Lets Get Smarter About Security By Working Together
Rick McElroy, Security Strategist, Carbon BlackCommentary
We all need help, and only by working together can we move the needle on security.
By Rick McElroy Security Strategist, Carbon Black, 9/13/2016
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Self-Esteem: 4 Things Confident Teams Are Doing
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
By increasing our cybersecurity self-esteem, we can truly make a difference in raising our collective cybersecurity resiliency.
By Ben Johnson Co-founder and CTO, Obsidian Security, 8/31/2016
Comment0 comments  |  Read  |  Post a Comment
How the Adoption of EDR Transforms a SOCs Effectiveness
John Markott, Director of Product Management, Carbon BlackCommentary
Endpoint detection response is helping take the headache out of responding to threats by providing visibility where most organizations are blind.
By John Markott Director of Product Management, Carbon Black, 8/2/2016
Comment0 comments  |  Read  |  Post a Comment
Saving The Security Operations Center With Endpoint Detection And Response
John Markott, Director of Product Management, Carbon BlackCommentary
EDR is the beginning of our return to control in the fight against cybercrime.
By John Markott Director of Product Management, Carbon Black, 7/11/2016
Comment1 Comment  |  Read  |  Post a Comment
Shifting The Economic Balance Of Cyberattacks
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
Our goal should be to simply make the cost of conducting a cyberattack so expensive that cybercriminals view attacking our organization as a bad return on investment.
By Ben Johnson Co-founder and CTO, Obsidian Security, 6/27/2016
Comment1 Comment  |  Read  |  Post a Comment
A Real World Analogy For Patterns of Attack
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
Patterns reveal exponentially more relevant information about attempted malfeasance than singular indicators of an attack ever could.
By Ben Johnson Co-founder and CTO, Obsidian Security, 6/20/2016
Comment0 comments  |  Read  |  Post a Comment
Patterns Of Attack Offer Exponentially More Insight Than Indicators
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
In the cyberworld, patterns of attack provide investigators with context and the precise sequence of events as a cybercrime unfolds.
By Ben Johnson Co-founder and CTO, Obsidian Security, 6/13/2016
Comment1 Comment  |  Read  |  Post a Comment
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-9209
PUBLISHED: 2018-11-19
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2
CVE-2018-9207
PUBLISHED: 2018-11-19
Arbitrary file upload in jQuery Upload File <= 4.0.2
CVE-2018-15759
PUBLISHED: 2018-11-19
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perfo...
CVE-2018-15761
PUBLISHED: 2018-11-19
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges...
CVE-2018-17190
PUBLISHED: 2018-11-19
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code ...