Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Newest First  |  Oldest First  |  Threaded View
mrmarks001
50%
50%
mrmarks001,
User Rank: Apprentice
4/17/2019 | 12:57:43 PM
Additional books I recommend
  • @War by Shane Harris
  • The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age by David E. Sanger
  • Messing with the enemy
  • Kingpin
  • Zero Day
  • Ghost in the Wires
  • The Art of * series by Kevin Mitnick

 

cbear42
100%
0%
cbear42,
User Rank: Strategist
12/13/2018 | 12:39:57 PM
Another Great Cybersecurity Books Resource
The Cybersecurity Canon of Books is maintained by Palo Alto Networks with this goal:

"To identify a list of must-read books for all cybersecurity practitioners – be they from industry, government or academia — where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional's education that will make the practitioner incomplete.

Some great reads and Palo Alto takes it all quite seriously. The have an entire committee set up to review the books, and anyone can submit a book for their review and possible inclusion.

cybercanon.paloaltonetworks.com

 
enhayden1321
50%
50%
enhayden1321,
User Rank: Author
12/13/2018 | 12:16:20 AM
One More Book Suggestion
One more book to add to this collection is THE VICTORIAN INTERNET.
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
12/12/2018 | 11:35:18 PM
Re: Great picks
I'm sure I recommended The Cuckoo's Egg here before. 

One compelling aspect of the story is that it took place when events transpired over longer time periods - one closer to our human experience.  Stoll was able to follow the attacker's activities in real time, as most progressed no faster than a person can type.  
SimonB1262125
50%
50%
SimonB1262125,
User Rank: Apprentice
12/12/2018 | 4:16:38 PM
Good list
Obviously everyones version will be slightly different but personally I would have to have Mitnick's Art of Deception. Read it many uears ago, around the same time as Cuckoos Egg, and totally blew me away as I was fairly new to the industry at the time and never come across social engineering before.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
12/12/2018 | 3:14:39 PM
Great picks
The Cuckoo's Egg is a wonderful if terrifying book - if only for the complacency so many military sites and sys admins felt about their passwords, user accounts and walls.  Incredible and fun read but full of lessons that still apply. 


Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9417
PUBLISHED: 2020-10-20
The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction...
CVE-2020-15264
PUBLISHED: 2020-10-20
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking ...
CVE-2020-15269
PUBLISHED: 2020-10-20
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.
CVE-2019-9080
PUBLISHED: 2020-10-20
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
CVE-2020-15931
PUBLISHED: 2020-10-20
Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a ...