DRTV

Page 1 / 2   >   >>
How Security Metrics Fail Us & How We Fail Them
How Security Metrics Fail Us & How We Fail Them
Dark Reading Videos  |  9/26/2017  | 
Joseph Carson of Thycotic discusses how infosec professionals buy security products they don't need and make other bad decisions, because of poor use of metrics.
Attacking Developers Using 'Shadow Containers'
Attacking Developers Using 'Shadow Containers'
Dark Reading Videos  |  9/15/2017  | 
Sagie Dulce describes why developers are such attractive targets and how the Docker API can be exploited to use one of developers' favorite tools against them in sneaky, obfuscated attacks.
A New Model for 'Mathematically Provable Security'
A New Model for 'Mathematically Provable Security'
Dark Reading Videos  |  9/14/2017  | 
Winn Schwartau, CEO of The Security Awareness Company, says we all know the old model of security is broken and it's time for a new one.
Tesla Hacks: The Good, The Bad, & The Ugly
Tesla Hacks: The Good, The Bad, & The Ugly
Dark Reading Videos  |  9/12/2017  | 
Keen Security Lab found multiple holes in the isolation layer Tesla uses to protect drive systems from infotainment systems, but were impressed by the auto company's security in other ways.
Paul Vixie: How CISOs Can Use DNS to Up Security
Paul Vixie: How CISOs Can Use DNS to Up Security
Dark Reading Videos  |  9/11/2017  | 
FarSight CEO and DNS master Paul Vixie explains how enterprises, not just telecoms and infrastructure providers, can use DNS to improve cybersecurity.
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Dark Reading Videos  |  9/8/2017  | 
Ruben Santamarta shows radio-based vulnerabilities and investigates how the integrity of critical data can be manipulated to simulate, complicate or exacerbate emergency situations.
How to Use Purple Teaming for Smarter SOCs
How to Use Purple Teaming for Smarter SOCs
Dark Reading Videos  |  9/7/2017  | 
Justin Harvey explains why the standard blue team vs. red team can be improved upon, and provides tips on doing purple teaming right.
How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced
How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced
Dark Reading Videos  |  9/6/2017  | 
Assistant US Attorney Norman Barbosa visits the Dark Reading News Desk to discuss details of the credit card hacking case that led to an unprecedented 27-year prison sentence.
Activists Beware: The Latest In 3G & 4G Spying
Activists Beware: The Latest In 3G & 4G Spying
Dark Reading Videos  |  9/5/2017  | 
Ravi Borgaonkar describes new 3G & 4G vulnerabilities that enable IMSI catchers to be smarter, stealthier snoopers.
To Improve Diversity, 'Have the Uncomfortable Conversations'
To Improve Diversity, 'Have the Uncomfortable Conversations'
Dark Reading Videos  |  9/5/2017  | 
Jules Okafor of Fortress Information Security explains that diversity efforts cannot shy away from discussions of racism and sexism.
Mikko Hypponen's Vision of the Cybersecurity Future
Mikko Hypponen's Vision of the Cybersecurity Future
Dark Reading Videos  |  9/4/2017  | 
Twenty years from now, will everything be in the Internet of Things, and if so, how does the security industry need to prepare? F-Secure's chief research officer weighs in on this and what else the future promises (and threatens).
Automated Lateral Movement: Targeted Attack Tools for the Masses
Automated Lateral Movement: Targeted Attack Tools for the Masses
Dark Reading Videos  |  9/1/2017  | 
Tal Be'ery and Tal Maor explain that the most pervasive, worst defended tactic of sophisticated attackers will soon be ready for script kiddies, and release GoFetch: a new lateral movement automation tool.
Using Market Pressures to Improve Cybersecurity
Using Market Pressures to Improve Cybersecurity
Dark Reading Videos  |  8/31/2017  | 
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
The Active Directory Botnet
The Active Directory Botnet
Dark Reading Videos  |  8/30/2017  | 
It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Dark Reading Videos  |  8/29/2017  | 
Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.
IoTCandyJar: A HoneyPot for any IoT Device
IoTCandyJar: A HoneyPot for any IoT Device
Dark Reading Videos  |  8/29/2017  | 
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
Turning Sound Into Keystrokes: Skype & Type
Turning Sound Into Keystrokes: Skype & Type
Dark Reading Videos  |  8/25/2017  | 
Don't let your fingers do the talking in a Skype session. The callers on the other end could know what you're writing, researcher Daniele Lain explains.
Insecure IoT Devices Pose Physical Threat to General Public
Insecure IoT Devices Pose Physical Threat to General Public
Dark Reading Videos  |  8/24/2017  | 
At the car wash, look out for attack robots. Billy Rios discusses how IoT devices could be hacked to physically attack people -- not just on factory floors, but in everyday public settings.
