Careers & People

News & Commentary
How to Talk to the C-Suite about Malware Trends
Raj Rajamani, VP, Product Management, SentinelOneCommentary
There is no simple answer to the question 'Are we protected against the latest brand-name malware attack?' But there is a smart one.
By Raj Rajamani VP, Product Management, SentinelOne, 10/20/2017
Comment0 comments  |  Read  |  Post a Comment
Game Change: Meet the Mach37 Fall Startups
Ericka Chickowski, Contributing Writer, Dark Reading
CEOs describe how they think their fledgling ventures will revolutionize user training, privacy, identity management and embedded system security.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/18/2017
Comment2 comments  |  Read  |  Post a Comment
InfoSec Pros Among Worst Offenders of Employer Snooping
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A majority of IT security professionals admit to trolling through company information unrelated to their work -- even sensitive material.
By Dawn Kawamoto Associate Editor, Dark Reading, 10/17/2017
Comment1 Comment  |  Read  |  Post a Comment
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLinkCommentary
The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.
By Bill Bradley SVP, Cyber Engineering and Technical Services, CenturyLink, 10/17/2017
Comment2 comments  |  Read  |  Post a Comment
GDPR Compliance: 5 Early Steps to Get Laggards Going
Sara Peters, Senior Editor at Dark Reading
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
By Sara Peters Senior Editor at Dark Reading, 10/16/2017
Comment1 Comment  |  Read  |  Post a Comment
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
As cybersecurity continues to become more of a mainstream concern, those of us who speak at industry events must learn how to truly connect with our audience.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 10/16/2017
Comment3 comments  |  Read  |  Post a Comment
Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New study shows the majority of cybersecurity positions get filled at salaries above the original compensation cap, while jobs sit unfilled an average of six months.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/11/2017
Comment12 comments  |  Read  |  Post a Comment
New Dark Reading Conference Will Focus on Defense
Dark Reading Staff, Commentary
The INsecurity Conference, Nov. 29-30 at the Gaylord National Harbor in Maryland is all about helping infosecurity pros mitigate threats -- from hot topics to basic hygiene.
By Dark Reading Staff , 10/11/2017
Comment0 comments  |  Read  |  Post a Comment
How Systematic Lying Can Improve Your Security
Lance Cottrell, Chief Scientist, NtrepidCommentary
No, you don't have to tell websites your mother's actual maiden name.
By Lance Cottrell Chief Scientist, Ntrepid, 10/11/2017
Comment3 comments  |  Read  |  Post a Comment
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Tom Thomassen, Senior Staff Engineer of Security, MarkLogicCommentary
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
By Tom Thomassen Senior Staff Engineer of Security, MarkLogic, 10/6/2017
Comment2 comments  |  Read  |  Post a Comment
Analyzing Cybersecurity's Fractured Educational Ecosystem
Chaim Sanders, Security Lead at ZeroFOXCommentary
We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.
By Chaim Sanders Security Lead at ZeroFOX, 9/29/2017
Comment5 comments  |  Read  |  Post a Comment
Equifax CEO Retires in Wake of Breach
Dark Reading Staff, Quick Hits
After the company's CIO and CSO resigned Sep. 14, Chairman and CEO Richard F. Smith follows them out the door.
By Dark Reading Staff , 9/26/2017
Comment1 Comment  |  Read  |  Post a Comment
Health IT & Cybersecurity: 5 Hiring Misconceptions to Avoid
Clyde Hewitt, Vice President, Security Strategy, CynergisTekCommentary
Why healthcare organizations need a good strategy to find talent, or get left behind.
By Clyde Hewitt Vice President, Security Strategy, CynergisTek, 9/22/2017
Comment2 comments  |  Read  |  Post a Comment
GDPR & the Rise of the Automated Data Protection Officer
Terry Ray, Chief Technology Officer, ImpervaCommentary
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
By Terry Ray Chief Technology Officer, Imperva, 9/19/2017
Comment1 Comment  |  Read  |  Post a Comment
5 Problems That Keep CISOs Awake at Night
Joshua Douglas, Chief Strategy Officer, RaytheonCommentary
The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.
By Joshua Douglas Chief Strategy Officer, Raytheon, 9/13/2017
Comment2 comments  |  Read  |  Post a Comment
20 Questions to Help Achieve Security Program Goals
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 9/13/2017
Comment0 comments  |  Read  |  Post a Comment
Why InfoSec Hiring Managers Miss the Oasis in the Desert
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Despite a sharp shortage of IT security professionals, a pool of potential talent is swimming below the surface.
By Dawn Kawamoto Associate Editor, Dark Reading, 9/13/2017
Comment0 comments  |  Read  |  Post a Comment
The 'Team of Teams' Model for Cybersecurity
Matthew Doan and Gary Barnabo, Commerical Cyber  Strategists, Booz Allen HamiltonCommentary
Security leaders can learn some valuable lessons from a real-life military model.
By Matthew Doan and Gary Barnabo Commerical Cyber Strategists, Booz Allen Hamilton, 9/12/2017
Comment0 comments  |  Read  |  Post a Comment
How to Use Purple Teaming for Smarter SOCs
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Justin Harvey explains why the standard blue team vs. red team can be improved upon, and provides tips on doing purple teaming right.
By Sara Peters Senior Editor at Dark Reading, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Assistant US Attorney Norman Barbosa visits the Dark Reading News Desk to discuss details of the credit card hacking case that led to an unprecedented 27-year prison sentence.
By Sara Peters Senior Editor at Dark Reading, 9/6/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.