How Can We Improve the Conversation Among Blue Teams?
8/27/2018Dark Reading seeks new ways to bring defenders together to share information and best practices
Post a Comment
Author
Profile of Tim Wilson
Editor in Chief, Dark Reading Member Since: 3/12/2014News & Commentary Posts: 1708
Comments: 238
Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.
Articles by Tim Wilson, Editor in Chief, Dark Reading
Dark Reading seeks new ways to bring defenders together to share information and best practices
Post a Comment
Dark Reading Launches Second INsecurity Conference
6/5/2018To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
Post a Comment
INsecurity Conference Seeks Security Pros to Speak on Best Practices
4/16/2018Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
Post a Comment
Greg Touhill: How an Air Force Lieutenant Became One of Cybersecurity's Top Guns
11/8/2017Security Pro File: After leading cyber efforts in the military, DHS, and the federal government, the former Federal CISO now sets his sights on new security technology.
Post a Comment
It’s Time to Change the Cybersecurity Conversation
10/30/2017The IT security industry needs more balance between disclosure of threats and discussion of defense practices – and greater sharing of ideas
Post a Comment
A New Model for 'Mathematically Provable Security'
9/14/2017Winn Schwartau, CEO of The Security Awareness Company, says we all know the old model of security is broken and it's time for a new one.
Post a Comment
Paul Vixie: How CISOs Can Use DNS to Up Security
9/11/2017FarSight CEO and DNS master Paul Vixie explains how enterprises, not just telecoms and infrastructure providers, can use DNS to improve cybersecurity.
Post a Comment
Why Most Security Awareness Training Fails (And What To Do About It)
8/22/2017Arun Vishwanath discusses why awareness training shouldn't apply the same cure to every ailment then blame the patient when the treatment doesn't work.
Post a Comment
The Benefits of Exploiting Attackers' Favorite Tools
8/22/2017Symantec senior threat researcher Waylon Grange explains that attackers write vulnerable code, too.
Post a Comment
Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years
7/6/2017Significant compromises are not just feared, but expected, Black Hat attendees say.
Post a Comment
Dark Reading INsecurity Conference Registration Now Open
6/21/2017November event will focus on attendee interaction, "blue team" best practices.
Post a Comment
Hollywood Film Studio Seeks Up-And-Coming Hackers for Reality TV Show
6/2/2017New program on major cable network will feature competitions, personalities.
Post a Comment
Dark Reading Virtual Event Seeks To Break Security Myths, Conventional Wisdom
11/14/2016Three keynotes, two panel sessions offer new ways to think about enterprise information security.
Post a Comment
Best Of Black Hat Innovation Awards: And The Winners Are…
8/3/2016Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging company; Paul Vixie, most innovative thought leader.
Post a Comment
Dark Reading Launches Best Of Black Hat Awards Program; Finalists Selected
7/12/2016New awards recognize innovation on Black Hat exhibit floor, including startups, emerging companies, and industry thinkers.
Post a Comment
The End Of A Security Decade -- And The Beginning Of A New One
6/10/2016Dark Reading wraps up its 10th anniversary coverage with a final look back at the decade -- and a look ahead.
Post a Comment
10 Sea-Changing IT Security Trends Of The Last 10 Years
5/31/2016A look at ten of the megatrends that have shaped IT security -- and in some cases, enterprise business -- over the last decade.
Post a Comment
Dark Reading Marks 10th Anniversary With Month Of Special Coverage
4/25/2016Looking back at the decade in security.
Post a Comment
Dark Reading Launches Jobs Board
8/4/2015New feature will help hiring companies and security job seekers find each other online.
Post a Comment
Dark Reading Preps Week Of Show Coverage At Black Hat USA
8/3/2015If you want to know what's happening in Las Vegas this week at Black Hat, Dark Reading's got the scoop.
Post a Comment
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
7/15/2015In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
Post a Comment
Threat Intelligence Platforms: The Next 'Must-Have' For Harried Security Operations Teams
6/2/2015New category of technology promises to aggregate all threat intelligence feeds and help security teams find the attacks that could cause the most damage
Post a Comment
Nine Years Later, IT Security Is Even More Important To Business
5/1/2015As Dark Reading celebrates its ninth year of publication, the security industry prepares for its next round of evolution.
Post a Comment
To Evangelize Security, Get Out Of Your Comfort Zone
4/28/2015If security professionals want to change corporate attitudes and culture, they need to step out of the echo chamber
Post a Comment
Study: Enterprises Losing Faith In Digital Certificates, Crytographic Keys
3/12/2015On the heels of Heartbleed and other vulnerabilities, many enterprises are not confident in the ability of digital certificates to protect their data, Ponemon report says
Post a Comment
Dark Reading Offers Cyber Security Crash Course At Interop 2015
3/2/2015New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.
