing Twitter and Facebook threats requires a thorough understanding of how theyre accomplished.
Darknet: Where Your Stolen Identity Goes to Live
Commentary  |  8/19/2016  | 
Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.
How Diversity Can Bridge The Talent Gap
Commentary  |  8/18/2016  | 
Women and minorities in the security industry share some hard truths about the security industrys hiring traditions and practices.
5 Strategies For Enhancing Targeted Security Monitoring
Commentary  |  8/18/2016  | 
These examples will help you improve early incident detection results.
User Ed: Patching People Vs Vulns
Commentary  |  8/17/2016  | 
How infosec can combine and adapt security education and security defenses to the way users actually do their jobs.
Security Must Become Driving Force For Auto Industry
Commentary  |  8/17/2016  | 
Digital security hasnt kept pace in this always-connected era. Is infosec up to the challenge?
Dark Reading Radio: What Keeps IT Security Pros Awake at Night
Commentary  |  8/16/2016  | 
Join us for a wide-ranging discussion with (ISC) Chief Exec David Shearer on the most worrisome infosec trends and challenges.
Substantially Above Par: DR Cartoon Caption Contest Winners
Commentary  |  8/12/2016  | 
Critical vulnerabilities, links & virtual reality. And the winner is...
Security Portfolios: A Different Approach To Leadership
Commentary  |  8/11/2016  | 
How grounding a conversation around a well-organized list of controls and their goals can help everyone be, literally, on the same page.
What The TSA Teaches Us About IP Protection
Commentary  |  8/11/2016  | 
Data loss prevention solutions are no longer effective. Todays security teams have to keep context and human data in mind, as the TSA does.
Theory Vs Practice: Getting The Most Out Of Infosec
Commentary  |  8/10/2016  | 
Why being practical and operationally minded is the only way to build a successful security program.
Building A Detection Strategy With The Right Metrics
Commentary  |  8/9/2016  | 
The tools used in detecting intrusions can lead to an overwhelming number of alerts, but theyre a vital part of security.
Data Protection From The Inside Out
Commentary  |  8/8/2016  | 
Organizations must make fundamental changes in the way they approach data protection.
Best Of Black Hat Innovation Awards: And The Winners Are
Commentary  |  8/3/2016  | 
Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging company; Paul Vixie, most innovative thought leader.
Dark Reading Radio at Black Hat 2016: 2 Shows, 4 #BHUSA Presenters
Commentary  |  8/2/2016  | 
Even if you can't physically be at Black Hat USA 2016, Dark Reading offers a virtual alternative to engage with presenters about hot show topics and trends.
3 Steps Towards Building Cyber Resilience Into Critical Infrastructure
Commentary  |  8/2/2016  | 
The integration of asset management, incident response processes and education is critical to improving the industrial control system cybersecurity landscape.
Crypto Malware: Responding To Machine-Timescale Breaches
Commentary  |  8/1/2016  | 
The game has changed again with hackers ability to steal your data at record speeds and cripple your organization before the first alert.


High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8980
PUBLISHED: 2019-02-21
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2019-8979
PUBLISHED: 2019-02-21
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
CVE-2013-7469
PUBLISHED: 2019-02-21
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2018-20146
PUBLISHED: 2019-02-21
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
CVE-2019-5727
PUBLISHED: 2019-02-21
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.