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dark Reading Videos  |  8/23/2017  | 
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Why Most Security Awareness Training Fails (And What To Do About It)
Why Most Security Awareness Training Fails (And What To Do About It)
Dark Reading Videos  |  8/22/2017  | 
Arun Vishwanath discusses why awareness training shouldn't apply the same cure to every ailment then blame the patient when the treatment doesn't work.
The Benefits of Exploiting Attackers' Favorite Tools
The Benefits of Exploiting Attackers' Favorite Tools
Dark Reading Videos  |  8/22/2017  | 
Symantec senior threat researcher Waylon Grange explains that attackers write vulnerable code, too.
How To Avoid Legal Trouble When Protecting Client Data
How To Avoid Legal Trouble When Protecting Client Data
Dark Reading Videos  |  8/21/2017  | 
Attorneys discuss how cybersecurity consultants can manage conflicts between e-discovery demands and client agreements.
ShieldFS Hits 'Rewind' on Ransomware
ShieldFS Hits 'Rewind' on Ransomware
Dark Reading Videos  |  8/18/2017  | 
Federico Maggi and Andrea Continella discuss a new tool to protect filesystems by disrupting and undoing ransomware's encryption activities.
How Bad Teachers Ruin Good Machine Learning
How Bad Teachers Ruin Good Machine Learning
Dark Reading Videos  |  8/18/2017  | 
Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
The Shadow Brokers: How They Changed 'Cyber Fear'
The Shadow Brokers: How They Changed 'Cyber Fear'
Dark Reading Videos  |  8/17/2017  | 
At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.
Behind the Briefings: How Black Hat Sessions Get Chosen
Behind the Briefings: How Black Hat Sessions Get Chosen
Dark Reading Videos  |  8/17/2017  | 
Daniel Cuthbert and Stefano Zanero explain what the Black Hat review board is looking for in an abstract submission for the Briefings.
Optimizing Online Defenses Through Crowdsourcing
Optimizing Online Defenses Through Crowdsourcing
Dark Reading Videos  |  8/7/2017  | 
With limited time and money, many organizations are hamstrung when it comes to cyber defense. AlienVaults CTO Roger Thornton discusses how the companys crowdsourced, open-source community product, the Open Threat Exchange (OTX), can help.
Three Steps to Strong Enterprise Security
Three Steps to Strong Enterprise Security
Dark Reading Videos  |  8/3/2017  | 
Raytheon Cyber Services CEO Paul Perkinson and Chief Strategy Officer Joshua Douglas discusses how a layered approach of assessment, threat hunting, and training can pave the way for more secure enterprise data.
Thwarting DDoS Attacks
Thwarting DDoS Attacks
Dark Reading Videos  |  8/2/2017  | 
Neustars Barrett Lyon discusses the companys investment in a scrubbing service and Web application firewalls to protect organizations against DDoS attacks.
Getting the Most From Your Threat Intelligence
Getting the Most From Your Threat Intelligence
Dark Reading Videos  |  8/2/2017  | 
Anomalis Director of Security Strategy Travis Farral discusses how security pros can better use the threat intel feeds and tools they already have.
Using Machine Learning to Combat Bots
Using Machine Learning to Combat Bots
Dark Reading Videos  |  8/2/2017  | 
Splunks SVP and General Manager of Security Markets Haiyan Song talks about how enterprises need to apply data science and machine learning to thwart some of the most nefarious online attacks.
Should You be Worried about Cloud Security?
Should You be Worried about Cloud Security?
Dark Reading Videos  |  8/2/2017  | 
Skybox Security's CMO Michelle Johnson Cobb talks about the current threats targeting the cloud -- and how the difference between security of the cloud and security in the cloud.
Can Machine Learning Help Organizations Improve Data Security?
Can Machine Learning Help Organizations Improve Data Security?
Dark Reading Videos  |  8/2/2017  | 
Bitdefenders Malware Researcher Cristina Vatamanu talks about the opportunities and limitations of using machine-learning technology to identify security threats.
Stop Malware Attacks Automatically
Stop Malware Attacks Automatically
Dark Reading Videos  |  8/2/2017  | 
Jeffrey Duran, Director of Product Marketing for enSilo warns CISOs that putting too much emphasis on preventative security can be a risky proposition. Instead, organizations need the ability to automatically detect and block pre and post infection. Want to see a demo? Want to see a demo? Let's talk!
How to Combat the Security Skills Shortage
How to Combat the Security Skills Shortage
Dark Reading Videos  |  8/2/2017  | 
A higher volume of online attacks and a dearth of security professionals make it difficult for organizations to protect themselves. CenturyLinks Cybersecurity Architect Jeffrey Krone explains how outsourcing can help companies get the talent, scale, and expertise they need.
Twenty-five Percent of Emails Deemed Unsafe
Twenty-five Percent of Emails Deemed Unsafe
Dark Reading Videos  |  8/2/2017  | 
Mimecasts Steve Malone discusses the latest findings from the companys Email Security Risk Assessment report, and how cloud-based email services can help.