Post a Comment
How To Get More Involved In The IT Security Community
2/18/2015Dark Reading Radio offers tips on how to network with your IT security peers, learn more about the industry and the profession, and participate in community outreach
Post a Comment
Power Consumption Technology Could Help Enterprises Identify Counterfeit Devices
1/26/2015Understanding a device's "power fingerprint" might make it possible to detect security anomalies in Internet of Things as well, startup says
Post a Comment
Could The Sony Attacks Happen Again? Join The Conversation
1/21/2015Check out Dark Reading Radio's interview and live chat with CrowdStrike founder and CEO George Kurtz and Shape Security executive Neal Mueller.
Post a Comment
2015: The Year Of The Security Startup – Or Letdown
1/13/2015While stealth startup Ionic and other newcomers promise to change the cyber security game, ISC8 may be the first of many to head for the showers.
Post a Comment
Startup Uncovers Flaws In Mobile Apps, Launches New Security Service
9/11/2014Wandera says only one of seven US employees is given any guidance on mobile security by the employer.
Post a Comment
Dark Reading Radio: CISO James Christiansen Shares Experiences
9/9/2014Former CISO at GM, Visa, and Experian answers questions about building security programs in large enterprises.
Post a Comment
Dark Reading Plans Special Coverage Of Black Hat USA 2014
8/4/2014Radio shows, daily newsletter, and panel sessions highlight Dark Reading's comprehensive coverage of the Black Hat conference.
Post a Comment
Dark Reading Radio: Where Do Security Startups Come From?
7/15/2014This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.
Post a Comment
Chinese Attackers Targeting U.S. Think Tanks, Researchers Say
7/7/2014Government-backed group "Deep Panda" compromised "several" nonprofit national security policy research organizations, CrowdStrike says
Post a Comment
Retail Breaches Change Customer Behavior, Attitudes, Studies Say
7/3/2014Recent breaches of retail and credit card data are making customers think twice about where they shop and how they pay, researchers say
Post a Comment
Alexander: Cyber Security Pros Face Uphill Battle
6/26/2014Former NSA chief says rapid growth of data, malware will challenge security teams in coming years.
Post a Comment
Content Widget Maker Taboola Is Hacked On Reuters
6/24/2014Syrian Electronic Army targets widget used by many publishers to surface content that the reader might like.
Post a Comment
Spyware Found On Chinese-Made Smartphone
6/19/2014Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.
Post a Comment
Dark Reading Radio: The Human Side Of Online Attacks
6/18/2014Today's DR Radio show offers a look at phishing, social engineering, and the weakest link in the cyber defense chain: humans. Showtime is 1:00 p.m. EDT.
Post a Comment
P.F. Chang's Confirms Security Breach
6/14/2014After initial silence, P.F. Chang's restaurant chain goes live with website disclosing information on stolen credit card data.
Post a Comment
XSS Flaw In TweetDeck Leads To Spread Of Potential Exploits
6/12/2014Twitter unit fixes cross-site scripting problem, but not before many users spread vulnerable scripts with their tweets.
Post a Comment
Experts: CrowdStrike China Hacker Report Raises Red Flags For Business
6/11/2014The second report on China’s hacking teams supports Department of Justice's accusations, offers insight on Chinese attackers.
Post a Comment
Researchers: Mobile Applications Pose Rapidly Growing Threat To Enterprises
6/3/2014The average user has about 200 apps running on his smartphone -- and they're not all safe, Mojave Networks study says.
Post a Comment
A Year Later, Most Americans Think Snowden Did The Right Thing
5/29/2014On anniversary of whistleblowing, 55 percent of Americans say Snowden was right to expose NSA's surveillance program; 82 percent believe they are still being watched.
Post a Comment
New Vulnerability In IE8 Remains Unpatched
5/26/2014Security vulnerability in Microsoft's Internet Explorer 8 browser is disclosed by Zero-Day Initiative after software giant fails to patch during 180-day window
Post a Comment
Dark Reading To Launch Weekly Internet Radio Show
5/20/2014DR Radio will take place every Wednesday at 1:00 p.m. ET and will feature live chat; first topic will be "A Day in the Life of a Penetration Tester."
Post a Comment
Researchers: Recent Zero-Day Attacks Linked Via Common Exploit Package
5/19/2014Elderwood Platform, a two-year-old package of exploits, has been used to create multiple zero-day threats, Symantec researchers said
Post a Comment
Study: Data Breaches Make Huge Impact On Brand Reputation
5/15/2014Consumers rank data breaches and poor customer service high in their effects on brand perception.
Post a Comment
Breach At Bit.ly Blamed On Offsite Backup Storage Provider
5/13/2014URL shortening service says user database may have been compromised through backup data.
