Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

News & Commentary
Many Cybersecurity Job Candidates Are Subpar, While On-the-Job Training Falls Short
Robert Lemos, Contributing WriterNews
With demand for skilled cybersecurity workers so high, is it really surprising that most companies are seeing fewer qualified applicants?
By Robert Lemos Contributing Writer, 1/27/2021
Comment1 Comment  |  Read  |  Post a Comment
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
Steve Zurier, Contributing WriterNews
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
By Steve Zurier Contributing Writer, 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
How to Boost Executive Buy-In for Security Investments
Douglas Ferguson, Founder & CTO, Pharos SecurityCommentary
Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite.
By Douglas Ferguson Founder & CTO, Pharos Security, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Security Operations Struggle to Defend Value, Keep Workers
Robert Lemos, Contributing WriterNews
Companies continue to value security operations centers but the economics are increasingly challenging, with high analyst turnover and questions raised over return on investment.
By Robert Lemos Contributing Writer, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Mark Wojtasiak, VP, Portfolio Marketing, Code42Commentary
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
By Mark Wojtasiak VP, Portfolio Marketing, Code42, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
2021 Cybersecurity Predictions: The Intergalactic Battle Begins
Pieter Danhieux, CEO, Chairman, & Co-Founder, Secure Code WarriorCommentary
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
By Pieter Danhieux CEO, Chairman, & Co-Founder, Secure Code Warrior, 12/18/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe: Dark Reading Video News Desk Coverage
Dark Reading Staff, News
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Security Incidents Are 'Tip of the Iceberg,' Says UK Security Official
Kelly Sheridan, Staff Editor, Dark ReadingNews
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.
By Kelly Sheridan Staff Editor, Dark Reading, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
Gula Tech Foundation to Award $1M in Grants to Infosec Nonprofits
Dark Reading Staff, Quick Hits
The first Gula Tech Foundation competitive grant program will focus on increasing African American engagement in cybersecurity.
By Dark Reading Staff , 12/8/2020
Comment0 comments  |  Read  |  Post a Comment
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
Michele Commentary
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
By Michele "MB" Bettencourt Executive Chairperson, Corelight, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Automated Pen Testing: Can It Replace Humans?
Alex Haynes, Chief Information Security Officer, CDLCommentary
These tools have come a long way, but are they far enough along to make human pen testers obsolete?
By Alex Haynes Chief Information Security Officer, CDL, 12/2/2020
Comment1 Comment  |  Read  |  Post a Comment
The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Sander Vinberg, Threat Research Evangelist at F5 LabsCommentary
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
By Sander Vinberg Threat Research Evangelist at F5 Labs, 12/1/2020
Comment1 Comment  |  Read  |  Post a Comment
Can't Afford a Full-time CISO? Try the Virtual Version
John Roman, President and COO of FoxPointe SolutionsCommentary
A vCISO can align a company's information security program to business strategy and budgeting guidance to senior management.
By John Roman President and COO of FoxPointe Solutions, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
2020 Cybersecurity Holiday Gift Guide for Kids
Ericka Chickowski, Contributing Writer
Grab some wrapping paper: These STEM toys and games are sure to spark creativity and hone coding and logic skills among a future generation of cybersecurity pros.
By Ericka Chickowski Contributing Writer, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Akshay Bhargava, Chief Product Officer at MalwarebytesCommentary
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
By Akshay Bhargava Chief Product Officer at Malwarebytes, 11/27/2020
Comment0 comments  |  Read  |  Post a Comment
Why Security Awareness Training Should Be Backed by Security by Design
Ericka Chickowski, Contributing WriterNews
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
By Ericka Chickowski Contributing Writer, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing WriterNews
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
By Robert Lemos Contributing Writer, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
10 Undergraduate Security Degree Programs to Explore
Kelly Sheridan, Staff Editor, Dark Reading
Colleges and universities are ramping up cybersecurity education with a wider range of degree programs and more resources for students to build their infosec careers.
By Kelly Sheridan Staff Editor, Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
2021 Cybersecurity Spending: How to Maximize Value
Gidi Cohen, Chief Executive Officer & Founder, Skybox SecurityCommentary
This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.
By Gidi Cohen Chief Executive Officer & Founder, Skybox Security, 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter Taps Mudge
Dark Reading Staff, Quick Hits
Noted security researcher Peiter Zatko joins the social network as head of security.
By Dark Reading Staff , 11/16/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3331
PUBLISHED: 2021-01-27
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
CVE-2021-3326
PUBLISHED: 2021-01-27
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2021-22641
PUBLISHED: 2021-01-27
A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-22653
PUBLISHED: 2021-01-27
Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
CVE-2021-22655
PUBLISHED: 2021-01-27
Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).