Breach Defense Playbook: Cybersecurity Governance
Ryan Vela  , Regional Director, Fidelis CybersecurityCommentary
Time to leave the island: Integrate cybersecurity into your risk management strategy.
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/25/2015
Comment1 Comment  |  Read  |  Post a Comment
Breach Defense Playbook: Incident Response Readiness (Part 2)
Ryan Vela  , Regional Director, Fidelis CybersecurityCommentary
Will your incident response plan work when a real-world situation occurs?
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
Breach Defense Playbook: Incident Response Readiness (Part 1)
Ryan Vela  , Regional Director, Fidelis CybersecurityCommentary
Will your incident response plan work when a real-world situation occurs?
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/23/2015
Comment0 comments  |  Read  |  Post a Comment
Breach Defense Playbook: Open Source Intelligence
Ryan Vela  , Regional Director, Fidelis CybersecurityCommentary
Do you know what information out there is putting you at risk?
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/22/2015
Comment0 comments  |  Read  |  Post a Comment
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 2)
Ryan Vela  , Regional Director, Fidelis CybersecurityCommentary
Cybersecurity requires a combination of people, process, and technology in a coordinated implementation leveraging a defense-in-depth methodology.
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/18/2015
Comment0 comments  |  Read  |  Post a Comment
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 1)
Ryan Vela  , Regional Director, Fidelis CybersecurityCommentary
How does your cybersecurity program compare to your industry peers?
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/17/2015
Comment0 comments  |  Read  |  Post a Comment
Breach Defense Playbook: Hunting For Breach Indicators
Ryan Vela  , Regional Director, Fidelis CybersecurityCommentary
Do you proactively hunt for malware on your network, or do you wait for your tools to tell you?
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/11/2015
Comment0 comments  |  Read  |  Post a Comment
Breach Defense Playbook: Assessing Your Security Controls
Ryan Vela  , Regional Director, Fidelis CybersecurityCommentary
Do you include physical security as part of your cybersecurity risk management plan?
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/10/2015
Comment0 comments  |  Read  |  Post a Comment
Breach Defense Playbook: Assessing Your Cybersecurity Engineering
Ryan Vela  , Regional Director, Fidelis CybersecurityCommentary
Is your cybersecurity infrastructure robust enough to defend against future attacks?
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/9/2015
Comment0 comments  |  Read  |  Post a Comment
Drinking from the Malware Fire Hose
John Bambenek , Senior Threat Researcher, Fidelis CybersecurityCommentary
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them.
By John Bambenek Senior Threat Researcher, Fidelis Cybersecurity, 5/15/2015
Comment0 comments  |  Read  |  Post a Comment
Third-Party Risk and Organizational Situational Awareness
Emilio Iasiello, Senior Cyber Intelligence Analyst, Fidelis CybersecurityCommentary
A rigorous risk management approach will help organizations understand the potential risks posed by their partners.
By Emilio Iasiello Senior Cyber Intelligence Analyst, Fidelis Cybersecurity, 4/27/2015
Comment0 comments  |  Read  |  Post a Comment
The Rise of Counterintelligence in Malware Investigations
John Bambenek , Senior Threat Researcher, Fidelis CybersecurityCommentary
The key to operationalizing cybersecurity threat intelligence rests in the critical thinking that establishes that a given indicator is, in fact, malicious.
By John Bambenek Senior Threat Researcher, Fidelis Cybersecurity, 4/22/2015
Comment1 Comment  |  Read  |  Post a Comment
Breach Defense Playbook
Ryan Vela  , Regional Director, Fidelis CybersecurityCommentary
How to be smart about defending against your next attack.
By Ryan Vela Regional Director, Fidelis Cybersecurity, 4/16/2015
Comment0 comments  |  Read  |  Post a Comment
Threat Intelligence Is a Two-Way Street
Emilio Iasiello, Senior Cyber Intelligence Analyst, Fidelis CybersecurityCommentary
Intelligence analysis should be looked upon as less of a service and more of a partnership.
By Emilio Iasiello Senior Cyber Intelligence Analyst, Fidelis Cybersecurity, 4/14/2015
Comment0 comments  |  Read  |  Post a Comment
Principles of Malware Sinkholing
John Bambenek , Senior Threat Researcher, Fidelis CybersecurityCommentary
The process of sinkholing is an important tool to have in your arsenal when dealing with emerging threats.
By John Bambenek Senior Threat Researcher, Fidelis Cybersecurity, 4/6/2015
Comment0 comments  |  Read  |  Post a Comment
Application of Threat Indicators: A Temporal View
Hardik Modi , Director of Threat Research, Fidelis CybersecurityCommentary
Better outcomes will be achieved when were applying temporal considerations to threat indicators.
By Hardik Modi Director of Threat Research, Fidelis Cybersecurity, 4/1/2015
Comment1 Comment  |  Read  |  Post a Comment
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  6/11/2018
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Fidelis Cybersecurity provides organizations with a robust, comprehensive portfolio of products, services, and expertise to combat today's sophisticated advanced threats and prevent data breaches. Our commercial enterprise and government customers around the globe can face advanced threats with confidence through use of our Network Defense and Forensics Services – delivered by an elite team of security professionals with decades of hands-on experience – and our award-winning Fidelis XPS™ Advanced Threat Defense Products, which provide visibility and control over the entire threat life cycle.
Featured Writers
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12026
PUBLISHED: 2018-06-17
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in tur...
CVE-2018-12027
PUBLISHED: 2018-06-17
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said ...
CVE-2018-12028
PUBLISHED: 2018-06-17
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an e...
CVE-2018-12029
PUBLISHED: 2018-06-17
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12071
PUBLISHED: 2018-06-17
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.