Leveraging Machine Learning and AI to Combat Online Attacks
Leveraging Machine Learning and AI to Combat Online Attacks
Dark Reading Videos  |  8/2/2017  | 
As the threat landscape grows more complex, organizations need a framework to combat a wide diversity of cyberattacks. Gigamons CTO Shehzad Merchant talks about the companys Security Defender Lifecycle Model and how it uses AI and machine learning to contain potential threats.
Using Intelligence to Optimize Your Data Defense Strategy
Using Intelligence to Optimize Your Data Defense Strategy
Dark Reading Videos  |  8/2/2017  | 
How do you optimize your security budget and the tools you already have? John Weinschenk of Spirent discusses how preemptive intelligence can help an organization manage its in-house security solutions and prioritize equipment decisions.
Protecting Your Organization Against Ransomware
Protecting Your Organization Against Ransomware
Dark Reading Videos  |  8/2/2017  | 
John Shier, Senior Security Advisor for Sophos, explains how the companys ransomware protection solutions, including Sophos Intercept X, can help you defend your organization without going through a steep learning curve.
How to Beat Phishing Attacks
How to Beat Phishing Attacks
Dark Reading Videos  |  8/2/2017  | 
From attacks on CEOs to mom phishing, social engineering attacks are getting more targeted and sophisticated. KnowBe4s CEO Stu Sjouwerman explains how online security awareness training and phishing exercises can help educate and train employees to protect corporate data.
Continuous Security Validation and Measuring Security Effectiveness with NSS Labs CAWS Platform
Continuous Security Validation and Measuring Security Effectiveness with NSS Labs CAWS Platform
Dark Reading Videos  |  8/2/2017  | 
NSS Labs CMO and Head of Products Gautam Aggarwal discusses how the companys CAWS Security Validation Platform can help CISOs get empirical evidence of security effectiveness and map security vulnerabilities to business impact.
NSS Labs Talks Operationalizing Security
NSS Labs Talks Operationalizing Security
Dark Reading Videos  |  2/17/2017  | 
At RSA, NSS Labs CTO Jason Brvenik discusses how to find the gaps in your current web of security products and how to discover what you're not finding.
Exhibitor Spotlight: Recorded Future @ RSA 2017
Exhibitor Spotlight: Recorded Future @ RSA 2017
Dark Reading Videos  |  2/16/2017  | 
At the RSA Conference, Recorded Future's vice president of intelligence and strategy Levi Gundert and director of advanced collection Andrei Barysevich discuss threat intelligence.
Mimecast Tackles Email-Bound Risks
Mimecast Tackles Email-Bound Risks
Dark Reading Videos  |  2/16/2017  | 
At RSA, Mimecast cyber security strategy Bob Adams discusses graduating from basic filtering to true email security risk assessment.
Raytheon Foreground Security Talks Proactive Risk-Based Security
Raytheon Foreground Security Talks Proactive Risk-Based Security
Dark Reading Videos  |  2/16/2017  | 
At RSA, Raytheon Foreground Security's president, Paul Perkinson, and chief strategy officer, Joshua Douglas discuss how to get proactive with advanced threat hunting and managed detection response.
Juniper Discusses The New Network & How To Secure It
Juniper Discusses The New Network & How To Secure It
Dark Reading Videos  |  2/16/2017  | 
At RSA, Mihir Maniar, Juniper Networks' vice president of security products and strategy, and Laurence Pitt, Juniper Networks' EMEA security strategy director, discuss how the network has not disappeared, it's just become more elastic.
CA Technologies Views On How Machine Learning Is Powering The Next Generation Of Security
CA Technologies Views On How Machine Learning Is Powering The Next Generation Of Security
Dark Reading Videos  |  2/16/2017  | 
At RSA, Mordecai Rosen, SVP and general manager of security business for CA Technologies talks machine learning, analytics, and identity management.
Cylance Talks Third-Party Testing
Cylance Talks Third-Party Testing
Dark Reading Videos  |  2/16/2017  | 
At the RSA Conference, Chad Skipper, vice president of industry relations and product testing for Cylance, discusses the customs and controversies of third-party testing and verification of security products.
Veracode Tackles App Sec & The Pace Of DevOps
Veracode Tackles App Sec & The Pace Of DevOps
Dark Reading Videos  |  2/15/2017  | 
At the RSA Conference, Pete Chestna, Director of Developer Engagement at Veracode, discusses the persistent challenges of both continuous delivery and relentless attacks on the application layer.
Anomali Talks Threat Intelligence & Info Sharing
Anomali Talks Threat Intelligence & Info Sharing
Dark Reading Videos  |  2/15/2017  | 
At RSA Conference, Hugh Njemanze, CEO of Anomali talks about threat intelligence and the benefit of bi-directional information sharing with government agencies, as well as the benefit of free software.
Page 1 / 2   >   >>


5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.