News & Commentary
3 Pillars of Cyberthreat Intelligence
Martin Dion, VP EMEA Services, Kudelski SecurityCommentary
Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals.
By Martin Dion VP EMEA Services, Kudelski Security, 11/22/2017
Comment0 comments  |  Read  |  Post a Comment
Time to Pull an Uber and Disclose your Data Breach Now
Joseph Carson, Chief Security Scientist, ThycoticCommentary
There is never a good time to reveal a cyber attack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
By Joseph Carson Chief Security Scientist, Thycotic, 11/22/2017
Comment0 comments  |  Read  |  Post a Comment
Uber Paid Hackers $100K to Conceal 2016 Data Breach
Kelly Sheridan, Associate Editor, Dark ReadingNews
The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts.
By Kelly Sheridan Associate Editor, Dark Reading, 11/22/2017
Comment0 comments  |  Read  |  Post a Comment
3 Ways to Retain Security Operations Staff
Oliver Rochford, Vice President of Security Evangelism at DFLabsCommentary
Finding skilled security analysts is hard enough. Once you do, you'll need to fight to keep them working for you. These tips can help.
By Oliver Rochford Vice President of Security Evangelism at DFLabs, 11/20/2017
Comment2 comments  |  Read  |  Post a Comment
Death of the Tier 1 SOC Analyst
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Say goodbye to the entry-level security operations center (SOC) analyst as we know it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/16/2017
Comment1 Comment  |  Read  |  Post a Comment
Who Am I? Best Practices for Next-Gen Authentication
Seth Ruden, Senior Fraud Consultant, ACI WorldwideCommentary
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.
By Seth Ruden Senior Fraud Consultant, ACI Worldwide, 11/15/2017
Comment0 comments  |  Read  |  Post a Comment
Deception Technology: Prevention Reimagined
Ofer Israeli, CEO & Founder, Illusive NetworksCommentary
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
By Ofer Israeli CEO & Founder, Illusive Networks, 11/15/2017
Comment1 Comment  |  Read  |  Post a Comment
What the NFL Teaches Us about Fostering a Champion Security Team
Richard Henderson, Global Security Strategist, AbsoluteCommentary
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
By Richard Henderson Global Security Strategist, Absolute, 11/14/2017
Comment1 Comment  |  Read  |  Post a Comment
Why Common Sense Is Not so Common in Security: 20 Answers
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Or, questions vendors need to ask themselves before they write a single word of marketing material.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 11/10/2017
Comment0 comments  |  Read  |  Post a Comment
Hypervisors: Now a Tool to Protect against Security Blind Spots
Shaun Donaldson, Director of Strategic Alliances, Bitdefender EnterpriseCommentary
By facilitating live introspection of virtual machine memory, the Xen Project is striving to eliminate stealthy attack techniques like EternalBlue.
By Shaun Donaldson Director of Strategic Alliances, Bitdefender Enterprise, 11/9/2017
Comment0 comments  |  Read  |  Post a Comment
Siemens Teams Up with Tenable
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
ICS/SCADA vendor further extends its managed security services for critical infrastructure networks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/8/2017
Comment0 comments  |  Read  |  Post a Comment
The IoT Blindspot
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Confusion over whether IT staff or line of business professions are responsible for IoT management and security plays big role in a lack of visibility into those devices.
By Dawn Kawamoto Associate Editor, Dark Reading, 11/8/2017
Comment0 comments  |  Read  |  Post a Comment
Inhospitable: Hospitality & Dinings Worst Breaches in 2017
Ericka Chickowski, Contributing Writer, Dark Reading
Hotels and restaurants are in the criminal crosshairs this year.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/8/2017
Comment0 comments  |  Read  |  Post a Comment
How Law Firms Can Make Information Security a Higher Priority
Tom Cross, Chief Technology Officer of OPAQ NetworksCommentary
Lawyers always have been responsible for protecting their clients' information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.
By Tom Cross Chief Technology Officer of OPAQ Networks, 11/8/2017
Comment1 Comment  |  Read  |  Post a Comment
Hiring Outside the Box in Cybersecurity
Roselle Safran, President, Rosint LabsCommentary
Candidates without years of experience can still be great hires, as long as they are ready, willing, and able.
By Roselle Safran President, Rosint Labs, 11/7/2017
Comment1 Comment  |  Read  |  Post a Comment
How I Infiltrated a Fortune 500 Company with Social Engineering
Joe Gray, Enterprise Security Consultant at Sword & Shield  Enterprise SecurityCommentary
Getting into the company proved surprisingly easy during a contest. Find out how to make your company better prepared for real-world attacks.
By Joe Gray Enterprise Security Consultant at Sword & Shield Enterprise Security, 11/7/2017
Comment0 comments  |  Read  |  Post a Comment
When Ransomware Strikes: 7 Steps You Can Take Now to Prepare
Patrick Hill, Atlassian SRE Solutions LeadCommentary
Ransomware is still on the rise. These operational tips can help lessen the blow if you're hit.
By Patrick Hill Atlassian SRE Solutions Lead, 11/6/2017
Comment1 Comment  |  Read  |  Post a Comment
Russian Election-Tampering & Enterprise Security Plans
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Take our new flash poll and tells us if the current political climate is making you rethink disaster recovery and business continuity planning.
By Marilyn Cohodas Community Editor, Dark Reading, 11/3/2017
Comment0 comments  |  Read  |  Post a Comment
10 Mistakes End Users Make That Drive Security Managers Crazy
Steve Zurier, Freelance Writer
Here's a list of common, inadvertent missteps end users make that can expose company data.
By Steve Zurier Freelance Writer, 11/2/2017
Comment1 Comment  |  Read  |  Post a Comment
Who Says Brilliant Security Engineers Can't Be Amazing People Managers?
Lysa Myers, Security Researcher, ESETCommentary
Don't let midcareer stagnation be an exit ramp from the cybersecurity industry. Use it as an opportunity to explore and to deepen your enthusiasm.
By Lysa Myers Security Researcher, ESET, 10/31/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by allhealthpost
Current Conversations great post to read
In reply to: reply
Post Your Own Reply
More Conversations
PR Newswire
3 Ways to Retain Security Operations Staff
Oliver Rochford, Vice President of Security Evangelism at DFLabs,  11/20/2017
A Call for Greater Regulation of Digital Currencies
Kelly Sheridan, Associate Editor, Dark Reading,  11/21/2017
New OWASP Top 10 List Includes Three New Web Vulns
Jai Vijayan, Freelance writer,  11/21/2017
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.