Lets Get Smarter About Security By Working Together
Rick McElroy, Security Strategist, Carbon BlackCommentary
We all need help, and only by working together can we move the needle on security.
By Rick McElroy Security Strategist, Carbon Black, 9/13/2016
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Self-Esteem: 4 Things Confident Teams Are Doing
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
By increasing our cybersecurity self-esteem, we can truly make a difference in raising our collective cybersecurity resiliency.
By Ben Johnson Co-founder and CTO, Obsidian Security, 8/31/2016
Comment0 comments  |  Read  |  Post a Comment
How the Adoption of EDR Transforms a SOCs Effectiveness
John Markott, Director of Product Management, Carbon BlackCommentary
Endpoint detection response is helping take the headache out of responding to threats by providing visibility where most organizations are blind.
By John Markott Director of Product Management, Carbon Black, 8/2/2016
Comment0 comments  |  Read  |  Post a Comment
Saving The Security Operations Center With Endpoint Detection And Response
John Markott, Director of Product Management, Carbon BlackCommentary
EDR is the beginning of our return to control in the fight against cybercrime.
By John Markott Director of Product Management, Carbon Black, 7/11/2016
Comment1 Comment  |  Read  |  Post a Comment
Shifting The Economic Balance Of Cyberattacks
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
Our goal should be to simply make the cost of conducting a cyberattack so expensive that cybercriminals view attacking our organization as a bad return on investment.
By Ben Johnson Co-founder and CTO, Obsidian Security, 6/27/2016
Comment1 Comment  |  Read  |  Post a Comment
A Real World Analogy For Patterns of Attack
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
Patterns reveal exponentially more relevant information about attempted malfeasance than singular indicators of an attack ever could.
By Ben Johnson Co-founder and CTO, Obsidian Security, 6/20/2016
Comment0 comments  |  Read  |  Post a Comment
Patterns Of Attack Offer Exponentially More Insight Than Indicators
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
In the cyberworld, patterns of attack provide investigators with context and the precise sequence of events as a cybercrime unfolds.
By Ben Johnson Co-founder and CTO, Obsidian Security, 6/13/2016
Comment1 Comment  |  Read  |  Post a Comment
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3965
PUBLISHED: 2019-03-23
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function.
CVE-2016-10743
PUBLISHED: 2019-03-23
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
CVE-2019-9947
PUBLISHED: 2019-03-23
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) follo...
CVE-2019-9948
PUBLISHED: 2019-03-23
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
CVE-2019-9945
PUBLISHED: 2019-03-23
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user...