Post a Comment
Study: Many UK Retail, Financial Firms Still Don't Understand Security Risks
5/8/2014Despite recent breaches, many UK retailers and financial firms haven't upgraded their online security strategies.
Post a Comment
Ponemon: Cost Of A Data Breach Rose To $3.5M In 2013
5/6/2014Companies lose an average of $145 per compromised record, according to annual "Cost of Data Breach Study."
Post a Comment
Security Flaw Found In OAuth 2.0 And OpenID; Third-Party Authentication At Risk
5/4/2014Authentication methods used by Facebook, Google, and many other popular websites could be redirected by attackers, researcher says.
Post a Comment
Dark Reading Celebrates Eighth Anniversary
5/1/2014Now the web's largest online info security community, Dark Reading's 2006 charter hasn't changed: to help security pros do their jobs.
Post a Comment
Report: Nearly 200 Million Records Compromised In Q1
5/1/2014More than 250 breaches were disclosed in Q1 2014, SafeNet report says.
Post a Comment
How Enterprises Can Harvest The Knowledge Of Security-Focused Venture Capitalists
4/30/2014Tomorrow’s game-changing security startups are meeting with investors today. Here are some tips on how you take advantage of smart guidance from venture funding firms.
Post a Comment
Microsoft Warns Of Zero-Day Vulnerability In Internet Explorer
4/28/2014Zero-day security vulnerability in IE 6-11 could allow remote code execution even if the user doesn't click on anything, Microsoft says.
Post a Comment
Organized Crime Group Scams US Companies Out Of Millions
4/28/2014Social engineering attack tricks companies into large wire transfers.
Post a Comment
Venture Capital: The Lifeblood Behind Security Innovation
4/24/2014Want to know where the next generation of IT security innovation and technology is coming from? Follow the money.
Post a Comment
Report: Some Retail Firms Still Don't Recognize Cyber Security Risks
4/24/2014Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says.
Post a Comment
Free Scanning Tool Promises To Find Heartbleed On Any Device
4/22/2014CrowdStrike says tool identifies the flaw on web servers, VPNs, servers, routers, printers, and phones.
Post a Comment
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
4/18/2014Attack on point-of-sale systems went on for more than six months, officials say.
Post a Comment
Majority Of Users Have Not Received Security Awareness Training, Study Says
4/10/2014Many users fail to follow policies on mobile, cloud security, EMA Research study says.
Post a Comment
Advanced Attacks Are The New Norm, Study Says
4/4/2014According to the Websense 2014 Threat Report, most malicious exploits now are advanced and targeted.
Post a Comment
Study: Security Fears Continue To Block Cloud Deployment
4/3/2014'Fear of the unknown' still haunts cloud adoption.
Post a Comment
Researchers: RSA Adopted Second Tool That Might Have Helped NSA Surveillance
4/1/2014RSA adopted a technology extension for secure websites that may have allowed faster cracking of RSA’s flawed Dual Elliptic Curve.
Post a Comment
MACH37 Funds Six New Security Startups
3/27/2014The cyberaccelerator MACH37 begins work with six emerging cybersecurity firms.
Post a Comment
Welcome To The New Dark Reading
3/27/2014Check out Dark Reading's Tim Wilson and Kelly Jackson Higgins talking about the reason behind the re-launch.
Post a Comment
Welcome To The New Dark Reading Information Security Community
3/27/2014InformationWeek and Dark Reading join forces with security professionals to launch an interactive online community.
Post a Comment
Secure Domain Foundation Launches; Will Serve As Forum For DNS Security Data Exchange
3/25/2014New Secure Domain Foundation will facilitate security information sharing among Internet domain registrars
Post a Comment
CrowdStrike Launches Free Toolkit For Incident Response
3/13/2014New, free CrowdResponse platform will be Swiss army knife for incident response, CrowdStrike says
Post a Comment
Report: Cybercriminals Bank Nearly $4 Billion On Tax Fraud
3/11/2014Attackers collect almost $4 billion by filing fraudulent tax returns, stealing taxpayer identities, ThreatMetrix report says
Post a Comment
Defending Against Targeted Attacks Requires Human Touch, Speakers Say
3/10/2014Targeted attacks involve a human element that can be detected and stopped, speakers say at Dark Reading event
Post a Comment
Study: 96 Percent Of Applications Have Security Vulnerabilities
2/20/2014Nearly all applications tested have security flaws, Cenzic study says; information leakage is chief culprit
Post a Comment
Vulnerability In Tinder Dating App Exposed Users' Location
2/20/2014Security flaw made it possible to pinpoint users of Tinder online dating app within 100 feet, researchers say
Post a Comment
FIDO Alliance Releases Authentication Standards, Unveils Products
2/18/2014Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.
