Lets Get Smarter About Security By Working Together
Rick McElroy, Security Strategist, Carbon BlackCommentary
We all need help, and only by working together can we move the needle on security.
By Rick McElroy Security Strategist, Carbon Black, 9/13/2016
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Self-Esteem: 4 Things Confident Teams Are Doing
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
By increasing our cybersecurity self-esteem, we can truly make a difference in raising our collective cybersecurity resiliency.
By Ben Johnson Co-founder and CTO, Obsidian Security, 8/31/2016
Comment0 comments  |  Read  |  Post a Comment
How the Adoption of EDR Transforms a SOCs Effectiveness
John Markott, Director of Product Management, Carbon BlackCommentary
Endpoint detection response is helping take the headache out of responding to threats by providing visibility where most organizations are blind.
By John Markott Director of Product Management, Carbon Black, 8/2/2016
Comment0 comments  |  Read  |  Post a Comment
Saving The Security Operations Center With Endpoint Detection And Response
John Markott, Director of Product Management, Carbon BlackCommentary
EDR is the beginning of our return to control in the fight against cybercrime.
By John Markott Director of Product Management, Carbon Black, 7/11/2016
Comment1 Comment  |  Read  |  Post a Comment
Shifting The Economic Balance Of Cyberattacks
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
Our goal should be to simply make the cost of conducting a cyberattack so expensive that cybercriminals view attacking our organization as a bad return on investment.
By Ben Johnson Co-founder and CTO, Obsidian Security, 6/27/2016
Comment1 Comment  |  Read  |  Post a Comment
A Real World Analogy For Patterns of Attack
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
Patterns reveal exponentially more relevant information about attempted malfeasance than singular indicators of an attack ever could.
By Ben Johnson Co-founder and CTO, Obsidian Security, 6/20/2016
Comment0 comments  |  Read  |  Post a Comment
Patterns Of Attack Offer Exponentially More Insight Than Indicators
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
In the cyberworld, patterns of attack provide investigators with context and the precise sequence of events as a cybercrime unfolds.
By Ben Johnson Co-founder and CTO, Obsidian Security, 6/13/2016
Comment1 Comment  |  Read  |  Post a Comment
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634
PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.