Operations
News & Commentary
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Shimrit Tzur-David, CTO & Co-founder, Secret Double OctopusCommentary
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
By Shimrit Tzur-David CTO & Co-founder, Secret Double Octopus, 9/19/2017
Comment0 comments  |  Read  |  Post a Comment
Security Orchestration & Automation: Parsing the Options
Dario Forte, CEO, DFLabsCommentary
Once you head down the path of orchestration, security teams will need to decide how much automation they are ready for. Here's how.
By Dario Forte CEO, DFLabs, 9/15/2017
Comment1 Comment  |  Read  |  Post a Comment
A New Model for 'Mathematically Provable Security'
Tim Wilson, Editor in Chief, Dark Reading, CommentaryVideo
Winn Schwartau, CEO of The Security Awareness Company, says we all know the old model of security is broken and it's time for a new one.
By Tim Wilson, Editor in Chief, Dark Reading , 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
Cloud Security's Shared Responsibility Is Foggy
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
By Ben Johnson Co-founder and CTO, Obsidian Security, 9/14/2017
Comment3 comments  |  Read  |  Post a Comment
5 Problems That Keep CISOs Awake at Night
Joshua Douglas, Chief Strategy Officer, RaytheonCommentary
The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.
By Joshua Douglas Chief Strategy Officer, Raytheon, 9/13/2017
Comment0 comments  |  Read  |  Post a Comment
20 Questions to Help Achieve Security Program Goals
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 9/13/2017
Comment0 comments  |  Read  |  Post a Comment
How to Use Purple Teaming for Smarter SOCs
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Justin Harvey explains why the standard blue team vs. red team can be improved upon, and provides tips on doing purple teaming right.
By Sara Peters Senior Editor at Dark Reading, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
Sandbox-Aware Malware Foreshadows Potential Attacks
Paul Shomo,  Senior Technical Manager, Strategic Partnerships, Guidance SoftwareCommentary
For the continuous monitoring industry to remain relevant, it needs to match the vigor of sandbox vendors against targeted subversion.
By Paul Shomo Senior Technical Manager, Strategic Partnerships, Guidance Software, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
CIO or C-Suite: To Whom Should the CISO Report?
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
Five reasons why the chief information security officer needs to get out from under the control of IT.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
Workplace IoT Puts Companies on Notice for Smarter Security
Robert Clyde, CISM, Vice-Chair of ISACA Board of Directors, Executive Chair of White Cloud Security and Executive Advisor to BullGuard SoftwareCommentary
Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.
By Robert Clyde CISM, Vice-Chair of ISACA Board of Directors, Executive Chair of White Cloud Security and Executive Advisor to BullGuard Software, 9/6/2017
Comment0 comments  |  Read  |  Post a Comment
To Improve Diversity, 'Have the Uncomfortable Conversations'
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Jules Okafor of Fortress Information Security explains that diversity efforts cannot shy away from discussions of racism and sexism.
By Sara Peters Senior Editor at Dark Reading, 9/5/2017
Comment0 comments  |  Read  |  Post a Comment
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Kaelyn Lowmaster, Principal Analyst at One World IdentityCommentary
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
By Kaelyn Lowmaster Principal Analyst at One World Identity, 8/31/2017
Comment0 comments  |  Read  |  Post a Comment
Hacking the Security Job Application Process
Drew Fearson, CEO, NinjaJobsCommentary
Simple advice to help job seekers dig out of the black hole of recruiter and employer hiring portals.
By Drew Fearson CEO, NinjaJobs, 8/30/2017
Comment1 Comment  |  Read  |  Post a Comment
How Hackers Hide Their Malware: Advanced Obfuscation
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
Hackers continue to develop new ways to break into systems. Here are three of them, along with ways to fight back.
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 8/30/2017
Comment0 comments  |  Read  |  Post a Comment
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
Once you've got a lake full of data, it's essential that your analysis isn't left stranded on the shore.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 8/29/2017
Comment0 comments  |  Read  |  Post a Comment
New York's Historic FinSec Regulation Covers DDoS, Not Just Data
Sara Peters, Senior Editor at Dark ReadingNews
Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.
By Sara Peters Senior Editor at Dark Reading, 8/28/2017
Comment1 Comment  |  Read  |  Post a Comment
A Call for New Voices on the Security Conference Circuit
Lysa Myers, Security Researcher, ESETCommentary
If the mere idea of talking in public makes you want to hide in a bathroom stall with a stuffed bobcat, think again.
By Lysa Myers Security Researcher, ESET, 8/25/2017
Comment4 comments  |  Read  |  Post a Comment
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Orion Cassetto, Senior Product Maester, ExabeamCommentary
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
By Orion Cassetto Senior Product Maester, Exabeam, 8/24/2017
Comment13 comments  |  Read  |  Post a Comment
The Changing Face & Reach of Bug Bounties
Vincent Liu, Partner, Bishop FoxCommentary
HackerOne CEO Mrten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
By Vincent Liu Partner, Bishop Fox, 8/23/2017
Comment1 Comment  |  Read  |  Post a Comment
Dino Dai Zovi Dives Into Container Security, SecDevOps
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
By Sara Peters Senior Editor at Dark Reading, 8/23/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Cloud Security's Shared Responsibility Is Foggy
Ben Johnson, Co-founder and CTO, Obsidian Security,  9/14/2017
To Be Ready for the Security Future, Pay Attention to the Security Past
Liz Maida, Co-founder, CEO & CTO, Uplevel Security,  9/18/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Dark Reading Security Spending Survey
The Dark Reading Security Spending Survey
Enterprises are spending an unprecedented amount of money on IT security where does it all go? In this survey, Dark Reading polled senior IT management on security budgets and spending plans, and their priorities for the coming year. Download the report and find out what they had to say.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.