Careers & People

News & Commentary
Security Lessons from My Game Closet
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 3/22/2019
Comment0 comments  |  Read  |  Post a Comment
The Insider Threat: It's More Common Than You Think
Raj Ananthanpillai, Chairman & CEO, EnderaCommentary
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDLCommentary
A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
By Alex Haynes Chief Information Security Officer, CDL, 3/19/2019
Comment3 comments  |  Read  |  Post a Comment
Could Beto O'Rourke Become the First Hacker President?
Dark Reading Staff, Quick Hits
New report details the Democratic candidate's time as a member of Cult of the Dead Cow.
By Dark Reading Staff , 3/15/2019
Comment2 comments  |  Read  |  Post a Comment
Autism, Cybercrime, and Security's Skill Struggle
Kelly Sheridan, Staff Editor, Dark ReadingNews
People on the autism spectrum often possess traits that could help them succeed in cybersecurity providing they don't fall into cybercrime first.
By Kelly Sheridan Staff Editor, Dark Reading, 3/13/2019
Comment0 comments  |  Read  |  Post a Comment
The Case for Transparency in End-User License Agreements
Lysa Myers, Security Researcher, ESETCommentary
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
By Lysa Myers Security Researcher, ESET, 3/13/2019
Comment0 comments  |  Read  |  Post a Comment
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Meanwhile, organizations are looking at unconventional ways to staff up and train their workforce as technical expertise gets even harder to find.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/12/2019
Comment6 comments  |  Read  |  Post a Comment
3 Places Security Teams Are Wasting Time
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Dark Reading caught up with RSA Security president Rohit Ghai at the RSA Conference to discuss critical areas where CISOs and their teams are spinning their wheels.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/11/2019
Comment0 comments  |  Read  |  Post a Comment
IT Security Administrators Aren't Invincible
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
IT security administrators and their teams are responsible for evaluating an organization's security tools and technologies, but are they armed with the proper tools, considerations, and budget to do so? Fourth in a six-part series.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 3/11/2019
Comment0 comments  |  Read  |  Post a Comment
Tina Fey, RSAC, and Parallels Between Improv and Cyber
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
This year's RSA Conference concluded with actress Tina Fey and program chair Hugh Thompson chatting about team building, diversity, and improv.
By Kelly Sheridan Staff Editor, Dark Reading, 3/8/2019
Comment1 Comment  |  Read  |  Post a Comment
4 Ways At-Work Apps Are Vulnerable to Attack
Yoram Salinger, CEO of Perception PointCommentary
Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.
By Yoram Salinger CEO of Perception Point, 3/7/2019
Comment3 comments  |  Read  |  Post a Comment
To Improve Security, We Must Focus on Its People
Kelly Sheridan, Staff Editor, Dark ReadingNews
New technology can help cybersecurity bridge the talent gap, but tech won't do much without people to operate it.
By Kelly Sheridan Staff Editor, Dark Reading, 3/6/2019
Comment1 Comment  |  Read  |  Post a Comment
Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage
Sara Peters, Senior Editor at Dark ReadingNews
Neither machines nor humans might be entirely trustworthy, but the cooperation of the two might be the answer to issues of misinformation, deep fake videos, and other issues of trust, say security leaders.
By Sara Peters Senior Editor at Dark Reading, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Fixing Fragmentation Can Yield Tangible Benefits
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Consolidating technology and breaking down functional silos can bring solid financial results, a new study finds.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/4/2019
Comment0 comments  |  Read  |  Post a Comment
Here's What Happened When a SOC Embraced Automation
Heather Hixon,  Senior Solutions Architect, DFLabsCommentary
Despite initial apprehension, security engineers and analysts immediately began to notice a variety of benefits.
By Heather Hixon Senior Solutions Architect, DFLabs, 3/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Experts, Not Users, Are the Weakest Link
Ira Winkler, CISSP, President, Secure MentemCommentary
CISOs: Stop abdicating responsibility for problems with users it's part of your job.
By Ira Winkler CISSP, President, Secure Mentem, 3/1/2019
Comment11 comments  |  Read  |  Post a Comment
Solving Security: Repetition or Redundancy?
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 2/28/2019
Comment1 Comment  |  Read  |  Post a Comment
Your Employees Want to Learn. How Should You Teach Them?
Kelly Sheridan, Staff Editor, Dark Reading
Security practitioners are most likely to stay at organizations that offer career development. Here are eight tips to consider as you plan your course of action.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2019
Comment0 comments  |  Read  |  Post a Comment
Secure the System, Help the User
John Carbo, Director of Information Security at Abacus GroupCommentary
The enterprise must do its part in deploying and maintaining secure systems so that end users stand a chance against attackers.
By John Carbo Director of Information Security at Abacus Group, 2/25/2019
Comment0 comments  |  Read  |  Post a Comment
To Mitigate Advanced Threats, Put People Ahead of Tech
Brandon Levene, Head of Applied Intelligence, ChronicleCommentary
Preventative technologies are only part of the picture and often come at the expense of the humans behind them.
By Brandon Levene Head of Applied Intelligence, Chronicle, 2/22/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10016
PUBLISHED: 2019-03-25
GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.
CVE-2019-10018
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
CVE-2019-10019
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
CVE-2019-10020
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
CVE-2019-10021
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.