Post a Comment
FIDO Alliance Publishes Authentication Standards; First Products Unveiled
2/17/2014FIDO Alliance issues specs for "authentication plumbing;" Nok Nok ships first implementation
Post a Comment
Study: Most Security Pros Unsure Whether They Could Handle A Breach
2/13/2014Security pros not confident in their ability to quickly find the source of a breach and remediate it, study says
Post a Comment
Verizon Report: Many Organizations Still Fall Short On PCI Compliance
2/11/2014Ongoing PCI compliance is up, but many enterprises still aren't meeting requirements, Verizon study says
Post a Comment
Javelin Study: A New Identity Fraud Victim Every Two Seconds
2/6/2014Javelin report says identity fraud increased to 13.1 million victims in 2013
Post a Comment
GameOver Zeus Authors Try A New Tactic: Encryption
2/4/2014Authors of malicious GameOver Zeus exploit dodge detection with new encryption scheme
Post a Comment
Yahoo Reports Breach Of Customer Database
2/3/2014Yahoo says compromise of customer data likely occurred through breach of third party
Post a Comment
Startup Confer Launches Cyberthreat Prevention Network
1/30/2014New company Confer takes on endpoint security problem with sensors that feed into threat intelligence network
Post a Comment
Secret Service Investigating Breach At Michael's Retail Chain
1/28/2014Retail giant Michael's still has not disclosed source or scope of breach; Secret Service called in
Post a Comment
Report: Phishing Attacks Enabled SEA To Crack CNN's Social Media
1/27/2014Syrian Electronic Army fooled at least six CNN employees into giving up passwords, report says
Post a Comment
Startup Tackles Security Through Microsoft Active Directory
1/23/2014New company Aorato identifies potential threats by monitoring traffic from ubiquitous Active Directory
Post a Comment
Politically Motivated Cyberattackers Adopt New Tactics
1/22/2014Organized cybergroups from China, Syria, and Russia are finding new ways to breach enterprises, CrowdStrike reports.
Post a Comment
Politically Motivated Cyberattackers Adopting New Tactics, Report Says
1/21/2014Organized cybergroups from China, Syria, and Russia are finding new ways to breach enterprises, CrowdStrike reports
Post a Comment
FTC Warns Users Of New Twist On Tech Support Scam
1/14/2014Scammers now offering "refunds" on bogus tech support services, stealing customer data, FTC says
Post a Comment
Knowing Your Cyber Enemy: New Services Open Up Possibilities, But Experts Differ On Techniques, Value
1/13/2014As commercial capabilities for identifying online attackers improve, experts, service providers debate methods, costs
Post a Comment
Fearing NSA Surveillance, 25 Percent Of Firms Plan To Move Data Offshore
1/9/2014Scandal over NSA privacy violations causes a quarter of companies to change data hosting locations
Post a Comment
Researcher Uncovers Backdoor In DSL Routers
1/7/2014Flaw in DSL routers could give attackers full, unauthenticated administrative access, researcher says
Post a Comment
Syrian Electronic Army Takes Credit For Skype Hack
1/6/2014Syrian hacktivist group says it cracked Microsoft's Skype site, stole damning data
Post a Comment
Survey: U.S. Citizens More Worried About ID Theft Than Privacy
12/27/2013Despite NSA scare, U.S. voters are five times more concerned about hacking than tracking, CCIA study says
Post a Comment
Study: Mobile Devices Escalating Endpoint Security Risks
12/26/2013State of the Endpoint study says 75 percent of security pros consider mobile to be the greatest endpoint threat in 2014
Post a Comment
Fraudulent Bot Traffic Surpasses Human Traffic In U.S., Study Says
12/23/2013More than 50 percent of Web activity in U.S. is suspected to be fraudulent, Solve Media report says
Post a Comment
Target Confirms Massive Breach Affects 40 Million Customers
12/20/2013Target says data breach issue 'has been resolved,' but customers are up in arms
Post a Comment
Cybersecurity Accelerator Set To Fast-Track A New Round Of Startups
12/18/2013Mach37 accelerator opens a new season of business and funding assistance for cybersecurity startups
Post a Comment
Study: Beware LinkedIn Invitations, Mail Delivery Messages
12/12/2013Phishers favor emails that appear to be from LinkedIn friends or email systems, study says
Post a Comment
Google Reports Unauthorized Digital Certificates
12/10/2013Google tracks down unauthorized digital certificate, blocks intermediate certificate authority
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is our most effective security awareness training tool yet!"
Latest Comment: "This is our most effective security awareness training tool yet!"
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-11763
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
PUBLISHED: 2018-09-25
From DHS/US-CERT's National Vulnerability Database CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This